CIA Triad

IPSec

IPsec is a group of protocols that are used together to set up encrypted connections between devices. It helps keep data sent over public networks secure. IPsec is often used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from.

Within the term "IPsec," "IP" stands for "Internet Protocol" and "sec" for "secure." The Internet Protocol is the main routing protocol used on the Internet; it designates where data will go using IP addresses. IPsec is secure because it adds encryption* and authentication to this process.

*Encryption is the process of concealing information by mathematically altering data so that it appears random. In simpler terms, encryption is the use of a "secret code" that only authorized parties can interpret.

IPSec cloudflare article

IPSec Datagrams

Tunnel Mode

In Tunnel mode, everything is encapsulated in the IPsec datagram. So when the data is transmitted across something like the internet, the Layer 3 devices only use the IPsec header to route the packets until they get to their IPsec destination. This is used typically in site‑to‑site VPNs and remote access VPNs.

Transport Mode

In transport mode, all of the data is protected by the protocol suite; however, the original IP headers or not. The payload is protected here still, which is very beneficial and is more often used in peer‑to‑peer traffic scenarios, but can be used in others as well.

IPSec protocol suite

AH and ESP

AH Transport and Tunnel

AH Header

ESP Transport and Tunnel

ESP Header

Security Association - SA

Key Management

Cryptographic Algorithms

IPSec Components