Components of IP security :
Encapsulating Security Payload (ESP):
- What it does: Protects your data during communication.
- How it does it: Ensures data integrity, encrypts your information, provides authentication, and guards against replay attacks (someone trying to resend old messages).
Authentication Header (AH):
- What it does: Adds a layer of security to your data.
- How it does it: Ensures data integrity, provides authentication, and guards against replay attacks. However, it doesn’t encrypt the data, so it’s like sending a letter in a secure envelope without hiding the contents.
Internet Key Exchange (IKE):
- What it does: Helps devices agree on how to keep your communication secure.
- How it does it: Dynamically exchanges encryption keys and establishes a set of security rules (Security Association) between two devices. Think of it like sharing secret codes between friends to ensure that only they can understand each other.
- Additional details:
- ISAKMP (Internet Security Association and Key Management Protocol): Provides a framework for authentication and key exchange, ensuring that the shared security rules are set up properly.
- Direct connections: Specifies how two devices using IPsec can establish secure connections directly with each other.
- Message protection: Uses IKE to protect the content of the messages, making sure that the shared codes are not compromised during the key exchange process.