IPsec (Internet Protocol Security), defined by the IETF as a framework of open standards to ensure private and protected communications over IP networks, through the use of cryptographic security services, is a set of protocols using algorithms for transporting secure data over an IP network. IPsec differs from previous security standards by not being limited to a single authentication or algorithm method and is why it is considered an open standards framework. In addition, IPsec operates at the network layer (layer 3 of the OSI model) unlike previous standards that operated at the application layer (layer 7 of the OSI model), which makes it application-independent, and means that users do not need to configure each application to IPsec standards.
Designed to work with IPv6, the IPsec protocol suite has been adapted for the current IPv4 protocol. Its purpose is to authenticate and encrypt the data: the flow can only be understood by the final recipient (confidentiality) and the modification of the data by intermediaries can not be possible (Integrity). IPsec is often a component of VPN, it is at the origin of its security aspect (secure channel or tunneling).
IPsec manages connections and can guarantee both encryption and data integrity on demand. To do this, it uses one of two modes: Transport mode establishes point-to-point communication between two endpoints, while tunnel mode connects two networks through two routers.
---
Cryptographers evaluated the IPsec protocol several times and found several points of criticism. In addition to the way it was created, the high complexity and thus susceptibility to errors is criticized. However, both also found that IPsec was the best way to secure the original IP at the time of their investigations.
