IPSec Overview, History and Standards
(Page 1 of 3)
The best-known problem with the original Internet Protocol (IPv4) is the pending exhaustion of its address space. This situation arose due to the rapid expansion of the Internet beyond anyone's expectations when IPv4 was developed. This same mismatch between how the Internet was when IPv4 was created and how it is now has led to another major problem with IP: the lack of a definitive means of ensuring security on IP internetworks.
The security problem arose because 25 years ago, the Internet was tiny and relatively private. Today it is enormous and truly public. As the Internet has grown, the need for security has grown with it. Consider that TCP/IP and the early Internet precursors were developed as very small networks used by government researchers at the United States Defense Advanced Research Projects Agency (DARPA or ARPA). All the hardware was controlled by people who were well known and would generally have had security clearance. In such a network, you don't need to build security in to the protocolsyou build it into the building! It's easier to use locks and guards to ensure security than fancy encryption, when you can get away with it. After all, the easiest way to keep someone from snooping or tampering with data on the network is simply to deny them access to the hosts that connect to the network.
This worked fine at first when there were only a few dozen machines on the Internet. And even when the Internet first started to grow, it was used pretty much only to connect together researchers and other networking professionals. New sites were added to the network slowly at first, and at least someone knew the identity of each new site added to the growing internetwork. However, as the Internet continued to increase in size and eventually was opened to the public, maintaining security of the network as a whole became impossible. Today, the great unwashed masses are on the Internet. Many routersowned by who knows and administered by who knowsstand between you and most other devices you want to connect with. You cannot assume that the data you send or receive is secure.
A number of methods have evolved over the years to address the need for security. Most of these are focused at the higher layers of the OSI protocol stack, to compensate for IP's lack of security. These solutions are valuable for certain situations, but they can't be generalized easily because they are particular to various applications. For example, we can use Secure Sockets Layer (SSL) for certain applications like World Wide Web access or FTP, but there are dozens of applications that this type of security was never intended to work with.
What was really needed was a solution to allow security at the IP level so all higher-layer protocols in TCP/IP could take advantage of it. When the decision was made to develop a new version of IP (IPv6), this was the golden opportunity to resolve not just the addressing problems in the older IPv4, but the lack of security as well. New security technology was developed with IPv6 in mind, but since IPv6 has taken years to develop and roll out, and the need for security is now, the solution was designed to be usable for both IPv4 and IPv6.
The technology that brings secure communications to the Internet Protocol is called IP Security, commonly abbreviated IPSec (The capitalization of this abbreviation is variable, so IPsec and IPSEC are also seen. Though not IpSeC or IPseC, fortunately. J)
Home - Table Of Contents - Contact Us
The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005
© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.