This page covers advantages and disadvantages of IPsec. It mentions IPsec advantages or benefits and IPsec disadvantages or drawbacks.It also describes IPsec basics.
What is IPsec?
Introduction:
•The IPsec is used in VPN (Virtual Private Network) which providesprivate secured connection between client and server over public internet.
•There are different tunneling protocols at layer-2 and layer-3 whichprovide secured connection. IPsec operates at layer-3 i.e. network layer.
•The RFC 4301 defines IPsec architecture as depicted in the figure-1.
•IPsec protocol provides security services for the traffic at IP layerwhich protects IP as well as upper layer from any hacking.
•There are two modes in IPsec viz. tunnel mode and transport mode.
•In tunnel mode, entire IP packet is encrypted first. This becomes datapart for the new and large size IP packet. It is used in IPsec site to site topology of VPNnetwork.
•In transport mode, IPsec header is inserted into original IP packet.No new packet is created here. It is used in remote access VPN topology type.
The figure-2 depicts IPsec packet formats.Refer IPsec basics >>.
As we know normal IP packets do not have any inherent security.Moreover there is no way to verify following drawbacks or problems.
1. The claimed sender is the true one.
2. The data has not been modified during transit.
3. The data has not been viewed by third party.
Benefits or advantages of IPsec
Following are the benefits or advantages of IPsec:
➨The first drawback is overcome by authentication. Use of signatures and certificateshelp in this regard.
➨The second drawback is overcome by integrity. Use of checksum calculated byrouters at each end of tunnel or hash value of data to be transported help in this regard.
➨The third drawback is overcome by confidentiality. This is achieved by encryption ofdata. This is done by key management and other IPsec protocols.
➨IPsec provides security without any modifications to user computers.
➨It can work independent of applications. All the application dataare routed with IP which makes them IPsec compatible.
➨With the help of IP layer, IPsec can be applied to networks of all thesizes from LAN to WAN.
➨As IPsec functions at very low network level,its performance will not be affected by users/applications/protocols.
➨IPsec allows per flow or per connection based security.Hence it allows very fine grained security control.
➨As mentioned it provides seamless security to application and transport layers (ULPs).
Drawbacks or disadvantages of IPsec
Following are the disadvantages of IPsec:
➨For small size packet transmission performance of the networkdiminishes due to large overhead used by IPsec.
➨IPsec is complex due to more number of features/options.Higher complexity leads to increase in probability of weakness/hole in theprotocol. Example: IPsec is weak against replay attack or playback attack.In this network attack, valid data transmission is fraudulently repeated or delayed.
➨The IPsec defeats the purpose of firewall device.This is due to the fact that firewall is based on pre-configured rules which isencrypted by IPsec. This is overcome by using firewall along with IPsec gateway. This decrypts theencypted firewall data.
➨It is more difficult to implement to individual users on multi-user machine.
➨Other drawbacks are policy management, local policy configuration, supportability,incresed performance requirement etc.
Advantages and Disadvantages of other wireless technologies
MEMS IrDA HomeRF Bluetooth Radar RF Wireless Internet Mobile Phone IoT Solar Energy Fiber Optic Microwave Satellite GPS RFID AM and FM LTE
Networking Links
•Circuit Switching vs Packet switching •Packet Switching vs Message switching •What is an IP address •What is MAC Address •Basics of OSI and TCP-IP Layers •What is Hub •What is Switch •What is Bridge •What is Router •What is Gateway •Firewall basics •TCP-IP Packet format •ARP Protocol format
What is Difference between
FTP vs HTTPFTP vs SMTPFTP vs TFTPhub Vs. switchTCP vs UDP
RF and Wireless Terminologies
SATELLITERFAntennaAvionicsWirelessLiFi vs WiFiMiFi vs WiFiBPSK vs QPSKBJT vs FETPDH vs SDHCS vs PSMS vs PS
ARTICLESTERMINOLOGIESTutorialsVENDORSIoTOnline calculatorssource codesAPP. NOTEST & M World Website