IPSec , where is utilised

Hello !

I understand what and how does IPSec work's , but where it is used , besides VPN's , tuneling or secure transmision over LAN ?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

EdTheLad

!30 wrote:

Hello !

I understand what and how does IPSec work's , but where it is used , besides VPN's , tuneling or secure transmision over LAN ?

Thats like saying i know what a car is for but apart from driving,admiring and crashing what else can i do with it.

SRTMCSE

I think he's asking what are some of the more common uses for it. Personally I've used it for VPNs, but I'd love to use it for local LAN traffic, but unfortunately the banking software we use won't work with IPSec...well not that it won't work, I used it on a lab network, but the software company will not support problems on a IPSec secured network.

JDMurray

IPSec can be used on any IPv4 or IPv6 network link which needs message authentication, encryption, or both at layer 3. Of course, the network stacks at each end of the link must support IPSec. With wireless networking, IPSec is used to create layer 3 VPN tunnels. One day I hope the world-wide adoption of IPv6 and IPSec will be used to clamp-down on message authentication on the Internet to aid in stamping out spam, phishing, and worms.

Danman32

I doubt IPv6/IPSec would stamp those out, those are problems at the application/user level, not network level.

IPSec should be independent of the application (operates on layer 3 only) so the software company should have no problem supporting the software itself over IPSec. No different than saying the software will be run over a series of routers/networks. Now I would understand that they wouldn't support the IPSec issues themselves, but if you can show you have an end-end connection, then there's no reason the software shouldn't be supported. Of course if you had IPSec issues, you wouldn't be able to expect the software company to support fixing the IPSec. However, you shouldn't expect them to solve any router issues you have either.

JDMurray

The problem starts with identification of the networks where such problems originate from. This is a layer 3 issue. For a solution to work, however, IPv6/IPSec would need to be mandatory across the entire Internet. The last time a significant protocol was made mandatory on the Internet was TCP/IP back in 1984. We're due for an upgrade.

Danman32

Again, worms, phishing, and spams start with the user. The user sends his email address to someone he thought he could trust, and now receives mail, worms, and phishes from people who got his email address from those he thought he could trust, which is a social engineering problem. IPSec and IPV6 isn't going to help with that. Nor will it help if I decide to enter a website that has malicious code or was directed there by Google based on a valid search.

JDMurray

Danman32 wrote:

Again, worms, phishing, and spams start with the user.

I'm not trying to prevent people from freely using the Internet; I wish to swiftly and accurately identify those who misuse it. For me this starts at Layer 3.

Danman32

Ah, to have the ability to be reactive rather than proactive. That makes sense, since they can't easily hide their true identity.

Of course just as it can be done with the phone network, one could still use application layer proxies and the like to make them harder to trace.

JDMurray

Oh, I agree that abuse (and cyberterrorism) can never be fully eliminated, but its effects can be greatly reduced by quickly identifying and isolating the perpetrators.

All-Internet authentication is also a great deterrent. If you knew that there was a 95% chance you'd be shut down and identified before you could do any significant spamming, phishing, worming, etc., you'd think twice before doing it. The professional Internet abusers (spammers) will stop once the money-making aspects are eliminated. This will leave only the script kiddies to "TP the neighborhood Internet." I'm hoping that the ISPs will handle this small stuff.

Uh, what was this thread originally about?

Oh yeah, IPSec is only a tool, and by itself is not a real solution to any problem. But with other such tools, IPSec is an important component for insuring the confidentiality, integrity, and availability of information transported across a computer network.