Internet Protocol Security (IPsec)

Internet Protocol Security (IPsec) is a fairly new security protocol that can be used to encrypt all IP traffic as well as take part in authentication services and ensure data integrity of information sent across an IP network. One of the things that are so exciting about IPsec is that if you enable IPsec, by means of an IPsec policy, you will not need to configure different encryption methods for each type of application you run on the computer—all IP traffic is encrypted by IPsec once the IPsec policy is implemented. For example, because IPsec encrypts all traffic you do not need to configure a separate encryption technology for your web server, FTP server, and Telnet server. They all run on top of TCP/IP, so IPsec can be used to secure traffic presented by each application.

When you enable IPsec, you can use one of the default IPsec policies built-in. The IPsec policy is used to determine the type of traffic to be encrypted and the method to be used to encrypt the traffic. The three default IPsec policies are as follows:

·         Client (respond only) If asked to communicate securely, this system will respond by using IPsec, but it will never request or initiate secure communication.

·         Server (request security) When enabled, this system will request to use IPsec to secure traffic; if the remote system does not support IPsec, the system will communicate insecurely.

·         Secure Server (require security) This system will communicate with a remote system only if the remote system supports and uses IPsec.