|
|
|
Internet Protocol Security - IPSec – RFC 2401 |
|
|
Encapsulates an IP packet in a new packet |
|
|
|
Operates in network-to-network (Tunnel) or host-to-host mode (Transport) |
|
|
|
Authentication Header (AH) provides connectionless integrity, data origin authentication, and an optional anti-replay service. |
|
|
|
Encapsulating Security Payload (ESP) may provide confidentiality (encryption), and limited traffic flow confidentiality. |
|
|
|
Excellent as a fixed wire replacement, usually using ESP in Tunnel mode |
|
|
|
Suitable for securing WiFi using AH in Transport mode |
|
|
|
Not so good for telecommuters (host to network) |
