Advantages of IPsec | disadvantages of IPsec
This page covers advantages and disadvantages of IPsec. It mentions IPsec advantages or benefits and IPsec disadvantages or drawbacks. It also describes IPsec basics.
What is IPsec?
Introduction:
• The IPsec is used in VPN (Virtual Private Network) which provides
private secured connection between client and server over public internet.
• There are different tunneling protocols at layer-2 and layer-3 which
provide secured connection. IPsec operates at layer-3 i.e. network layer.
• The RFC 4301 defines IPsec architecture as depicted in the figure-1.
• IPsec protocol provides security services for the traffic at IP layer
which protects IP as well as upper layer from any hacking.
• There are two modes in IPsec viz. tunnel mode and transport mode.
• In tunnel mode, entire IP packet is encrypted first. This becomes data
part for the new and large size IP packet. It is used in IPsec site to site topology of VPN
network.
• In transport mode, IPsec header is inserted into original IP packet.
No new packet is created here. It is used in remote access VPN topology type.
The figure-2 depicts IPsec packet formats. Refer IPsec basics >>.
As we know normal IP packets do not have any inherent security.
Moreover there is no way to verify following drawbacks or problems.
1. The claimed sender is the true one.
2. The data has not been modified during transit.
3. The data has not been viewed by third party.
Benefits or advantages of IPsec
Following are the benefits or advantages of IPsec:
➨The first drawback is overcome by authentication. Use of signatures and certificates
help in this regard.
➨The second drawback is overcome by integrity. Use of checksum calculated by
routers at each end of tunnel or hash value of data to be transported help in this regard.
➨The third drawback is overcome by confidentiality. This is achieved by encryption of
data. This is done by key management and other IPsec protocols.
➨IPsec provides security without any modifications to user computers.
➨It can work independent of applications. All the application data
are routed with IP which makes them IPsec compatible.
➨With the help of IP layer, IPsec can be applied to networks of all the
sizes from LAN to WAN.
➨As IPsec functions at very low network level,
its performance will not be affected by users/applications/protocols.
➨IPsec allows per flow or per connection based security.
Hence it allows very fine grained security control.
➨As mentioned it provides seamless security to application and transport layers (ULPs).
Drawbacks or disadvantages of IPsec
Following are the disadvantages of IPsec:
➨For small size packet transmission performance of the network
diminishes due to large overhead used by IPsec.
➨IPsec is complex due to more number of features/options.
Higher complexity leads to increase in probability of weakness/hole in the
protocol. Example: IPsec is weak against replay attack or playback attack.
In this network attack, valid data transmission is fraudulently repeated or delayed.
➨The IPsec defeats the purpose of firewall device.
This is due to the fact that firewall is based on pre-configured rules which is
encrypted by IPsec. This is overcome by using firewall along with IPsec gateway. This decrypts the
encypted firewall data.
➨It is more difficult to implement to individual users on multi-user machine.
➨Other drawbacks are policy management, local policy configuration, supportability,
incresed performance requirement etc.
Advantages and Disadvantages of other wireless technologies
Networking Links
• Circuit Switching vs Packet switching • Packet Switching vs Message switching • What is an IP address • What is MAC Address • Basics of OSI and TCP-IP Layers • What is Hub • What is Switch • What is Bridge • What is Router • What is Gateway • Firewall basics • TCP-IP Packet format • ARP Protocol format
What is Difference between
FTP vs HTTP FTP vs SMTP FTP vs TFTP hub Vs. switch TCP vs UDP