Advantages of IPsec | disadvantages of IPsec

This page covers advantages and disadvantages of IPsec. It mentions IPsec advantages or benefits and IPsec disadvantages or drawbacks. It also describes IPsec basics.

What is IPsec?

Introduction:
• The IPsec is used in VPN (Virtual Private Network) which provides private secured connection between client and server over public internet.
• There are different tunneling protocols at layer-2 and layer-3 which provide secured connection. IPsec operates at layer-3 i.e. network layer.
• The RFC 4301 defines IPsec architecture as depicted in the figure-1.
• IPsec protocol provides security services for the traffic at IP layer which protects IP as well as upper layer from any hacking.

IPSec Architecture

• There are two modes in IPsec viz. tunnel mode and transport mode.
• In tunnel mode, entire IP packet is encrypted first. This becomes data part for the new and large size IP packet. It is used in IPsec site to site topology of VPN network.
• In transport mode, IPsec header is inserted into original IP packet. No new packet is created here. It is used in remote access VPN topology type.

IPSec Transport mode vs IPSec Tunnel mode

The figure-2 depicts IPsec packet formats. Refer IPsec basics >>.

As we know normal IP packets do not have any inherent security. Moreover there is no way to verify following drawbacks or problems.
1. The claimed sender is the true one.
2. The data has not been modified during transit.
3. The data has not been viewed by third party.

Benefits or advantages of IPsec

Following are the benefits or advantages of IPsec:
➨The first drawback is overcome by authentication. Use of signatures and certificates help in this regard.
➨The second drawback is overcome by integrity. Use of checksum calculated by routers at each end of tunnel or hash value of data to be transported help in this regard.
➨The third drawback is overcome by confidentiality. This is achieved by encryption of data. This is done by key management and other IPsec protocols.
➨IPsec provides security without any modifications to user computers.
➨It can work independent of applications. All the application data are routed with IP which makes them IPsec compatible.
➨With the help of IP layer, IPsec can be applied to networks of all the sizes from LAN to WAN.
➨As IPsec functions at very low network level, its performance will not be affected by users/applications/protocols.
➨IPsec allows per flow or per connection based security. Hence it allows very fine grained security control.
➨As mentioned it provides seamless security to application and transport layers (ULPs).

Drawbacks or disadvantages of IPsec

Following are the disadvantages of IPsec:
➨For small size packet transmission performance of the network diminishes due to large overhead used by IPsec.
➨IPsec is complex due to more number of features/options. Higher complexity leads to increase in probability of weakness/hole in the protocol. Example: IPsec is weak against replay attack or playback attack. In this network attack, valid data transmission is fraudulently repeated or delayed.
➨The IPsec defeats the purpose of firewall device. This is due to the fact that firewall is based on pre-configured rules which is encrypted by IPsec. This is overcome by using firewall along with IPsec gateway. This decrypts the encypted firewall data.
➨It is more difficult to implement to individual users on multi-user machine.
➨Other drawbacks are policy management, local policy configuration, supportability, incresed performance requirement etc.



Advantages and Disadvantages of other wireless technologies

MEMS    IrDA    HomeRF    Bluetooth    Radar    RF    Wireless    Internet    Mobile Phone    IoT    Solar Energy    Fiber Optic    Microwave    Satellite    GPS    RFID    AM and FM    LTE   


Networking Links

• Circuit Switching vs Packet switching   • Packet Switching vs Message switching   • What is an IP address   • What is MAC Address   • Basics of OSI and TCP-IP Layers   • What is Hub   • What is Switch   • What is Bridge   • What is Router   • What is Gateway   • Firewall basics   • TCP-IP Packet format   • ARP Protocol format  

What is Difference between

FTP vs HTTP  FTP vs SMTP  FTP vs TFTP  hub Vs. switch  TCP vs UDP 

RF and Wireless Terminologies