Internet Protocol Security, or IPSec is a framework that helps us to protect IP traffic on the network layer. IPv4 itself doesn’t have any security features at all so IPSec is used to protect traffic with the following features:

  • Confidentiality: by encrypting our data, nobody except the sender and receiver will be able to read our data.
  • Integrity: we want to make sure that nobody changes the data in our packets. By calculating a hash value, the sender and receiver will be able to check if changes have been made to the packet.
  • Authentication: the sender and receiver will authenticate each other to make sure that we are really talking with the device we intend to.
    • Anti-replay: even if a packet is encrypted and authenticated, an attacker could try to capture these packets and send them again. By using sequence numbers, IPSec will not transmit any duplicate packets.

IPv6 has IPSec incorporated into its operation, which means that communication between two IPv6 endpoints can be either authenticated, encrypted, or both via extension headers.