Glossary

Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec), provides integrity or confidentiality services at the network layer, and is the most common basis for VPN implementations today. All data protection is performed using symmetric-key cryptography. Establishment of the session keys for data protection is also defined by IPSec, and may use both symmetric and asymmetric-key cryptography.

While IPSec provides data protection, it does not provide the key management infrastructure necessary for a large number of IPSec systems to authenticate and establish the session keys needed for data protection. As a network layer protection service, IPSec is targeted primarily at machine-to-machine security. Authentication of individuals and applications is outside the scope of IPSec. It depends entirely on the key management infrastructure used and the integration of that key management infrastructure with the IPSec implementation.