What Is IPsec and How Does It Work?

What you should know about Internet Protocol Security

The IPSec Suite of Security Technologies Keeps You Safe on the Internet

Yuichiro Chino/Getty Images

The security standards that protect our activities on the Internet are technical and often confusing. We take for granted that they protect our browsing, purchases, or access to applications. In this article we'll explain how one of these, Internet Protocol Security (or IPSec), actually works to keep your information safe.

What Is IPsec?

Internet Protocol Security, or IPSec, is a collection of different security technologies grouped together to make your Internet activities safe. When something supports the IPSec protocol, whether it's software like your PC's operating system or a hardware device, it means you can easily set up a secure connection with other "clients" that support it as well. Basically, it means you should be able to just configure a username and password, and the rest should "just work."

IPSec uses two major components to secure your communications. The first, Authentication, is the process at the start of the connection to confirm you and the other party are who you claim to be. Once that's established, the second component, encryption, keeps the packets, or bundles of data, safe from prying eyes.

IPSec Components: Authentication Headers & Encapsulating Security Payload

The first major component of IPSec is its authentication, called Authentication Headers (AH). We usually think of authentication as a username and password used to log into a PC or website. This is a type of authentication, but in this case we're talking about making sure the data received is the same packets that were sent.

Part of the IPSec Protocol Authenticates the Data You Send
iStock/Getty Images

This step is designed to prevent someone from modifying the data while it's in transit. Authentication headers contain information about where the data is coming from and what it contains, in a secret format that only the receiving system can read. When the receiving system receives the data, it checks all the information, and if something is off it will take action (which is likely to ignore that data).

While AH is what lets the receiving system know that data is legitimate, Encapsulating Security Payload (ESP) keeps it safe from prying eyes. As the name suggests, it works to wrap encryption around your data while it's en route to its destination. ESP also performs data validation through checking that the data the sender claims was sent is actually what arrived. ESP employs a hash function to check this.

If you're still confused about these two technologies, think of it this way: IPSec uses Authentication headers to confirm the data it receives actually came from the sender; ESP protects it in transit, and also provides a way to determine the data received was the same as what was sent. All this is very technical, but fortunately, the IPSec protocol ensures you don't actually need to worry about these details yourself.

How Do You Use IPSec to Stay Secure?

The most common way to utilize IPSec is as the security mechanism for a VPN. VPNs themselves aren't really security mechanisms, they're networking configurations, but any VPN worth its salt will employ some sort of security. When you use a VPN, you're able to connect to some remote network. Your device then routes your traffic to destinations on that network over the VPN connection, which is secured by a protocol like IPsec.

When Setting Up a VPN Connection Choose the Correct Security Protocol

So the most likely place for you to encounter mentions of IPsec is when you're setting up your VPN. In the above screenshot showing the set up of a VPN connection, note the inclusion of IPsec as one of several types of VPNs.

Which one of these you choose will depend on the selections made by the person who set up your VPN. So, if you initially configured your own VPN to use IPsec on your router, for example, you should configure all the devices that will access that VPN the same way. Most modern operating systems have built-in support for IPsec when configuring VPN connections.

When You See IPsec, You Can Be Sure You're Safe

Basically, IPsec collects a number of security-related technologies in a way that makes them easy to use. To use VPN's as an example, you just need to set up yours to use IPsec, then select IPsec again when configuring your client devices. All the small, technical details of how the various components work together is taken care of for you, so you can be sure your activities are safe.