Network Security
IPsec (Internet Protocol Security)
IPsec is Internet Protocol Security, a suite of protocols that secures IP communication by authenticating and encrypting packets at the network layer, commonly used to build virtual private networks and site-to-site secure tunnels.
In plain terms
IPsec is a way to encrypt and authenticate network traffic at a low level, so entire connections between sites or devices are protected. It is the technology behind many VPNs, building a secure tunnel across the untrusted internet.
IPsec, Internet Protocol Security, is a framework of protocols that secures communication at the network layer by protecting IP packets directly. Rather than securing a single application’s connection the way TLS does at a higher layer, IPsec can protect all traffic between two endpoints regardless of the application, because it operates on the IP packets themselves. This makes it well suited to building virtual private networks, connecting offices together over the public internet, and giving remote users secure access to an internal network as if they were local.
IPsec provides its protection through a small set of core components. The Authentication Header offers integrity and authentication for packets, ensuring they have not been altered and genuinely come from the claimed source, though it does not encrypt the contents. The Encapsulating Security Payload provides confidentiality through encryption and can also provide integrity and authentication, and it is the component most commonly used because it protects the data itself. Underpinning these is the Internet Key Exchange protocol, which negotiates the cryptographic algorithms and keys the two endpoints will use and authenticates the parties to each other, establishing the protected association before traffic flows.
IPsec can operate in two modes that suit different uses. In transport mode, only the payload of each IP packet is protected while the original IP header remains, which is typical for securing communication directly between two hosts. In tunnel mode, the entire original packet is encapsulated inside a new packet and protected, which hides the original source and destination and is the basis for site-to-site and remote-access VPNs. Tunnel mode is what allows two networks to be connected securely across the internet, with gateways at each end wrapping and unwrapping the traffic so that internal hosts communicate as though directly connected.
The relationship between IPsec and other secure transport technologies is a matter of layer and scope. TLS secures specific application connections at a higher layer and is what protects HTTPS and many application protocols, while IPsec secures traffic at the network layer and can protect everything between two endpoints transparently to applications. Both are widely used for VPNs: IPsec-based VPNs are a long-standing standard, while TLS-based VPNs also exist. The choice between them depends on the use case, the devices involved, and operational considerations, but conceptually IPsec protects the network path while TLS protects the application conversation.
The security relevance of IPsec is that it provides strong, standards-based protection for data crossing untrusted networks and is a foundation of secure connectivity between sites and for remote access. Because it authenticates endpoints and encrypts traffic, it defends against eavesdropping and tampering on the path between the protected endpoints. As a mature and flexible framework, it supports a range of cryptographic algorithms, which means its security in practice depends on configuring strong, current algorithms and key exchange settings rather than weak legacy options.
Like any cryptographic system, IPsec must be deployed carefully to be effective. Weak or outdated algorithm choices, poor key management, and misconfigured policies can undermine its protection. The key exchange and authentication settings are particularly important, since compromised credentials or weak negotiation can expose the tunnel. Complexity is also a practical concern, as IPsec configuration involves several interacting parameters that must match on both ends, and misconfiguration can cause failures or silently weaker protection. Defenders treat IPsec tunnels as critical infrastructure, monitoring their health and ensuring their cryptographic settings remain strong over time.
In practice, IPsec is the network-layer workhorse for securing IP traffic and the backbone of many VPNs, wrapping packets with authentication and encryption so that whole connections between sites or remote users and a network stay private and tamper-resistant. Its authentication header, encapsulating security payload, and key exchange together establish protected associations, and its transport and tunnel modes serve host-to-host and network-to-network protection respectively. Understanding IPsec clarifies how organizations extend trusted connectivity across the untrusted internet, and why the strength of that protection rests on sound cryptographic configuration and key management.