The Internet is changing today’s business model in many ways that facilitate commerce but can compound security problems. With the rise of e-business, a fundamental change in the nature of our communications infrastructure is dictated. Closed networks, whose access was once limited only to desktop workstations, are now open to remote employees, suppliers and partners. While this certainly speeds business operations, it brings with it other perils. It can leave data open to unintended access. The ease at which anyone may install and use a ‘sniffer’ program to monitor LAN traffic servers is a pointed reminder of data vulnerability. To operate an e-business Intranet and Extranet safely, a company must protect its data at the source by securing data traveling on the LAN. This will allow it to create a Trusted Virtual Network, which will make e-business thrive.

The various elements of building a trusted virtual network are

• LAN security at the desktop and server level
• Access control at the router or firewall and mobile PC
• WAN/Internet security
• Security management throughout the network

IPSec: An Essential Building Block

An emerging answer to many of these questions is a technology called Internet Protocol Security (IPSec). Open and standards-based, IPSec is being widely adopted and is expected to become a de facto basic building block of the trusted network.

IPSec runs at Layer 3 in the protocol stack. As a result, it is transparent to applications, unlike security technologies that run at other layers. This means IPSec is relatively easy and inexpensive to implement, since applications can take advantage of it, without being altered and users would not have to be re-trained.

What is IPSec?

Defined by the Internet Engineering Task Force (IETF), IPSec is a standard that provides a common means of authentication, integrity and IP encryption. It offers two modes of operation—tunnel mode and transport mode.

One of the principal strengths of IPSec is that encrypted packets can be routed and switched on any network that supports IP traffic. No upgrade to the network elements is necessary. This enables the packets to traverse LAN, Extranet and Internet, easily and transparently.

It also means that end stations and applications will not require any modifications. Since IPSec is transparent to the application layer, for example, it can be used in conjunction with the existing application layer security software. In addition, VPN solutions using IPSec as the basis for a common protocol can inter-operate, thereby, opening up new possibilities for sharing data securely.