Previous Section
 < Day Day Up > 
Next Section


Chapter 17: Internet Protocol Security: IPsec

Overview

The Internet Security Protocol, IPsec, incorporates security for network transmission into the Internet Protocol (IP) directly. IPsec is integrated into the new IPv6 protocol (Internet Protocol version 6). It can also be used with the older IPv4 protocol (see Chapter 38). IPsec provides methods for both encrypting data and authenticating the host or network it is sent to. The process can be handled manually or automated using the IPsec racoon key exchange tool. With IPsec, the kernel can automatically detect and decrypt incoming transmissions, as well as encrypt outgoing ones. You can also use IPsec to implement virtual private networks, encrypting data sent over the Internet from one local network to another. Though IPsec is a relatively new security method, its integration into the Internet Protocol will eventually provide it wide acceptance.

Several projects currently provide development and implementation of IPsec tools. The original IPsec tools are provided by the KAME project, www.kame.net. Current versions can be obtained from souceforge.net/projects/ipsectools. RPM packages can be obtained from rpmfind.net. Other IPsec tool projects include the Free Secure/Wide Area Network project (FreeS/WAN) at www.freeeswan.org, which provides a Linux implementation of IPsec tools, and VPN Consortium (VPNC) at www.vpnc.org, which supports Windows and Macintosh versions. FreeS/WAN provides both Red Hat RPM packages and source code for their tools.

Note 

Currently, the Fedora Core does not include support for IPsec tools but later versions will. The redhat-config-network tool includes panels for IPsec support, but you need to install IPsec tools to activate this support.



Previous Section
 < Day Day Up > 
Next Section
This HTML Help has been published using the chm2web software.