IPsec

Az Internet Protocol Security (IPsec) egy protokoll csomag az Internet Protokoll (IP) alapú kommunikáció biztonságosabbá tételére a kommunikációs viszony minden egyes csomagja hitelesítésével és titkosításával.

Az IPsec csomag egy nyílt szabvány. Az IPsec az alábbi protokollokat használja:

• Authentication Headers (AH)
• Encapsulating Security Payloads (ESP)
• Security Associations (SA)

• NRL IPsec, one of the original sources of IPsec code.
• OpenBSD
• "IPsec" a Juniper Operating Systems-ben
• "IPsec" a Cisco IOS Software-ben
• "IPsec" a Microsoft Windows-ban, nevezetesen a következőkben: Windows XP, Windows 2000, Windows 2003, Windows Vista, Windows Server 2008, és Windows 7

Az IPsec-et az IPv6-tal párhuzamosan fejlesztették ki. Az IPsec-nek rendelkezésre kell állnia az IPv6 minden szabványos megvalósításában.

• All IETF active security WGs
  • IETF ipsecme WG ("IP Security Maintenance and Extensions" Working Group)
  • IETF btns WG ("Better-Than-Nothing Security" Working Group) (chartered to work on unauthenticated IPsec, IPsec APIs, connection latching)]
• Securing Data in Transit with IPsec Archiválva 2008. október 13-i dátummal a Wayback Machine-ben WindowsSecurity.com article by Deb Shinder
• IPsec^{[halott link]} at the Open Directory Project
• IPsec on Microsoft TechNet
  • Microsoft IPsec Diagnostic Tool on Microsoft Download Center
• An Illustrated Guide to IPsec by Steve Friedl
• Security Architecture for IP (IPsec) Data Communication Lectures by Manfred Lindner Part IPsec
• Creating VPNs with IPsec and SSL/TLS Linux Journal article by Rami Rosen

Az alábbi RFC-kben foglalt szabványok vonatkoznak az IPsec-re:

• RFC 2367: PF_KEY Interface
• RFC 2401: Security Architecture for the Internet Protocol (IPsec overview) Obsolete by RFC 4301
• RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
• RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH
• RFC 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
• RFC 2409: The Internet Key Exchange
• RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec
• RFC 2412: The OAKLEY Key Determination Protocol
• RFC 2451: The ESP CBC-Mode Cipher Algorithms
• RFC 2857: The Use of HMAC-RIPEMD-160-96 within ESP and AH
• RFC 3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
• RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
• RFC 3715: IPsec-Network Address Translation (NAT) Compatibility Requirements
• RFC 3947: Negotiation of NAT-Traversal in the IKE
• RFC 3948: UDP Encapsulation of IPsec ESP Packets
• RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
• RFC 4301: Security Architecture for the Internet Protocol
• RFC 4302: IP Authentication Header
• RFC 4303: IP Encapsulating Security Payload
• RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
• RFC 4306: Internet Key Exchange (IKEv2) Protocol
• RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
• RFC 4308: Cryptographic Suites for IPsec
• RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)
• RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
• RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
• RFC 4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
• RFC 4621: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
• RFC 4718: IKEv2 Clarifications and Implementation Guidelines
• RFC 4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
• RFC 4809: Requirements for an IPsec Certificate Management Profile
• RFC 4835: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
• RFC 4945: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
• RFC 6071: IPsec and IKE Document Roadmap