Lancom Systems LCOS 3.50 Server User Manual


 
̈ Chapter 14: Virtual Private Networks—VPN LANCOM Reference Manual LCOS 3.50
327
Virtual Private Networks—
VPN
14.7.1 IPSec—The basis for LANCOM VPN
The original IP protocol does not contain any provisions for security. Security
problems are compounded by the fact that IP packets do not go directly to a
specific recipient, but are sent scattershot to all computers on a given network
segment. Anyone can help themselves and read the packets. This leaves the
door open to the misuse of data.
IP has been developed further for this reason. A secure version is now
available: IPSec. LANCOM VPN is based on IPSec.
IPSec stands for “IP Security Protocol” and was originally the name used by a
working group of the IETF, the Internet Engineering Task Force. Over the
years, this group has developed a framework for a secure IP protocol that is
generally referred to as IPSec today.
It is important to note that IPSec itself is not a protocol, but merely the stan-
dard for a protocol framework. IPSec actually consists of a variety of protocols
and algorithms for encryption, authentication and key management. These
standards will be introduced in the following sections.
Security in an IP environment
IPSec has been implemented almost completely within level 3 of the OSI
model, i.e. in the network layer. The transfer of data packets using the IP
protocol is realized on level 3 of IP networks.
IPSec thus replaces the IP protocol. Under IPSec, the packets have a different
internal structure than IP packets. Their external structure remains fully
compatible to IP, however. IPSec packets can therefore be transported without
problems by existing IP networks. The devices in the network responsible for
the transport of the packets cannot distinguish IPSec packets from IP packets
on the basis of their exterior structure.
The exceptions in this case are certain firewalls and proxy servers that access
the contents of the packets. Problems can arise from the (often function
dependent) incompatibilities of these devices to the existing IP standard.
These devices must therefore be adapted to IPSec.
IPSec will be firmly implemented in the next generation of the IP standard
(IPv6). For this reason, we can assume that IPSec will remain the most
important standard for virtual private networks in the future.