IPsec basics


operates at the network layer (OSI layer 3)
transparent to applications
built in the network stack

is composed of two protocols:
AH (authenitication header)
protects the packet header
Encapsulating Security Payload (ESP)
protects the payload

can run in one of two modes:
transport mode
unchanged routing info in protected packet
tunnel mode
protected packet is encapsulated in another packet for routing