<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([IPsec]) is a [protocol] suite for secure [Internet Protocol] ([IP]) communications that works by [authenticating|Authentication] and [encrypting|Encryption] each [IP] packet of a communication session. 


[{$pagename}] includes [protocols] for establishing [Mutual Authentication] between agents at the beginning of the session and negotiation of [Cryptographic Key] to be used during the session. 

[{$pagename}] uses [cryptographic] security services to protect communications over Internet Protocol (IP) networks. IPsec supports network-level peer authentication, data origin [authentication], data [integrity], data [confidentiality] ([encryption]), and replay protection.

[{$pagename}] is an end-to-end security scheme operating in the [Internet Layer] of the [Internet Protocol Suite], while some other Internet security systems in widespread use, such as [Transport Layer Security] ([TLS]) and [Secure Shell] ([SSH]), operate in the upper layers at the [Transport Layer] (TLS) and the [Application Layer] (SSH). 


[{$pagename}] protects all application traffic over an IP network. Applications can be automatically secured by IPsec at the IP layer.


The [DNC Decryption Flow] detects and decrypts selected communications tha t ar e encrypte d using
IPsec the n reinjects the unencrypte d packets back into TURMOIL Stage 1. TURMOIL Stag e 1 applications process th e
packets into sessions an d whe n appropriat e forwards the unencrypte d conten t to follow-on processing systems. The DNC
eventing (PPF) components in TURMOIL detec t all IKE/ISAKMP and ESP packets an d querie s KEYCARD for each unique
IKE exchang e session and each unique ESP session to determin e if the link should be selected for processing. Selection is
base d on IP address. Decryption is attempte d if eithe r th e sourc e or the destination IP address is targete d for decryption in
KEYCARD (the KEYCARD tasking action is labeled &quot;TRANSFORM&quot; so as not to us e the term &quot;decrypt&quot;). If KEYCARD return s
a hit for an IKE packet, then the IKE packe t is sen t to LONGHAUL wher e is is used to recove r keys. If KEYCARD return s a
hit for an ESP packet, a key request is sent to LONGHAUL. The IPsec Security Paramete r Index (SP1) correlate s IKE 

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [IPsec|Wikipedia:IPsec|target='_blank'] - based on information obtained 2017-01-07- 
</pre>