IPSec (acronym for Internet Protocol Security) is is a suite of protocols standardized through the IETF to provide security at the network layer (Layer 3). It is a framework of open standards for ensuring private communications over IP networks, which has become the most popular network layer security control. It can provide several types of data protection — confidentiality; integrity; data origin authentication; prevention of packet replay and traffic analysis; and access control.
IPSec typically uses the Internet Key Exchange protocol (IKE) to negotiate IPSec connection settings, exchange keys, authenticate endpoints to each other, and establish security associations, which define the security of IPSec-protected connections. IPSec and IKE were added to IPv4 after the fact, but are now integrated into all of the major operating systems. For IPv6, IPSec and IKE are planned to be an integral part of the network protocols.
IPSec has several uses, with the most common being a virtual private network (VPN). This is a virtual network built on top of existing physical networks that can provide a secure communications mechanism for data and IP information transmitted between networks. Although VPNs can reduce the risks of networking, they cannot totally eliminate them. For example, a VPN implementation may have flaws in algorithms or software, or insecure configuration settings and values that attackers can exploit.