Monday, 23 January 2012

Difference Between IPSEC and GRE

IPSEC vs GRE
A computer network consists of a group of two or more computers or other electronic devices that are connected to each other which allow them to share information and resources. There are three types of networks, namely: Internet, Intranet, and Extranet.
There are also several different networking methods: Local Area Network (LAN) which is used in a small area like in a building; Metropolitan Area Network (MAN) which is used in cities; Wide Area Network (WAN) which is used in a large area, and Wireless LANs and WANs.
These networks, especially those using the Internet, utilize communications protocol to transmit packets of data to be shared by the different users of the network. A packet contains control information which supplies information needed for data delivery, error detection, and user data or payload.
One such packet is the Internet Protocol (IP) packet which is the primary protocol of the Internet. It routes packets between computers or devices in a network using IP addresses. By using packets, networks can obtain multiple host addressing and error detection. To secure IP communications, a protocol suite is needed to encrypt and authenticate all IP packets of a session. Some of the Internet security systems are: Secure Sockets Layer (SSL), Secure Shell (SSH), Transport Layer Security (TLS), and Internet Protocol Security (IPsec).
IPsec is used to protect data shared between two hosts, two security gateways, or a gateway and a host. Unlike other security systems, it can be used even in applications that are not designed to use it. At the start of a session, IPsec allows agents to establish mutual authentication and agreement of cryptographic keys that are to be used during the session.

It can be applied in both host-to-host transport mode and network-tunnel mode. It is open standard and performs several operations by using these protocols: Authentication Header (AH) which protects against replay attacks, Encapsulating Security Payloads (ESP) which gives confidentiality, and Security Associations (SA) which provide data for AH and ESP operations.
Generic Routing Encapsulation (GRE), on the other hand, is a tunneling protocol that is used to carry other routed protocols in an IP network as well as IP packets in an IP network. It is stateless and has no flow control mechanisms.
While IPsec offers confidentiality through authentication, GRE offers less security. GRE also has additional overhead byte headers that can cause delays in the routing and forwarding of packets. While IPsec can send packets, it cannot send routing protocols like GRE can.
Summary:
1.IPsec stands for Internet Protocol Security while GRE stands for Generic Routing Encapsulation.
2.IPsec is the primary protocol of the Internet while GRE is not.
3.GRE can carry other routed protocols as well as IP packets in an IP network while Ipsec cannot.
4.IPsec offers more security than GRE does because of its authentication feature.
5.GRE has more overhead byte headers which can affect the routing and forwarding of packets while IPsec does not.


 

0 comments: