What does IPsec protect against?

IPsec protects data in transit by securing IP packets as they travel between devices. It delivers three main protections: confidentiality through encryption so the payload remains unreadable to anyone intercepting it; integrity through cryptographic checksums to detect any tampering of the data or headers; and anti-replay protection using sequence numbers to prevent attackers from resent packets. Together, these features help ensure that communications between endpoints remain private, untampered, and resistant to replay attacks, which is why IPsec is commonly used to create secure VPN tunnels and protect IP traffic across networks. Phishing emails target people, not packets, so IPsec doesn’t address social engineering. Malware installation happens on endpoints after access is gained, which is outside the scope of IPsec’s in-transit protections. Physical theft of a device is a hardware risk, not something IPsec mitigates. In short, IPsec’s primary role is to guard data integrity, confidentiality, and replay protection for IP traffic.