| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Future of Internet Security - IPSec This paper will describe the overview of IPSec, protocol and standards which apply to IPSec. This paper will also focus on the advantages of IPSec (network layer security) over security at other layers and will analyze the various weaknesses that have been or could be identified within this powerful security protocol. There is also an attempt to show the IPSec/Quality of Security Service (QoSS) scenario.
By Bhajandeep Singh and Sh.Sanjeev Sofat, 01/26/2005
|
|
Linux Kernel 2.5/2.6 using KAME-tools This chapter explains the usage of the native IPsec stack of the Linux Kernel ≥2.5.47 and 2.6.*. The installation and the configuration of this IPsec stack differs greatly from FreeS/WAN and is similar to the *BSD variants like FreeBSD, NetBSD and OpenBSD. I will first cover the configuration and installation of the Linux kernel and the user space tools. Then the setup of a manually keyed connection in transport and tunnel mode will be explained. Finally we will cover the setup of automatically keyed connections using preshared keys and X.509 certificates. The support of roadwarriors will be explained last.
By Unknown, 04/23/2004
|
|
IPSec VPN Using FreeBSD This paper will demonstrate a way to setup an IPSec VPN that will allow for NAT'ing using FreeBSD boxes as the gateway machines. It also has the bonus of being a fairly easy method for connecting WANs across public networks. The information and examples provided here should be compatible with other open-source unixes The items covered in this paper are: setting up the tunnel using gif interfaces, ipsec to encrypt the traffic, racoon for automatic key exchange, setting up some simple firewalling and setting up some simple NAT.
By Greg Panula, 04/14/2004
|
|
NAT Traversal: Peace Agreement Between NAT and IPSec The first time I have dealt with a case where I had to pass IPSec traffic through a NAT device -a firewall-, and learned the difficulties, I thought that this is such a weird setup that I would never meet another one. I was wrong. After meeting two more customers, all with reasonable reasons for such a setup, I decided this topic deserves more attention. Network Address Translation (NAT) proposed a nice solution to the tight IPv4 address space by allowing use of unregistered IP addresses within the organization. Since it hides the local IP addresses from the outer world, only a small number of registered IP addresses would be enough. This means economy. Besides, NAT adds another security level by preventing access to the local hosts unless you explicitly allow it. Using NAT, when you change your ISP, you never have to renumber your hosts. NAT may also be a good method to translate between IPv4 and IPv6 addresses in the future.
By Haluk AYDIN, 04/05/2004
|
|
IPsec's role in Network Security: Past, Present, Future What is this term IPsec that I keep hearing, and reading about? IPsec stands for Internet Protocol Security. Simply put, IPsec is a set of open standard protocols that govern the secure, private exchange of data across public networks, such as the Internet. It was developed by the Internet Engineering Task Force (IETF), and explained primarily in RFC 2401-2412. IPsec works on Layer 3, the Network layer of the Open Systems Interconnection 7-layer networking model. By running on Layer 3, IPsec is able to function transparently to applications running on Layer 7; the applications do not require any knowledge of IPsec in order to use it. IPsec is used to create tunnels for Virtual Private Networks (VPN), and also provide confidentiality, authenticity, and integrity of data through use of encryption algorithms. Combined with Internet Key Exchange (IKE), IPsec users can exchange keys, authenticate one another, and securely tunnel encrypted data between peers.
By Christopher Smith, 04/04/2004
|
|
Implementing Site-to-Site IPSec Between a Cisco Router and Linux FreeS/WAN It has been estimated that 80% of all Internet traffic passes through a Cisco router in reaching its ultimate destination.1 For small-to-medium sized B2B intranets and extranets that are geographically dispersed, the FreeS/WAN IPSec implementation, running on the Linux operating system, offers a secure, cost-effective, robust, and high performance open source solution to successfully interface with this large existing Cisco population. This paper begins by providing a brief overview of IPSec. It then discusses the major features, differences, and issues surrounding Cisco's IOS IPSec offering versus the FreeS/WAN offering. Finally, it describes an example implementation and step-by-step procedure that can be used to set up an IPSec site-to-site VPN between a Cisco 2621 IPSec-enabled router and an Intel Architecture-based computer running Linux with the FreeS/WAN 1.9 IPSec implementation.
By Neil L. Cleveland, 04/04/2004
|
|
Vulnerability's of IPSEC: A Discussion of Possible Weaknesses in IPSEC Implementation and Pro This paper will discuss the protocol suite IPSEC, with a view to analysing the various weaknesses have been or could be identified within the protocol. The paper will focus on a small set of example exploits across specific implementations or vendor products. The paper will begin with a brief introduction to the fundamentals of IPSEC. IPSEC is a complex and highly mathematical subject, and many of the in depth technical issues will be beyond the scope of this paper, however, an attempt will be made to show the reader the importance of a basic understanding of these underlying operations and tools.
By Daniel Clark, 04/04/2004
|
|
Issues When Using IPsec Over Geosynchronous Satellite Links This paper describes the salient points of TCP over satellite links, performance enhancing proxies, IPsec, and the issues with the combined use of these technologies. A tradeoff solution and its security implications are then presented. More research in the area of IPsec used in conjunction with performance enhancing proxies is needed to meet security and performance needs of satellite network users.
By Gregory Totsline, 04/04/2004
|
|
Remote Access IPSec VPNs: Pros and Cons of 2 Common Clients The needs for remote access in today's enterprise networks require a co-effective method for securely connecting to company resources via the Internet. IPSec is one of the best methods of creating an encrypted, authenticated tunnel to these resources, but at the same time, the current IPSec standards do not specify a method of providing clients an internal IP configuration nor a method for authenticating more than the computer that the user is currently using for the connection. This paper discusses two client options for creating this encrypted and authenticated connection, as well as options for working around the deficiencies of the current IPSec standard by combining IPSec with L2TP or by using proprietary functions to accomplish the same. Other proprietary features are discussed in this paper, such as IPSec NAT traversal , client firewall inclusion, and user authentication via the ISAKMP tunnel.
By Jason Everard, 04/04/2004
|
|
IPSec Tunnel Creation There are many types of VPNs (Virtual Private Networks) available for use in today's networks. One of these types involves use of the IPSec standard. Within IPSec, there are further options on ways to define your VPN. The actual building or construction of the IPSec VPN is very involved. The purpose of this paper is to detail, explain, and illustrate the specific processes that occur in creating an IPSec VPN tunnel. Some of the concepts and theory will also be explained. Like other VPNs, an IPSec tunnel is secure. It is encrypted using cryptographic techniques. I will be using the example of what one vendor refers to as a site-to-site VPN (How 2). These are not the same processes that occur with a host-to-host or host-to-gateway VPN, although they are similar. There are many attacks that come with IPSec and many that are avoided. I will cover a few of them, when relevant, but not all.
By Chris Gutridge, 04/04/2004
|
|
Page: 1 2 |
