Policy Based Security Management for IPSec Luis A. Sanchez August - PowerPoint PPT Presentation

Nov 09, 2023 •128 likes •201 views

Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1 Outline Problems Requirements A Solution Next Step Page 2 Page 2 Problems Need a common security policy specification language

Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1
Outline � Problems � Requirements � A Solution � Next Step Page 2 Page 2
Problems � Need a common security policy specification language � Need to specify enforcement points for each policy � Discovery of security gateways � Resolution of security requirements for inter- domain communication � Consistency checking of local security policies � Management of dynamic security associations Page 3
Requirements � Support for complex topologies t multiple embedded tunnels � Support for legacy systems t non IPSec compliant � Scalable and deployable incrementally � Independence of protocol suite, KMP � NAT Friendly � Graceful failure Page 4
A Solution SS 1 RPY2 SS 2 RPY21 SS 21 CMD21 CMD2 C REQ21 REQ2 RPY1 REQ21 1 M RPYd REQd REQ REQ2 D 1 Src Dst SG 1 SG 2 SG 21 Domain 1 Domain 2 Domain 2.1 Security Policy Negotiation Protocol (SPP) Message Flow Legend Functions SPP Messages provides server and security services discovery l domain based policy resolution ● REQ#: SPP-Request l enforcement point selection ● RPY#: SPP-Reply l security association bundle management ● CMD#: SPP-Policy Page 5 l
Next Step � Code Release: Pre-Alpha by End of Sept. 1998 � 2 Internet-Drafts underway: t Security Policy Specification Language t Security Policy System (policy exchange and resolution protocol) � Request feedback from Community and vendors in general � any questions: t lsanchez@bbn.com Page 6

Recommend

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by

OPPORTUNISTIC ENCRYPTION USING IPSEC Linux Security Summit, Toronto August 2016 Presented by Paul Wouters, RHEL Security THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution

736 views • 32 slides

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt

Labeled IPsec draft-jml-ipsec-ikev1-security-context-00.txt draft-jml-ipsec-ikev2-security-context-00.txt Presented by: Joy Latten Document authors: Serge Hallyn, Trent Jaeger, Joy Latten, and George Wilson Problem Description Mandatory

295 views • 6 slides

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised

IKEv2: IPSec Key Management Protocol Lecture 20 Acknowledgement: Slides from Vincent Luk, revised by Cunsheng Ding IP Security Architecture IPSec module 1 IPSec module 2 SPD SPD IKE IKE AH/ESP AH/ESP SAD SAD SA IKE: Internet Key

702 views • 26 slides

Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF

Introduction to IPsec Charlie Kaufman charliek@microsoft.com 1 IP Security (IPsec) IETF standard for Network Layer security Popular for creating trusted link (VPN), either firewall-firewall, or machine to firewall Done at

868 views • 51 slides

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC

Uses of IPSEC with VPNs VPNs Uses of IPSEC with Purpose Outline some scenarios where IPSEC can be used with VPNs Identify areas where extensions to IPSEC could be useful Bryan Gleeson, Page-1 VPN Reference Model CE CE PE

352 views • 9 slides

IPsec (AH, ESP), IKE Guevara Noubir CSG254: Network Security noubir@ccs.neu.edu Securing

IPsec (AH, ESP), IKE Guevara Noubir CSG254: Network Security noubir@ccs.neu.edu Securing Networks Applications Layer Monitoring/Logging/Intrusion Detection Control/Management (configuration) telnet/ftp: ssh, http: https , mail: PGP Network

1.4k views • 26 slides

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure applications: Applicaz. (SHTTP) PGP, SHTTP, SFTP, or SSL/TLS Security down in the TCP protocol stack -SSL between TCP IPSEC and applic. layer

724 views • 59 slides

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec

THE LIBRESWAN PROJECT An Internet Key Exchange (IKE) daemon for IPsec Enterprise IPsec based VPN solution Make encryption the default mode of communication Certifjcations (FIPS, Common Criteria, USGv6, etc.)

917 views • 25 slides

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE

IPSEC VPN overview IPSEC VPN overview Basic VPN Architecture CPE/CLE CPE/CLE PE PE CPE/CLE Host PE CPE to CPE IPSEC can be used for : PE to PE PE to CPE Bryan Gleeson, Page-1 CPE to CPE IPSEC tunnels

680 views • 8 slides

IPsec Slide 1 Protocol security - where? Application layer: (+): easy access to user credentials,

IPsec 1 IPsec Slide 1 Protocol security - where? Application layer: (+): easy access to user credentials, extend without waiting for OS vendor, understand data; (-): design again and again; e.g., PGP, ssh, Kerberos Transport layer: (+):

420 views • 18 slides

IP IPSec ( ) 13 Network

IP IPSec ( ) 13 Network Security, Principles and Practice,2nd Ed. : http://www.fata.ir

567 views • 23 slides

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and

Firewalls, IPsec and Linux by Harald Welte <laforge@netfilter.org> Firewalls, IPsec and Linux Contents Introduction Highly Scalable Linux Network Stack Netfilter Hooks Packet selection based on IP Tables The Connection Tracking

444 views • 9 slides

Security Tunneling Cyber Security Spring 2010 Reading Material IPSec overview Chapter

Security Tunneling Cyber Security Spring 2010 Reading Material IPSec overview Chapter 6 Network Security Essentials, William Stallings SSH RFCs 4251, 4252, 4253 SSL/TLS overview Slide material from Bishop

1.55k views • 69 slides

Security and Authorization CS430/630 Lecture 18 Slides based on Database Management Systems

Security and Authorization CS430/630 Lecture 18 Slides based on Database Management Systems 3 rd ed, Ramakrishnan and Gehrke Definitions Security policy specifies who is authorized to do what Security mechanism allows to

892 views • 26 slides

On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G.

Motivation The Attacks Concluding Remarks On the (In)Security of IPsec in MAC-then-Encrypt Configurations Jean Paul Degabriele Kenneth G. Paterson Information Security Group Royal Holloway, University of London CCS 2010 Jean Paul

930 views • 68 slides

Specification-based testing of IPsec Institute for system Programming Russian Academy of

Specification-based testing of IPsec Institute for system Programming Russian Academy of Sciences Nickolay Pakoulin npak@ispras.ru Agenda Work Background Specification based testing in IPsec Discussion Future work The work

578 views • 30 slides

IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22

IPsec encapsulation over TCP Sabrina Dubroca sd@queasysnail.net Red Hat netdev 0x13, 2019-03-22 1 / 22 Introduction 2 / 22 ESP and IKE Components of the IPsec protocol suite ESP Encapsulating Security Payload AH Authentication Header IKE

478 views • 22 slides

Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of

Why IPsec and BGP dont play well together in real networks Brian Weis Overview Of course IKE/IPsec can be configured on routers to provide transport security for BGP and other similar control plane protocols. And certainly

480 views • 16 slides

ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one

Lehrstuhl fr Netzarchitekturen und Netzdienste Fakultt fr Informatik Technische Universitt Mnchen ilab Lab 8 - SSL/TLS and IPSec Outlook: On Layer 4: Goal: Provide security for one specific port SSL (Secure Socket Layer) /

812 views • 25 slides

Software Methodologies for distributed systems Policy-based Management (PBM) Software

A Fuzzy, Utility-based Approach for Proactive Policy-based Management Christoph Frenzel, Henning Sanneck, and Bernhard Bauer RuleML 2013, July 11 13, Seattle, WA, USA Software Methodologies for distributed systems Policy-based Management

195 views • 16 slides

IPsec real end-to-end security without VPNs FUKT Computer Society Teddy Hogeborn Bjrn

IPsec real end-to-end security without VPNs FUKT Computer Society Teddy Hogeborn Bjrn Phlsson Who are we? FUKT Computer Society Unix system since 1995 Using IPsec since 2003 FUKT is a society/club for computer enthusiasts

927 views • 45 slides

SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with

SSL and IPSec CS461/ECE422 Fall 2010 Based on slides provided by Matt Bishop for use with Computer Slide #11-1 Security: Art and Science Reading Chapter 11 in Computer Science: Art and Science Stallings book Can also look at

628 views • 58 slides

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab

Ipsec unter Linux 2.6 Einleitung: Die native IPsec Implementierung im Linux Kernel ab Version 2.5.47 basiert auf dem USAGI Projekt. Hierbei handelt es sich um eine alternative Implementierung des IPsec Stacks zum FreeS/WAN Projekt.

610 views • 8 slides

IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues

IPSec Slides by Vitaly Shmatikov UT Austin slide 1 TCP/IP Example slide 2 IP Security Issues Eavesdropping Modification of packets in transit Identity spoofing (forged source IP addresses) Denial of service Many solutions

543 views • 25 slides