Download - Ipsec Client 03
-
7/31/2019 Ipsec Client 03
1/14
UNIT-2 UNIT-2
-
7/31/2019 Ipsec Client 03
2/14
Basic issues with IPSEC clients
1.Client security
2.Floating security associations
3. IPSEC client software packaging.
-
7/31/2019 Ipsec Client 03
3/14
An IPSEC client is a software package thatprovides IPSEC protection for TCP/IPnetwork traffic on a workstation or laptop.
It may be packaged as a shim that fitsbetween an existing TCP/IP stack and thehosts computers device drivers.
The client provide IPSEC protection withoutaffecting to the security associationsestablished by the workstations operator.
-
7/31/2019 Ipsec Client 03
4/14
Lower stackapproach
it is separate softwarepackage residing betweenan existing TCP/IP stack and
the network device driver . It appear at a lower point inthe protocol stack.
It is also referred as a shim. The shim is much simpler
software component to
construct and maintainthan package including full
TCP/IP.
upper stackapproach
IPSECintegrated directly intothe TCP/IP stack.
It is best for sophisticatedsystems like Unix or windowNT.
It allow the software withdiffering security attributes to
use separate securityassociation.
It is more complex productand forces users to replacethe TCP/IP stack they
currently use.
-
7/31/2019 Ipsec Client 03
5/14
a. Site Based Assignmentsa. A typical IPSEC client application is to protect
mobile users when connecting to a central site.
b. Central site generating all IPSEC association
parameter needed and provide a mechanism toimport them into the client.
b. Client mobilitya. In some cases client will use a unique
permanently assigned IP address.b. In other cases traveling client might use a
variety of ISPs according to location.
-
7/31/2019 Ipsec Client 03
6/14
Client are less target than servers for twoReasons .
1.Client belonging to the typical user are not
perceived to be worthwhile target.2.Client lack the continuous accessibility of
servers.1. They are not always on-line.
2. Client IP address may change from one sessionto the next.
-
7/31/2019 Ipsec Client 03
7/14
Block all communication that dont useIPSEC.
Configure the rest of your system to resistinternet attacks.
-
7/31/2019 Ipsec Client 03
8/14
The security of computers system dependsheavily on its physical security.
There are essentially three techniques for
protecting key from theft. Store the keys on a removable device.
Password protection
Encrypted key
-
7/31/2019 Ipsec Client 03
9/14
We use IPSEC clients to protect trafficbetween a central site and remote hosts.
Central site has a IPESC encrypting router or
similar IPSEC device. Central site assign security association andkeys to the individual clients.
Incoming traffic that uses assigned
association is then admitted to the site. All other traffic is blocked.
-
7/31/2019 Ipsec Client 03
10/14
Password sniffing IP SPOOFING
IP Hijacking SYN Flooding
-
7/31/2019 Ipsec Client 03
11/14
Message processing is always slower thanwhen you use IPSEC.
IPSEC protection will be applied occasionallyeven when not really needed.
IPSEC protection automatically wheneverthere is a security association in placebetween the client and the central site.
IPSEC works at the packet level and protecteverything travelling between a given pair ofhosts.
-
7/31/2019 Ipsec Client 03
12/14
There are two parts to remote accesssecurity1. Risk to the central site.
2. Risks associated with clients.
The other risks to the mobile client are:- Clients attacks from the internet
Virus based attack on clients
Client theft
-
7/31/2019 Ipsec Client 03
13/14
Client are at risk of attack simply becausethey are hosts on the internet.
How to block
1. Blocking all messages that dont carryvalid IPSEC header.
2. Take a close look at every TCP/IP softwarecomponent residing on the client.
3. To look for any mechanism that allows anoutside system to modify data on yourmachine and then block that mechanism orservices.
-
7/31/2019 Ipsec Client 03
14/14
Client Theft
Does IPSEC provide any protection against viruses.
What special threat might viruses pose to IPSEC clients