Get ready to secure your IP network with IPSec
Early this year, hackers tore down NT systems in many sites with a denial of
service attack called Teardrop2. (Teardrop2 sends an NT system deliberately
constructed IP fragments that form invalid packets. The NT system receiving the
packets allocates kernel memory to accommodate them. If the system receives a
large number of the invalid packets, it will hang and stop working.) Although
Microsoft immediately responded to these attacks with a hotfix that defends NT's
IP stack against Teardrop2, NT remains a favorite target of hackers. Attacks
such as these could happen again, unless network managers upgrade their NT
networks' IP protocol to IP Security (IPSec).
The Internet Engineering Task Force (IETF) developed IPSec as a security
protocol of the next generation IP--IPv6. IPSec is also an optional extension
for the implementation of IPv4, the current-version IP. IPv4 is widespread on
the Internet and in corporate networks, but its design does not include security
provisions. IPSec provides confidentiality and integrity to information
transferred over IP networks through network-layer encryption and
authentication. IPSec protects your IP network from attacks, including denial of
service, man-in-the-middle, and spoofing. (For more information about IPv6 and
the development of IPSec, see my article, "The Next Generation IP in
Action," June 1998.)
Microsoft is building IPSec into NT 5.0, which will let you implement a
secure NT network without having to change your existing applications and
network hardware. With NT 5.0 IPSec, you can define security policies for your
entire organization, departments, groups, or individuals, and you can specify
whom your NT computers can trust and talk to and what security methods those
computers can use for communication. IPSec in NT 5.0 will be an important
component of your network security. Study IPSec and perhaps test it to develop a
good implementation plan for when NT 5.0 hits the street. In this article I'll
help you understand IPSec, NT 5.0 IP security policy, and NT 5.0's
implementation of IPSec.
IPSec Basics
The IETF defined the IPSec protocol in Request for Comments (RFC) 1825-1829
and several Internet Drafts. IPSec protects IP traffic with two protocols: the
Authentication Header (AH) protocol and the Encapsulating Security Payload (ESP)
protocol.
AH integrity ensures data integrity by authenticating a packet's IP header
and payload (i.e., packet content). If a hacker alters an IP packet and replays
it, AH lets the intended recipient know that the packet underwent modification
during transmission. ESP confidentiality guarantees data confidentiality by
encrypting IP packets so that hackers can't decode them. ESP
confidentiality is mandatory in IPSec. The difference between AH
integrity and ESP integrity is that ESP integrity doesn't authenticate IP
headers. ESP integrity is an option in IPSec implementation, but Microsoft
recommends using both ESP confidentiality and ESP integrity for high security.
However, if you use a Network Address Translator (NAT) to translate your private
IP addresses into Internet legitimate addresses, you can use only ESP integrity,
because ESP integrity doesn't manipulate IP headers, as AH integrity does.
IPSec operates in two modes: transport mode and tunnel mode. In transport
mode, AH or ESP resides in the original IP packet between the IP header
and upper-layer extension header information (to learn about the content of IP
headers, see the June 1998 sidebar "What's New in the IPv6 Header").
IPSec uses the transport mode to provide end-to-end security between two end
systems: for instance, between an NT workstation and an NT server. In the tunnel
mode, IPSec places an original IP packet in a new IP packet and inserts AH or
ESP between the IP header of the new packet and the original IP packet. The new
IP header points to the tunnel endpoint, and the original IP header specifies
the ultimate destination of the packet. You can use the tunnel mode to set up an
IPSec tunnel between two end systems, between an end system and a security
gateway, or between two security gateways. A security gateway can be a tunnel
server, router, firewall, or Virtual Private Network (VPN) device. One example
of implementing tunnel mode is securing remote access to your corporate network
through the Internet. When you have a tunnel server at the perimeter of your
network, telecommuters must go through the tunnel server before reaching an
internal system. The tunnel in this example is between the Internet and the
tunnel server (i.e., between an end system and a security gateway).
Previous
Register
