`

理解ipsec身份标识和认证选项

阅读更多

This article is part of the Identity and Access Management Security School lesson on VPNs and remote access. Visit the VPNs and remote access lesson page for more learning resources.

IPsec VPNs extend a network's security perimeter by connecting individual hosts or entire networks. A secure VPN starts with verifying the identity of those tunnel endpoints, but poor authentication choices can cause interoperability issues or network compromise. This tip explores common IPsec VPN identity and authentication options, and their security and deployment implications.

Standard IPsec VPN features

IPsec VPN tunnels can be configured statically ("nailed up") or established dynamically using messages defined by the Internet Key Exchange (IKE) standard. IKE lets two VPN gateways (or two VPN hosts, or a gateway and host) authenticate each other, negotiate security parameters, and generate keys for data encryption and integrity.

Authentication is critical to avoid establishing tunnels with unauthorized parties. In a site-to-site VPN, it lets us spot an attacker masquerading as a peer VPN gateway. In a remote access VPN, it lets us deny access to intruders who pose as legitimate users. To enable authentication, IKE peers identify themselves using standard Identity Types: an IPv4 or IPv6 address, a hostname (Fully Qualified Domain Name, FQDN ), an email address (User FQDN) or an X.500 Distinguished Name (DN). IKE peers can use different ID Types; for example, user@mycorp.com (User FQDN) can tunnel into vpn.mycorp.com (FQDN).

To defeat ID spoofing, we require proof of claim using an IKE standard Authentication Method: a Pre-Shared Key (PSK), an RSA or DSS digital signature , or an encrypted public key . To use PSKs, the same secret value must be configured into both peers before they can authenticate each other. To use digital signatures, each peer must be issued a certificate by a Certificate Authority (CA) that the other trusts. To use encrypted public keys, each peer must generate its own RSA key pair, and then configure its public key into every IKE peer with whom it plans to communicate. IKE peers must use the same Authentication Method; for example, user@mycorp.com and vpn.mycorp.com might both use the shared PSK "opensesame." Or they might both use RSA signatures, each generated with the sender's own certificate.

Because these messages cross untrusted networks where eavesdropping may occur, IKE uses cryptography to protect credentials. For example, IKE PSKs are never transmitted; peers just exchange signed hashes that prove they known the same PSK. But the same cannot be said for IKE IDs. IKE operates in two modes: a 5-message Main Mode that prevents ID sniffing, or a 3-message Aggressive Mode that sends the initiator's ID "in the clear." Both Modes support any IKE standard ID Type and Authentication Method, with one exception: if Main Mode is used with PSK, the ID must be an IP address. This makes Main Mode/PSK impractical for remote access VPNs, because mobile users rarely connect from static IP addresses.

Facilitating remote access

The mutual authentication methods supported by IKE are a good fit for site-to-site VPNs, but IKE does not support asymmetric user authentication methods like passwords, challenge/response exchanges and two-factor tokens, which are commonly used for remote access. To overcome this, many vendors implement non-standard enhancements like Extended Authentication (XAUTH ).

XAUTH is an Internet Draft that supports asymmetric authentication by inserting a new message exchange after Main/Aggressive Mode (IKE Phase 1) and before IPsec parameter negotiation (IKE Phase 2). VPN gateways that use XAUTH can prompt remote users for a secondary login. If user login succeeds, IPsec setup continues; otherwise, setup is abandoned. XAUTH -- and an improvement called Hybrid -- are widely implemented by VPN concentrators and clients to enable user authentication with "legacy" credentials like Windows logins or SecurID tokens.

Although many vendors implement the same XAUTH draft, this extension was not approved as an Internet standard because it is vulnerable to man-in-the-middle attacks . In particular, using weak credentials to complete IKE Phase 1 makes it too easy for an attacker to masquerade as a VPN gateway, prompting other users for their credentials. To reduce this risk, the XAUTH draft strongly discourages using IKE with the same (group) PSK for all users. Unfortunately, many remote access VPNs are configured in precisely this manner! To learn more, consult the XAUTH draft and these references:

Another legacy user authentication option is to run the Layer 2 Tunneling Protocol (L2TP ) over IPsec. This approach was originally used by the VPN client built into Windows 2000/XP, and is now also supported by many other VPN vendors. L2TP authentication occurs after IPsec is completely established.

Selecting an authentication mode for your IPsec VPN

Given this collection of ID Types and standard/extended Authentication Methods, how can you make the best choices for your own VPN? There are many factors to consider, including the number and type of endpoints involved, existing credentials and authentication databases (if any), interoperability needs, corporate security policies, and risk tolerance.

PSKs are the easiest VPN credentials to generate -- and the easiest to compromise. PSKs, like passwords, are vulnerable to social engineering, and valid ID and PSK values are easy to share with those who should not have them. PSKs that are too short or simple are relatively easy to guess, and tools like ikecrack can automate this attack. Clearly, authenticating every user with the same PSK is a high-risk scenario. Authenticating a single gateway pair with a very long, random PSK known only to one admin presents less risk. If you must use PSKs, avoid disclosing associated IDs with Aggressive Mode.

Raw public keys are not hard to generate and configure into a small set of endpoints, like a site-to-site VPN of modest size. The security afforded by encrypted public keys is far stronger than PSKs, but this method doesn't scale well and can pose interoperability problems in multi-vendor VPNs. In fact, RFC 4109 downgraded this method from "SHOULD" to "MAY" implement due to its lack of deployment.

Digital signatures use certificates to bind a subject's identity to its public key, vouched for by a trusted CA. This strengthens security without requiring every endpoint to be configured with every other endpoint's public key. Instead, endpoints need only be configured with one CA's certificate. RSA signatures are widely supported by VPN products; DSS is less common. Digital signatures scale well in companies that already have a Public Key Infrastructure. However, companies without an established platform for issuing certificates -- especially to remote users -- may consider this method too costly. Some VPN products have a built-in CA (or offer an online CA service) to make certificate management easier.

Even companies that bite the bullet and issue certificates to VPN gateways can be reluctant to part with legacy user authentication. As we have explained, there are cases where XAUTH poses high risk and cannot be recommended. However, there are ways to reduce XAUTH's man-in-the-middle risk while leveraging the added value of two-factor user authentication. For example, use IKE Main Mode with Certificates, issuing unique certificates to each VPN gateway, and a group certificate to your users. Follow this with SecurID authentication to verify individual user identity. This combo deters VPN gateway spoofing and PSK cracking, without requiring per-user certificate management. L2TP-over-IPsec is another option, if supported by your VPN Gateway and all clients.

ID Type depends on endpoint type, IKE Mode and Authentication Mode. VPN gateways often use IP address or (for more flexibility) FQDN. VPN hosts often use User FQDN, except for Main Mode/PSK, which requires the initiator's IP address. Depending on the product, remote access VPNs with a group PSK may treat a range of IP addresses as one ID, or use a group ID (FQDN) in Aggressive Mode. X.500 DNs are typically used only with Digital Certificate authentication. Alternatively, an IP address, hostname or email address can be included in a certificate's altSubjectName attribute.

On the horizon: IKEv2

After completing the original IKE standard, the IETF began work on a major revision that was published as RFC 4306 in December 2005. This new standard, IKEv2 , is not interoperable with IKEv1. IKEv2 is a new, streamlined key management protocol for use with IPsec. IKEv2 supports similar-but-different peer authentication options, with built-in support for asymmetric user authentication through the Extensible Authentication Protocol (EAP). ICSA Labs is now accepting applications for VPN products that wish to be tested for IKEv2 certification. Any company kicking off a new IPsec VPN from scratch should take a close look at IKEv2 vendor support and deployment timeframe. Those with deployed VPNs should keep an eye on IKEv2 progress and consider the business benefits of future migration. In any case, consider your authentication options carefully to make best use of today's mature, widely-deployed IKEv1 products.

About the author
Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology. Lisa has been involved in the design, implementation and evaluation of data communications, internetworking, security and network management products for over 20 years. At Core Competence, she has advised large and small companies regarding security needs, product assessment and the use of emerging technologies and best practices. Before joining Core Competence, Lisa was a Member of Technical Staff at Bell Communications Research where she won a president's award for her work on ATM Network Management.

分享到:
评论

相关推荐

    基于VMWare的IPSec综合实验设计

    设计了两个更通用的 IPSec 身份认证实验:“基于证书”和“基于Kerberos 协议”。而基于虚拟机平台的实验具有更方便、更经济的优点。此外本实验还涉及到了 Windows 平台上各种安全设置,如活动目录、DNS 服务器、...

    IPsec和SSL介绍

    IPsec和SSL介绍 IPsec(Internet Protocol Security,互联网协议安全)是一种网络层安全协议,主要应用于IP包传输的安全。IPsec提供了两种安全机制:认证和加密。认证机制使IP通信的数据接收方能够确认数据发送方的...

    深信服2017IPSEC&WOC;高级认证A卷PASS卷.rar

    高级认证A卷PASS卷.rar"表明它包含的是2017年深信服IPSEC和WOC高级认证考试的A卷答案或参考资料。 IPSEC(Internet Protocol Security)是一种用于保护网络数据传输安全的协议标准,广泛应用于企业之间的远程访问和...

    SANGFOR_IPSEC认证培训(初级和高级)

    SANGFOR_IPSEC认证培训(初级和高级)里面的资料均是PPT,是介绍IPSEC的基础知识和使用方法,感兴趣的童鞋可以学习

    2017 IPSEC&WOC;渠道高级认证考卷_A卷.rar-63分

    深信服IPSEC-WOC高级考试认证A卷,全博客独一份,要的赶紧下手

    深信服IPSEC_WOC渠道初级认证A卷

    深信服IPSEC_WOC渠道初级认证A卷,76份过。

    自己抓的IPSEC的包

    3. **IPSec SA标识符**:找到并理解SPI(Security Parameter Index)和序列号,它们是每个IPSec包的关键标识。 4. **加密与解密**:学习如何使用抓取的数据包解密IPSec流量,这可能涉及理解所使用的加密算法(如AES,...

    wireshark1.12和IPSec详解

    IPSec则是一种用于保护网络数据传输安全的协议栈,它提供了加密和认证服务,通常用于建立虚拟私有网络(VPNs)。 描述中提到“内含低版本wirshark(1.12wendows server 2003可用)”,这意味着我们关注的是Wireshark...

    2017IPSEC&WOC;渠道高级认证考卷_B卷80分.pdf

    2017IPSEC&WOC;渠道高级认证考卷_B卷80分.pdf。65分及格。保证通过。深信服考试

    IPsec在Linux内核2.4和2.6中实现之分析和比较.pdf

    AH提供了数据完整性和源身份验证,而ESP则提供了数据加密和可选的认证功能。这两种协议可以单独或组合使用,形成SA束,以实现更复杂的安全需求。 在Linux内核2.4和2.6之间,主要的差异在于IPsec的集成程度、XFRM...

    ipsec等协议分析

    IPSec(Internet Protocol Security)是网络层安全协议的集合,用于在互联网上提供安全通信。...通过阅读这两个PDF文件,读者将能深入理解IPSec协议的各个方面,并具备在实际网络环境中部署和管理IPSec的能力。

    2017IPSEC&WOC渠道初级认证考卷_B卷76分

    2017IPSEC&WOC;渠道初级认证,有需要的可以根据实际情况参考

    2017IPSEC&WOC;渠道高级认证考卷_B卷80分

    描述中的“有需要的可以根据实际情况参考”意味着这份考卷可能包含了一些实际工作中会遇到的问题和解决方案,对于正在学习或准备IPSEC和WOC认证的人来说,是一个有价值的参考资料。 标签进一步明确了考卷的主题,...

    IPSec 协议 不是一个单独的协议

    IPSec的核心组件包括Authentication Header (AH)、Encapsulating Security Payload (ESP)、Internet Key Exchange (IKE)以及一系列的加密和认证算法。 AH协议主要负责数据源的认证和数据完整性,它通过添加一个包含...

    IPsec封包和拆包

    IPsec(Internet Protocol Security)作为网络通信安全的重要组成部分,旨在为互联网通信提供安全保障,包括数据的完整性和机密性。其中,传输模式是IPsec的两种操作模式之一(另一种为隧道模式),主要用于端对端的...

    思科IPsec 和华为IPsec 配置对照学习手册

    思科IPsec 和华为IPsec 配置对照学习手册

    IPSec基础教程-IPSec概述

    IPSec基础教程-IPSec概述 IPSec(Internet Protocol Security)是一种安全协议,旨在保护IP网络中的数据...十五、IPSec的优点:IPSec可以提供加密、身份验证、数据完整性检查等功能,保护数据在网络传输中的安全性。

    ipsec内核实现分析

    首先,IPsec协议的核心作用在于通过两种协议—认证头(AH)和封装安全载荷(ESP)—来实现IP数据包的封装,从而提供数据的完整性验证(AH)以及机密性保护(ESP)。本文主要关注ESP协议的实现。ESP协议号为50,其...

    IPSec入门指南.pdf

    IPSec的安全特性主要由AH(Authentication Header,认证头)和ESP(Encapsulating Security Payload,封装安全载荷)两个协议实现,辅以IKE(Internet Key Exchange,因特网密钥交换协议)进行密钥管理。 - **AH**...

    SANGFOR_IPSEC_2016年渠道初级认证培训05_第三方IPSEC对接互联配置.ppt

    SANGFOR_IPSEC_2016年渠道初级认证培训05_第三方IPSEC对接互联配置.ppt

Global site tag (gtag.js) - Google Analytics