EasyVPN: IPsec Remote Access Made Easy
نویسندگان
چکیده
Telecommuting and access over a Wireless LAN require strong security at the network level. Although IPsec is well-suited for this task, it is difficult to configure and operate a large number of clients. To address this problem, we leverage the almost universal deployment and use of web browsers capable of SSL/TLS connections to web servers and the familiarity of users with such an interface. We use this mechanism to create configurations and certificates that will be downloaded to the user’s machine and be used by a program to perform all configuration on the user’s system. Our system builds on common security protocols and standards such as IKE, X.509, and SSL/TLS to provide users with a secure-access environment that “just works.” One of the main goals of the system is ease of use both for the users and the system administrators that maintain the infrastructure. We describe our implementation that uses Linux FreeS/WAN and Windows to show the practicality of the approach.
منابع مشابه
Securing Block Storage Protocols over IP: RFC 3723 Requirements Update for IPsec v3
RFC 3723 specifies IPsec requirements for block storage protocols over IP (e.g., Internet Small Computer System Interface (iSCSI)) based on IPsec v2 (RFC 2401 and related RFCs); those requirements have subsequently been applied to remote direct data placement protocols, e.g., the Remote Direct Memory Access Protocol (RDMAP). This document updates RFC 3723’s IPsec requirements to IPsec v3 (RFC 4...
متن کاملDynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode
This memo explores the requirements for host configuration in IPsec tunnel mode, and describes how the Dynamic Host Configuration Protocol (DHCPv4) may be leveraged for configuration. In many remote access scenarios, a mechanism for making the remote host appear to be present on the local corporate network is quite useful. This may be accomplished by assigning the host a "virtual" address from ...
متن کاملLeveraging IPSec for Mandatory Access Control of Linux Network Communications
We present an implementation of mandatory access control for Linux network communications that restricts socket access to labelled IPSec security associations. The Linux Security Modules (LSM) framework defines a reference monitor interface that enables security modules (e.g., SELinux) to enforce comprehensive mandatory access control (MAC) for Linux version 2.6. The current LSM control over ne...
متن کاملPerformance Improvement of an Iscsi-based Secure Storage Access
iSCSI protocol, used in building IP-based storage networks, is becoming more important because it realizes consolidation of storage at low cost, since security is a critical issue for the iSCSI protocol, on which remote storage is accessed over the IP networks. iSCSI can employ IPsec, which offers strong encryption. However, IPsec encryption processing degrades the performance of storage access...
متن کاملRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
A Virtual Private Network (VPN) can be defined as a way to provide secure communication between members of a group through use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures. This work examines and empirically evaluates the remote access VPNs, namely Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling P...
متن کامل