Understanding IPSec - Page 2

Printer Friendly Version

Limitations of IPSec
Though IPSec is the most ubiquitous, and probably the best existing framework for the implementation of VPNs, there are certain limitations associated with it. When implemented in transport mode, IPSec is susceptible to replay attacks. Due to limitations of ISAKMP, Neils and Schneier have suggested that it is likely that IPSec is also susceptible to man-in-the-middle attacks.

IPSec session hijacking can occur when an authenticating header is not used. In this type of attack, malicious data can be insert into the payload, say an rm -r command (on a Unix system) that would remove every file on the recipient filesystem.

Because IPSec traffic is routable, IPSec implementations may also be susceptible to source routing exploits, depending on security safeguards (or lack thereof) that have been put in place on the routers over which it travels. When used in tunnel mode, IPSec is not as vulnerable to routing exploits since the routing information is encrypted.

Steve Bellovin of AT&T Research has pointed out that many of the weaknesses of IPSec are inherent to the limitations of the encryption modes used in the implementation (*1). One can conclude that if the embedded encryption modes used in the IPSec framework were stronger, IPSec would be more secure.

Though IPSec is currently not part of IPv4, it is part of IPv6. The good news is that some of the weaknesses in IPSec have been corrected in IPv6. In IPv4, fragmentation fields in the IP header are allowed to change. In IPv4, when IPSec is used in transport mode, a hacker could potentially intercept a packet, change the fragmentation field introducing malicious data, and then insert the packet back into the data stream. In IPv6, intermediate routers are not supposed to allow packet fragmentation.

IPSec Technology Challengers
For many products that could use IPSec, some of them instead use an alternative encryption technology known as Secure Sockets Layer (SSL). The difference between SSL and IPSec is that IPSec works at the network layer, and secures entire networks, and SSL works at the application layer, and secures applications. IPSec and SSL are both used to provide confidentiality of data, and authentication, but they achieve these goals in significantly different ways.

SSL was originally designed by Netscape to secure (HTTP) traffic passing through web browsers and is a session layer protocol. Unlike IPSec, SSL is based on a client/server model and is typically used for host-to-host secure transport. Because IPSec works at the network layer, it can be used to secure subnet-to-subnet, network-to-network, or network-to-host communications. This means that IPSec traffic can be routed, while SSL traffic cannot.

While many people see SSL as a technology competitor to IPSec, this view is not entirely accurate. In most cases, IPSec and SSL are used to solve different types of problems. Also, while IPSec based connections require a substantial amount of planning and implementation time, SSL implementations are relatively quick to use, and sometimes require no planning at all, depending on what browser someone might be using and how it is currently configured.

Go to page: 1  2  3