IPSEC refers to IP Security Options as defined by RFC 1825-1829.
The intent of IPSEC is to provide end to end (host to host) integrity,
confidentiality, and authentication at the IP packet level.
When IPSEC is implemented, it will help prevent such threats as password
snooping, session hijacking etc. But keep in mind that IPSEC is not the
end all for all things.
The weakness I see in IPSEC are...
1. Key Management. Until there is a secure, public means to publish
your public key, there is no guarentee that the host you connect to
is the real thing, or someone with a stolen key. Until the revised
proposal for DNS becomes a reality, (wish them luck too...) Key transfer
will have no more 'trust' then the machine your connecting too.
2. Lack of Access Control List/Security Labels. There is nothing in the
protocol to determine if the connection is allowed access to the
service/host/network in question. This is still the realm of applications,
On Wed, 24 Jan 1996, KM wrote:
> Please explain what the IPSEC is.
>
> Or could you possibly mean *ITSEC*?
>
> Karen Goertzel
> Manager, International Programmes and Special Projects
> Secure Systems and Services Operation
> Wang Federal, Inc.
> 7900 Westpark Drive - MS 700
> McLean, Virginia 22102-4299
> TEL: 703-827 3914
> FAX: 703-827 3161
> goertzek @
wangfed .
com
> http://www.wangfed.com
Personal Opinions provided by
Leonard Miyata
aka leonard @
geminisecure .
com
Gemini Computers Inc.
Company Web page http://www.geminisecure.com
|
|
