Linux Today: Linux News On Internet Time.

More on LinuxToday

Security Portal: IPSec - We've Got a Ways To Go (Part II)

Jul 26, 2000, 08:59 (0 Talkback[s])
(Other stories by Kurt Seifried)

"Last week I covered some concerns with IPSec that most people seem unaware of. This week I'll be covering several of the more popular/advanced IPSec solutions, their shortcomings and their strengths. Obviously, for IPSec to become commonplace, the various implementations need to be compatible. Of course, the problem is that there is compatibility and there is "compatibility." Most implementations have at least adhered to the basic IPSec standards, such as protocols, service types and so on. Many, however, have added extensions, not all of which are compatible with others."

"The most common extensions are in the authentication and management areas of IPSec. There are three basic methods you can use to authenticate IPSec connections, the first being a pre-shared secret."

"A pre-shared secret may be in the form of a long alpha-numeric string, a username and password, or even a token-based system such as SecureID. The problem with this is, you must configure authentication in advance and both parties must be able to communicate securely to share the information. This solution is fine for inter-company VPNs, laptop users and so on. However, it does not scale (you need a secure channel beforehand to establish the shared credentials, which are later used as proof of ID)."

Complete Story

Related Stories: