[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and Network Analysis

To: gary flynn <gary@habanero.jmu.edu>
Subject: Re: IPSEC and Network Analysis
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Tue, 03 Jun 1997 14:21:46 -0400
Cc: ipsec@tis.com
In-Reply-To: gary's message of Tue, 03 Jun 1997 13:28:54 -0400. <199706031752.NAA04904@relay.rv.tis.com>
Sender: owner-ipsec@ex.tis.com

> How easy will it be to turn the encryption off when
> necessary for troubleshooting? 

Hopefully, very difficult, since the encryption is presumably in use
for a reason; turning it off would presumably open up security
vulnerabilities for whatever applications are in use..

> Will IPSEC render all 
> the management and monitoring tools like RMON probes 
> useless?

Not completely; RMON probes will still be useful for traffic
analysis.. :-)

> I'd guess that this is highly implementation specific but 
> was curious if anyone has thought about this. 

Probably the right way to approach this from a security perspective
will be to build RMON-like functionality into end systems.. when a
party authorized by the end system's administrator requests it, send a
copy of decrypted traffic to the monitoring station -- hopefully via
some sort of encrypted channel to the monitoring station so that the
traffic is never sent on the wire in the clear..

					- Bill

References:

IPSEC and Network Analysis

From: gary flynn <gary@habanero.jmu.edu>

Prev by Date: Re: IPSEC and Network Analysis
Next by Date: Re: New draft -- IPSEC AH
Prev by thread: Re: IPSEC and Network Analysis
Next by thread: Re: IPSEC and Network Analysis
Index(es):
- Main
- Thread