[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remote access from ubiquitous IPSec hosts
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Vipul" == Vipul Gupta <vgupta@nobel.Eng.Sun.COM> writes:
Vipul> portable card about the size of a thumbprint). Assuming
Vipul> that appropriate administrative agreements are in place, users
Vipul> can roam between countries without even having to carry their
Vipul> personal device (phone).
Grumble. Users *CAN'T* take their phone sets because there are three sets
of frequencies assigned in the world: North America (1900Mhz), Europe
(900Mhz, and 1800Mhz) and Asia (parts are 1800Mhz, parts are 1980Mhz or
something)
Vipul> It would be really cool if mechanisms developed by the IPSec/IPSecond
Vipul> working group would allow a mobile corporate employee to walk up to
Vipul> one of these "identity-less" hosts and securely access network
Vipul> resources on his/her company's intranet (let's put aside device trust
Vipul> issues for a while ... more on those a little later).
Sure. Do you know the hack that was done with the ATMs (Automatic teller
machine, not Accoustic Transmission Media)?
There were two hacks:
1. someone put up a totally phony ATM. It just collected their
card number, PIN and then reported that it had network troubles.
It had no connection to any banking network.
2. someone put up an ATM in front of another ATM. They then
did a man-in-the-middle attack.
So, unless you carry your IPsec code in your smart card, you will be
supsectible to this kind of "Radar O'Reilly" attack.
Vipul> The current XAUTH proposal assumes that mutual authentication
Vipul> in Phase I can be accomplished without any user-specific input.
No, it assume that a *level* of mutual authentication can be accomplished
without any user-specific input. The level can be *increased* via XAUTH.
Vipul> However, the ability to support IPSec-based remote access from
Vipul> identity-less hosts is certainly worth preserving IMHO.
I think it is a waste of time given the cost and power of PDAs, notebooks,
and GSM phones. (My Nokia dual mode phone has games, a calculator, a
calendar, and I can get a digital interface to connect it to a pilot, which
has TCP/IP and even SSH.)
Vipul> Some of you might be thinking: Is it really wise to trust such
Vipul> identity-less hosts for remote access? Isn't it possible for the host
Vipul> to intercept sensitive information? These are valid concerns but
Vipul> not unique to this scenario. Even if you carry your own device,
Vipul> how do you know that the IPSec stack is trustworthy (most OS vendors
Vipul> don't offer code in source form). Similar device trust issues
In your public access terminal case I have to truyst the vendor, and *ALSO*
every single person who has used it before me, all the system administration
people who took care of it, the security guards who watched it and the people
who dusted the fingerprints off the screen!
:!mcr!: | Network and security consulting/contract programming
Michael Richardson | Firewalls, TCP/IP and Unix administration
Personal: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
Corporate: <A HREF="http://www.sandelman.ottawa.on.ca/SSW/">sales@sandelman.ottawa.on.ca</A>.
ON HUMILITY: To err is human, to moo bovine.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBNb+DPdiXVu0RiA21AQFu8wL/bgBbEemLduMQ0woEaV0Zv12ppxZEdYz9
XnzMePLUGJhKje3ls+LZfFQ1AgrjLIYcpHhRLdXkbf3OK5e6itSKhryQnYZa2Gaw
OkO/EoYRD25V2NNIOIVwJ0Y8/0O+uSB2
=Xzha
-----END PGP SIGNATURE-----
Follow-Ups:
References: