[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: new to VPN

To: jshukla@trlokom.com
Subject: RE: new to VPN
From: Paul Koning <ni1d@arrl.net>
Date: Fri, 31 Jan 2003 15:17:58 -0500
Cc: kent@bbn.com, ipsec@lists.tislabs.com
References: <p05111a03ba5ef11c6660@[128.33.238.190]><00f201c2c94e$b97f6080$5803a8c0@trlhpc1>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Jayant" == Jayant Shukla <jshukla@trlokom.com> writes:
 >> In contrast, an IPsec implementation operating in a constrained
 >> environment with a minimal OS, perhaps just a scheduler, is less
 >> vulnerable in general.

 Jayant> Ok, no services and a limited OS! That's good, but what makes
 Jayant> you think the limited OS will not have any vulnerabilities?
 Jayant> Is there a size below which an OS ceases to have any
 Jayant> vulnerability?

 Jayant> This box with limited OS that you describe must be very
 Jayant> difficult to use! How do you configure/update/manage these
 Jayant> boxes in a VPN with say 50 sites?

There's a very large difference between a general purpose OS like
Windows or Unix, and an embedded system OS.  Large, as in several
orders of magnitude.

That doesn't translate into "difficult to use".  Ease of use doesn't
come from millions of bells and whistles, it comes from having a well
crafted set of services that matches the requirements of the
applications running on the system.  A dedicated VPN gateway requires
only a very small set of OS services.

In an earlier life, I was involved in building a pretty successful VPN
product.  It got very good reviews for ease of management, and in
particular did very well for large VPNs (50+ sites).  The OS in that
box is perhaps a few thousand lines -- a classic RTOS kernel.

Perhaps you need to spend some time studying how embedded systems are
built.

 >> Also, if one uses hardware to generate keys and if one keeps the
 >> keys inside the hardware (consistent with FIPS 140-1/2 level 3
 >> design criteria) the keys will be very well protected, something
 >> that we simply cannot do in software.
 >> 

 Jayant> There is a lot more to practical security than FIPS level
 Jayant> 3. Maybe your box is fine, but a Trojan can have a field day
 Jayant> with the computers behind your box.

 Jayant> Another point about gateway based security is that your data
 Jayant> is not secure over the local network, and is vulnerable to
 Jayant> internal attacks.  According to an FBI survey, over 80% of
 Jayant> the attacks come from inside?

 Jayant> The bottom line is that making a sweeping claim that hardware
 Jayant> is more secure is misleading.

That's a silly argument.  The subject of the discussion is VPN
devices.  Of course it's true that a VPN is not a complete security
solution.  That isn't the question.  The question is: given that you
use a VPN as a piece of your security solution, how do you compare the
different implementation approaches to building an IPsec VPN device?

To answer that question, you have to compare the various ways to build
that box.  Yes, you can put it in your PC.  FreeS/WAN is a good way to
do that...  You can also put it in a dedicated device.  If you do, you
have opportunity to make it more secure.  (You can also mess up and
make it less secure, of course; that's what design discipline is for.)

FIPS is mostly concerned with physical attack, i.e., what can you do
if you can get your hands on the box.  With a PC, you're lost as soon
as that happens, because PCs have no physical security.  With suitable
dedicated hardware, you can provide much better protection than that.
If you trust the locks and the people who have keys for those locks,
then this may not matter.  

     paul

Prev by Date: [AVT] I-D ACTION:draft-vilhuber-hcoesp-00.txt (fwd)
Next by Date: RE: Modefg considered harmful
Prev by thread: RE: new to VPN
Next by thread: [AVT] I-D ACTION:draft-vilhuber-hcoesp-00.txt (fwd)
Index(es):
- Date
- Thread