session_09_vpn__ipsec__and_tls_101908

Eg outlook web access lotus inotes internal

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: er users log off. o User passwords are stored by the browser. o Sensitive data, such as browser cache entries, URL entries, cookies, and any historical information created during the session, may remain on public computers after users complete their SSL VPN sessions. o Downloaded files are stored in the public computer’s temporary folder. o Users forget to logout. o Next public computer user may have access to applications. o Worms and viruses may be transferred from the public computers to the corporate internal network. 50 VPN, IPSec and TLS IPsec and TLS: Complementary Solutions Ideal Overkill / Complex SSL Solutions Appropriate Comments IP Sec Telecommuter Inappropriate IPsec provides secure access to all network resources and applications. SSL requires legacy applications to be first ‘translated’ into HTTP or will give access to SSL-enabled apps only. Eg. Employee working from Home Office Site-to-Site VPN IPsec provides a secure tunnel between permanent locations Eg. Remote branch office requires connectivity to corporate WAN Remote Webmail SSL allows secure access from any web browser. Eg. Outlook Web Access, Lotus iNotes Internal Application Security SSL provides application layer security within VPNs Eg. HR Self-service Partner Extranet SSL doesn’t require installation of software on partner’s equipment but no control on workstation security IPsec might require firewall reconfiguration – need to police access but closer control on workstation security Eg. Supplier access to inventory system Web Application Portals SSL is simplest choice for native web apps. IPsec is overkill Eg. iPlanet, web-enabled enterprise apps, custom web apps. VOIP security VOIP can’t be carried by SSL IPsec is the solution for VOIP encryption Eg. Either site-to-site or telecommuter VOIP security. Wireless LAN security IPsec provides secure access to all network resources and applications. SSL requires legacy applications to be first ‘translated’ into HTTP or will give access to web apps only Eg. Securing WLAN access to the network by using stronger authentication and encryption. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 51 51 VPN, IPSec and TLS To Probe Further • Atkinson, R. (1995). IP Encapsulating Security Payload (ESP). RFC 1827. • Gleeson B., Lin A., Heinanen J, Armitage G., Malis A. (2000). A Framework for IP Based Virtual Private Networks. RFC 2764. • C. Kaufman, Ed. (2005). The Internet Key Exchange (IKEv2). RFC 4306. • Kent, S., Seo K. (2005). Security Architecture for the Internet Protocol. RFC 4301. • Kent, S. (2005). IP Authentication Header. RFC 4302. • Kent, S. (2005). IP Encapsulating Security Payload (ESP). RFC 4303. • Madson, C., Glenn, R. (1998). The Use of HMAC-SHA-1-96 within ESP and AH. RFC 2404. • Orman, H. (1998). The OAKLEY Key Determination Protocol. RFC 2412. VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 52 52 VPN, IPSec and TLS To Probe Further • Blake-Wilson, S., Nystrom, M., Hopwood, D., Mikkelsen, J., & Wright, T. (2006). Transport Layer Security (TLS) Extensions. RFC 4366, IETF. http://www.ietf.org/rfc/rfc4366.txt?number=4366 • Dierks, T., Rescorla, E. (2006). 4346 The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346, IETF. http://www.ietf.org/rfc/rfc4346.txt?number=4346 • Freier, A., Karlton, P., & Kocher, P. The SSL Protocol Version 3.0. Internet-Draft, November 1996. • Santesson, S. (2006). TLS Handshake Message for Supplemental Data. RFC 4680, IETF. http://www.ietf.org/rfc/rfc4680.txt?number=4680 • Santesson, S., Medvinsky, A., & Ball, J. (2006). TLS User Mapping Extension. RFC 4681, IETF. http://www.ietf.org/rfc/rfc4681.txt?number=4681 VPN IPsec IKE v2 TLS M. Mogollon – 01/08 - 53 53...
View Full Document

This note was uploaded on 05/26/2010 for the course TECH 6350 taught by Professor Mogollon during the Spring '10 term at University of Arkansas for Medical Sciences.

Ask a homework question - tutors are online