A 2004 Sun BluePrintsTM Online PDF entitled "IPsec - A Secure Deployment Option" provides an overview of IP Security or IPsec, and how it is used to secure IP traffic between two systems. Written by Regunathan Rajaiah with SunSM Software Services, this 17-paged article explores IPsec as just one aspect of a total information security system.
Rajaiah begins by explaining the role IPsec plays in multitiered deployments to effectively provide confidentiality and integrity through its interoperable, cryptography-based security. "This solution is applicable across a wide range of products from different vendors. IPsec operates at the network layer, so it is transparent to application. IPsec performs the encryption and decryption using the configured cryptographic algorithms and keys."
In dealing with multitiered deployments, Rajaiah touches on encapsulating security payload, authentication header, security association, security policy database and internet key exchange.
The article continues by addressing the trade-offs incurred between security and performance. Secure Sockets Layer (SSL) and hardware crypto-accelerators are mentioned.
Rajaiah then offers a deployment example using "an iPlanet Web proxy server that is deployed outside the internal firewall. The proxy server uses an iPlanet LDAP server to authenticate users. The user ID and password information are transmitted without encryption. Therefore, someone inside the enterprise could snoop the traffic for passwords. In addition, the version of the proxy server cannot communicate over SSL to LDAP.
"A servlet or JavaServer PagesTM (JSPTM) software is deployed on a web container using JavaTM Database Connectivity (JDCTM) software to communicate to an RDBMS server on a different machine. The traffic between the web container box and the RDBMS server box needs to be secure."
The rest of the article follows through with this IPsec deployment scenario with the necessary steps, sample entries and results. Rajaiah recommends that readers seriously examine IPsec as a provider of application-transparent security. "As more and more security breaches occur from within the enterprise, IPsec offers valuable encryption that could minimize security risks. IPsec encryption and authentication are standards-based and implemented in multiple operating systems."
To read this complete Sun BluePrints Online article, visit:
Read More ...