ipsec 4

75 %
25 %
Information about ipsec 4

Published on April 8, 2008

Author: Vilfrid

Source: authorstream.com

IPv6 and IPsec Deployment Issues:  IPv6 and IPsec Deployment Issues Tomoaki KOBAYAKAWA <draft-kobayakawa-ipsec-ipv6-pnpipsec-reqts-00.txt> NTT Communications Corporation Nov. 2002 Objective of the presentation:  Objective of the presentation To talk about: Existence of IPv6 Market Concrete scenario to deploy IPv6 and IPsec Expectations for IPsec from IPv6 points of views Not a proposal of the solution or protocols We need a solution IPv6 is real already:  IPv6 is real already IPv6 deployment status (Especially in Japan), Several commercial ISPs have started real IPv6 commercial service to the public. Many electrical vendors have plans to ship out home network appliances, such as “home gateway,” which controls house-hold equipments via network. Microsoft Windows XP has already IPv6 stack. Many routers such as Cisco, Juniper and the others have already IPv6 implementations. Where IPv6 is chosen:  Where IPv6 is chosen Many Internet users believe to be satisfied with IPv4 For the present, most IPv4 users do not switch to IPv6 just for prevalent Internet applications Even those users will employ IPv6 for the areas in which IPv6 is the economically valid choice Peer to peer applications that require global IP addresses IPv6 global address is abundant (IPv4 global address is not, especially in Asia) Embedded devices that cannot be configured so much IPv6 Plug and Play technology makes devices almost configuration-less Scenario 1: Grand-ma in the country:  Scenario 1: Grand-ma in the country Camera and remote display, so called “Grand-ma in the country” application Peer to peer communication using global IP addresses Embedded devices without keyboard IPv6 Plug and play Confidentiality and authentication are required Grand-ma in the country can see her grand-child on TV (Authentication should be provided by ISP) IPv6 Network Plug and Play: Buy at shop and just plug it! Scenario 2: On-line game:  Scenario 2: On-line game On-line games without center servers Most on-line games need center servers On-line games can be center-server-less with the following functions: Global IP addresses for end game machines Authentication and logging for billing controlled by game software providers Game machines are directly connected with IPv6 global addresses Direct connections are controlled by ISP or software vendors IPv6 Network, which enables end-to-end communications + Strong control by software vendor Scenario 3: Open/lock the door from outside:  Scenario 3: Open/lock the door from outside Control small sensors/actuators connected via IPv6 network such as: Scattered sensors, Actuators, House hold appliances, Weather observation sensors Confidentiality and strong authentication Configuration-less (For example, buy 1,000 sensors, then scatter them on your farm without user configuration) Check the door-lock status of your house from outside, and lock the key if unlocked Direct connections are authenticated by ISP IPv6 Network + Strong authentication Another IPv6 employment reasoning:  Another IPv6 employment reasoning IPv6 myth: “IPv6 is secured by IPsec” IPsec is IPv4/v6 independent Many enterprise users still believe this phrase and have asked us to provide our IPv6 services Two options to cope with the myth: Educate users; we lose potential customers… To make the myth true, can we provide ubiquitous encryption for general IPv6 communication? We hope …:  We hope … (Virtually) Zero configuration for end-users Security Policy should be maintained by an external Trusted Third Party Most embedded devices cannot have elaborated security policies Credentials should be installed not by end users but by factories Ubiquitous encryption without user configuration, if possible, actualize the IPv6 IPsec myth Adaptation to “IPv6 Plug and Play” feature Automatically generated ephemeral IPv6 addresses should be handled properly PKI avoidance PKI availability should not be mandated Conclusion:  Conclusion Need a kind of Plug and Play IPsec for IPv6 peer-to-peer applications Configuration-less IPsec application to every IPv6 communication Optional full-range security features Disuse of PKI External security policy management The architecture hope to be developed using the core of IKE of its successor So, give us, commercial IPv6 players, a solution.

Add a comment

Related presentations

Related pages

IPsec – Wikipedia

IPsec (Kurzform für Internet Protocol Security) ist eine Protokoll-Suite, die eine gesicherte Kommunikation über potentiell unsichere IP-Netze wie das ...
Read more

IPsec - TCP/IP,Trojaner und Sicherheit

Das IPsec-Protokoll: ESP, AH, IKE, Transport-Modus, Tunneling etc. ... für das "alte" IP-Protokoll (Version 4) verfügbar. Mit IPsec existiert nun ein ...
Read more

ipsec(4) Mac OS X Manual Page - Apple Developer

IPSEC(4) BSD Kernel Interfaces Manual IPSEC(4) NAME ipsec-- IP security protocol SYNOPSIS #include #include Read more

ASA 8.4 IPsec VPN - what's new | VPN | Cisco Support ...

Introduction: As many of you are aware ASA 8.4 has been released recently. It contains many long awaited features, among them many changes/improvements to ...
Read more

IPsec - Wikipedia, the free encyclopedia

IPsec; more... Link layer; ARP; NDP; OSPF; Tunnels. L2TP; PPP; MAC. Ethernet; DSL; ... an AH value of 4 equals 3×(32-bit fixed-length AH fields) + 3×(32 ...
Read more

Cisco-RVL200-SSL/IPsec-VPN-Router mit 4 Ports Cisco-Router ...

Cisco-RVL200-SSL/IPsec-VPN-Router mit 4 Ports Cisco-Router für kleine Unternehmen Sicherer Remote-Zugriff für kleine Niederlassungen Highlights
Read more

UTM-Support-Downloads - Security Made Simple for Business ...

4.301-10.1: SUM-4.301-10.1. Download. md5: 4.300-4 ... Ein leistungsfähiger Client mit zahlreichen Funktionen für IPsec-basierten Remotezugriff von PCs ...
Read more

iPhone 4 - IPSec VPN | VPN | Cisco Support Community ...

Hello, I am trying to connect to our environment through Cisco Remote Access IPSec VPN from iPhone 4. Below are the versions. iPhone OS : 4.2.1. Cisco VPN ...
Read more

4. IPSec konfigurieren - Linux VPN HOWTO: Konfigurieren

In der Datei /etc/ipsec.conf erfolgt eine Basiskonfiguration (Abschnitt config setup) und die Definitionen der einzelnen VPN-Verbindungen (Abschnitte conn ...
Read more

An Introduction to IP Security (IPSec) Encryption - Cisco

An Introduction to IP Security (IPSec) Encryption. Download. Print. Download Options. ... In this case, policies 1, 2, and 4 are used, in addition to the ...
Read more