June 1999
Securing IP Networks
BY TONY RYBCZYNSKI
The Web has changed everything - including enterprise security requirements. While the
Web presents immense business opportunities (e-commerce, Internet-enabled call centers,
extranet, and remote access VPNs), it also poses significant challenges with respect to
security. For the enterprise, these opportunities and challenges are inextricably linked.
The Internet's success is based on its openness and the fact that anyone can connect to
it. And yet the Internet's very openness is what raises many security concerns when the
enterprise instigates Internet-based activities.
LEVELS OF SECURITY
For the purposes of our discussion, it is convenient to distinguish between two levels of
security. The first is called application-level security.
Application-Level Security
Implemented first with mainframes and then with servers, application-level security has
been around enterprise for years. Dial access to enterprise networks has been controlled
through user ID/password mechanisms. With few exceptions (for example, the military and
the CIA), the security of physical and virtual private lines has been considered adequate
for inter-site enterprise networks. However, connecting the enterprise to the Internet has
changed all that.
Network-Level Security
There are many options available ranging from router enhancements, firewalls, and a
plethora of specialized products that provide network-level security. However, before
investing in these products, every enterprise is well advised to develop a security
policy.
Like many things, the effectiveness of any security strategy is only as good as its
weakest link. Therefore, a security policy needs to be a single unified policy defining
ownership of the strategy and responsibilities for its execution and enforcement. It must
define review cycles since security needs evolve with the business, the scope of what
needs to be protected, and the risks associated with breeches in security.
Lots of people make money by taking risk. Network-based security enables enterprises to
take business risk in riding the Internet wave. It also provides infrastructures on which
application level security can be added for specialized needs. For example, a PIN code can
be used from an ATM, a telephone, or a PC for accessing bank account information.
Network-based security is required when using the Internet to provide the same level of
security (or better) as when using circuit-switched or private line facilities.
STANDARDS
The future of network-based security lies in the IPSec family of standards, which is being
introduced on three generic platforms: as hardware and software enhancements to routers
and routing switches, as specialized devices such as extranet switches, and as software
applications on general-purpose computer platforms.
All of these enhancements, devices, and applications will be increasingly integrated
into policy management systems. Policy management is an implementation of a set of rules
or policies which dictate the access and use of resources on a per user, application, or
company basis, focusing on providing end-to-end QoS (bandwidth, latency, priority) and
security (authentication, authorization, auditing, privacy).
There is one other important standard called the Layer 2 Tunneling Protocol (L2TP),
which is particularly relevant to VPNs. Unlike IPSec which secures IP traffic directly at
layer 3, L2TP focuses on transporting (tunneling) Layer 2 frames and encapsulating them in
a Layer 3 IP packet.
L2TP is the result of merging two previous schemes, namely Point-to-Point Tunneling
Protocol (PPTP) and Level 2 Forwarding (L2F). PPTP provided confidentiality through
encryption and compression, but didn't address packet authentication and packet integrity.
L2F provided authentication, but no encryption and had to be implemented at the network
edge. The intent behind L2TP is to take the best of both L2TP and L2F, providing leased
line levels of security for Internet-based VPNs.
L2TP uses IPSec for encryption of the entire tunnel. A key attribute is that the L2TP
tunnel can be terminated either at the network edge or in the client PC. 3. The advantage
of Layer 2 (versus Layer 3) is that it provides end-to-end compression and encryption for
a range of protocols (not just IP as in the case of IPSec) and is well suited to carrier
networks.
WHY IPSec IS THE FUTURE OF INTERNET SECURITY
IPSec, an architecture that provides interoperable, high quality, cryptographically based
security, provides a framework for security at the network level (see the sidebar entitled
Elements Of A Network-Based Security System). In addition, IPSec specifies how the
framework's elements - authentication, access control, confientiality, integrity,
non-repudiation, and auditing - can be employed in the IP environment.
The IPsec architecture consists of two key security protocols, namely the
Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols. It defines
the concept of Security Associations (SAs), and what they are, how they work, and how they
are managed using the Internet Key Exchange (IKE) protocol. (Incidentally, cryptographic
keys are needed for the various authentication and encryption algorithms that can be
chosen to provide for authentication/integrity and encryption used by IPsec and other
security protocols.)
IPsec is intended to leverage the expected continued development of security standards.
It allows a system to select and negotiate from a range of security protocols, algorithms
and cryptographic keys. IPsec allows a high degree of policy granularity, allowing, for
example, the user to create a single encrypted tunnel to carry all the traffic between two
points, or to create a separate encrypted tunnel for each TCP connection.
The IP Authentication Header (AH) provides integrity and user authentication. The
Encapsulating Security Payload (ESP) protocol additionally provides confidentiality. Both
AH and ESP are vehicles for access control, based on the use of cryptographic keys and the
management of traffic flows relative to these security protocols. AH is used when
confidentiality is not required or is not permitted due to government restrictions on use
of encryption. Each protocol supports two types of 'Security Associations', which are
simplex connections that provide security services to the traffic carried by it:
- transport mode providing protection primarily for upper layer protocols;
- tunnel mode providing protection for tunneled IP packets (including upper layer
protocols
ENTERPRISE SECURITY OPTIONS
The choice of which devices an enterprise should use to implement its security
infrastructure depends on the needs of the enterprise. These may be driven by
telecommuting applications, roadwarrior remote access, or the need for secure extranets to
partners and suppliers.
Firewalls
Originally implemented as simple filters on a router, firewalls were the "perimeter
security" response to threats when connecting to the Internet. They now operate
through extensive packet filtering at the IP layer, work independently of the application,
and generally offer high performance and scalability. They sit between the intranet and
Internet, and can reside on UNIX/NT platforms, can be integrated into routers or can be
designed into specialized hardware platforms.
Application Gateways
Devices representing the next development, application gateways, generally reside on
UNIX/NT platforms, are application aware (including the tracking of the state of the
application), are highly secure but exhibit relatively poor performance.
Stateful Inspection Firewalls
Currently dominating the market, stateful inspection firewalls are a hybrid of the two
approaches, combining the efficiencies of the network layer filter, with the application
awareness of the application gateway.
Extranet Switches
Extranet switches are an example of highly specialized devices that support thousands of
tunneled connections across the Internet, combining VPN, authentication, firewall, profile
based access and IPsec client functionality.
CONCLUSION
In addressing their security needs, enterprises should define their business objectives,
assessing the risks of security breeches. Some of the newer security needs are already
becoming familiar. For example, employee remote access over the Internet (the first
application for tunneling that has taken off) has raised security concerns; however, it
has also provided incentive to address these concerns, since this application provides
cost savings in long-distance dial-up charges.
Other tunneling applications will raise the stakes even further. For example, tunneling
to create extranets for secure connection to business partners, and to remote offices, is
already generating interest.
Driven by these applications, enterprises need to define a standards-based architecture
that meets their needs and establish access controls and enforcement mechanisms
commensurate with risk. In implementing a security infrastructure, users shouldn't
overlook low-tech approaches, including clearly defining security responsibilities across
the organization, documenting the strategy and processes, training employees, and
periodically reviewing the strategy. One size definitely doesn't fit all.
Tony Rybczynski is director of strategic marketing and technologies for Nortel
Networks' Enterprise Solutions. This business unit offers a full range of enterprise
terminal, workgroup, campus, and wide-area unified networks and applications, through
direct and indirect channels. For more information, visit the company's Web site at www.nortelnetworks.com. E-mail questions or
comments to the author at tonyryb@nortelnetworks.com.
|
TMCnet LOGIN
Webinars
