Whitepaper: a closer look on what goes on behind the scene during the setup of a IPSec remote access VPN

[Christopher Lee <complexity () bigfoot com>]

To the member of the Firewall-Wizards list,

Throughout this Christmas/New Year holidays, I finished reading a few InfoSec 
related books and I find myself ending up with more questions than answers.  I 
mean, how does the two phase IPSec key exchange really works (packet by packet, 
that is)...  I mean, how does IPSec guard against replaying attack, or more 
fundamentally, how do I know if my login credentials are safe when the firewall 
is doing an Aggressive Mode key exchange (no encryption takes place during an 
aggressive mode key exchange)??

So I then do my own research, base only on documents on the IETF websites (a 
reliable source, I supposed) and the result of my own sniffer trace of a IPSec 
remote access VPN session, and come up with this little white paper on what 
goes on behind the scene during a IPSec VPN setup.  I figure, the best way to 
make sure I understands a technologies correctly is to post my finding on the 
web and invite others to critique and comment upon.

While the example in this white paper is that of a CheckPoint VPN, but its 
principle should conver IPSec VPN in general.  Please take a look at this paper 
when you get a chance and do drop me a line (and tell me how wrong I am about 
the subject).  :-)

This white paper is posted on 
http://complexity.webhop.net/closer_look_at_IPSec.html

Regards,

Christopher Lee
PGP Fingerprint: 15C1 65D0 E051 C64D 5246  89FC 5AE3 DE2C 8F1E 89A7
Personal Web Page: http://complexity.webhop.net





-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards