Chapter 14 - Encrypting network traffic (Virtual Private Networks) with IPSec


By Kurt Seifried, [email protected], Copyright Kurt Seifried

With sensitive data moving across public networks some form of encryption is needed to protect the data, provide authentication, and prevent spoofing/etc. The emerging standard for this problem is IPSec (IP Security), which has broad industry support and a recognized set of RFC's laying down the rules. Unfortunately one of the major areas of IPSec is key management, and this is one area where many vendors have trouble interoperating, so if you are considering a hetrogenous network do plenty of testing beforehand. The good news is most vendors support IPSec, many "out of the box", and there are numerous free to cheap clients for Windows 95/98/NT (2000 has built in support).

The first decision needed when implementing IPSec is to decide what traffic you want to encrypt. Will you simply be using IPSec to connect various LAN's across the Internet securely (gateway to gateway), will dial-up and other remote users be connecting into the corporate LAN (client to gateway), or will all traffic be encrypted (client to client)? For servers and gateways you should definately consider buying hardware accelerators, there are also several new ethernet cards on the market (like this one from Intel) that have built in hardware to handle the encryption, and driver support under several operating systems.

Operating System Name URL License Notes
Linux FreeS/WAN here GPL Some vendors ship, most do not
OpenBSD IPSec BSD Ships with OpenBSD
NetBSD KAME BSD-like AS-IS Ships with NetBSD
FreeBSD KAME BSD-like AS-IS Ships with FreeBSD
Solaris 8.0 IPSec Commercial Ships with Solaris 8.0
Windows 95 / 98 / NT PGP VPN Client here Commercial  
PGP Freeware here Commercial, free for personal, non-commercial use  
PGP International here Commercial, free for personal, non-commercial use  
SafeNet/Soft-PK here Commercial  
F-Secure VPN+ here Commercial  
Windows 2000 IPSec Commercial Ships with Windows 2000


[ Back | TOC | Forwards]