Acesso remoto em firewalls e topologia para gateways VPN
Resumo
VPNs are being hailed as the solution for several situations involved in the Internet these days. Firewalls have seen a decade of evolution and sophistication to deal with specific problems. However, we are also seeing the proliferation of VPN configurations on otherwise secure networks based on firewalls. This paper discusses the security problems incurred by the adoption of VPN gateways in standard firewalls. It also suggests more secure topology solutions for the standard VPN uses, as well as for the remote access client. We also propose an implementation based on freely available software that satisfies the security issues brought about by this paper.
Referências
Chapman, D.B.; Zwicky, E.D, Building Internet Firewalls, O'Reilly & Associates, 1995.
Denker, J. S.; Bellovin, S. M., Daniel, H.; Mintz, N. L.; Killian, T.; Plotnick, M. A., Moat: a Virtual Private Network Appliance and Services Plataform, Proceedings of LISA '99, Seatle, WA, USA, Novembro 1999
Ferguson, P.; Huston, G., What is a VPN?, http://www.employees.org/ferguson/vpn.pdf
Linux FreeS/WAN 1.8 HTML Documentation tree, http://www.freeswan.org/freeswan_trees/freeswan-1.8/doc/index.html.
Harkins, D.; Carrel, D., The Internet Key Exchange, RFC 2409, Novembro 1998, ftp://ftp.isi.edu/innotes/rfc2409.txt
Kent,S.; Atkinson, R., IP Authentication Header, RFC 2402, IETF, Novembro 1998, ftp://ftp.isi.edu/in-notes/rfc2402.txt
Kent,S.; Atkinson, R., IP Encapsulating Security Payload (ESP), RFC 2406, IETF, Novembro 1998, ftp://ftp.isi.edu/in-notes/rfc2406.txt
King, Christopher M. Information Security. The 8 Hurdles to VPN Deployment. March, 1999. http://www.infosecuritymag.com/mar99/cover.htm.
Kosiur, D., Building and Managing Virtual Private Networks, John Wiley & Sons, Inc, 1998
Kelly, S.; Ramamoorthi, S., Requirements for IPsec Remote Access Scenarios, draft-ietf-ipsra-reqmts-02, IPsec Remote Access Working Group, http://search.ietf.org/internet-drafts/draft-ietf-ipsra-reqmts-02.txt, Novembro 2000,
Nakamura, E. T., Um Modelo de Segurança de Redes para Ambientes Cooperativos, Tese de Mestrado, IC - UNICAMP, Campinas, Setembro 2000
Nakamura, E. T.; Geus, P. L., Análise de Segurança do Acesso Remoto VPN, Anais do SSI'2000, II Simpósio sobre Segurança em Informática, S. José dos Campos, SP, 24-26/10/2000, pp29-37.
Pillay, H., Mini How-to on Setting Up IP Aliasing On A Linux Machine, http://home1.pacific.net.sg/~harish/linuxipalias.html
Russel, R. Linux IP Firewalling Chains, http://netfilter.filewatcher.org/ipchains/
Denker, J. S.; Bellovin, S. M., Daniel, H.; Mintz, N. L.; Killian, T.; Plotnick, M. A., Moat: a Virtual Private Network Appliance and Services Plataform, Proceedings of LISA '99, Seatle, WA, USA, Novembro 1999
Ferguson, P.; Huston, G., What is a VPN?, http://www.employees.org/ferguson/vpn.pdf
Linux FreeS/WAN 1.8 HTML Documentation tree, http://www.freeswan.org/freeswan_trees/freeswan-1.8/doc/index.html.
Harkins, D.; Carrel, D., The Internet Key Exchange, RFC 2409, Novembro 1998, ftp://ftp.isi.edu/innotes/rfc2409.txt
Kent,S.; Atkinson, R., IP Authentication Header, RFC 2402, IETF, Novembro 1998, ftp://ftp.isi.edu/in-notes/rfc2402.txt
Kent,S.; Atkinson, R., IP Encapsulating Security Payload (ESP), RFC 2406, IETF, Novembro 1998, ftp://ftp.isi.edu/in-notes/rfc2406.txt
King, Christopher M. Information Security. The 8 Hurdles to VPN Deployment. March, 1999. http://www.infosecuritymag.com/mar99/cover.htm.
Kosiur, D., Building and Managing Virtual Private Networks, John Wiley & Sons, Inc, 1998
Kelly, S.; Ramamoorthi, S., Requirements for IPsec Remote Access Scenarios, draft-ietf-ipsra-reqmts-02, IPsec Remote Access Working Group, http://search.ietf.org/internet-drafts/draft-ietf-ipsra-reqmts-02.txt, Novembro 2000,
Nakamura, E. T., Um Modelo de Segurança de Redes para Ambientes Cooperativos, Tese de Mestrado, IC - UNICAMP, Campinas, Setembro 2000
Nakamura, E. T.; Geus, P. L., Análise de Segurança do Acesso Remoto VPN, Anais do SSI'2000, II Simpósio sobre Segurança em Informática, S. José dos Campos, SP, 24-26/10/2000, pp29-37.
Pillay, H., Mini How-to on Setting Up IP Aliasing On A Linux Machine, http://home1.pacific.net.sg/~harish/linuxipalias.html
Russel, R. Linux IP Firewalling Chains, http://netfilter.filewatcher.org/ipchains/
Publicado
05/03/2001
Como Citar
FIGUEIREDO, Francisco José Candeias; GEUS, Paulo Lício de.
Acesso remoto em firewalls e topologia para gateways VPN. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 1. , 2001, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2001
.
p. 107-118.
DOI: https://doi.org/10.5753/sbseg.2001.21292.
