Acesso remoto em firewalls e topologia para gateways VPN

  • Francisco José Candeias Figueiredo UNICAMP
  • Paulo Lício de Geus UNICAMP

Resumo


VPNs are being hailed as the solution for several situations involved in the Internet these days. Firewalls have seen a decade of evolution and sophistication to deal with specific problems. However, we are also seeing the proliferation of VPN configurations on otherwise secure networks based on firewalls. This paper discusses the security problems incurred by the adoption of VPN gateways in standard firewalls. It also suggests more secure topology solutions for the standard VPN uses, as well as for the remote access client. We also propose an implementation based on freely available software that satisfies the security issues brought about by this paper.

Referências

Chapman, D.B.; Zwicky, E.D, Building Internet Firewalls, O'Reilly & Associates, 1995.

Denker, J. S.; Bellovin, S. M., Daniel, H.; Mintz, N. L.; Killian, T.; Plotnick, M. A., Moat: a Virtual Private Network Appliance and Services Plataform, Proceedings of LISA '99, Seatle, WA, USA, Novembro 1999

Ferguson, P.; Huston, G., What is a VPN?, http://www.employees.org/ferguson/vpn.pdf

Linux FreeS/WAN 1.8 HTML Documentation tree, http://www.freeswan.org/freeswan_trees/freeswan-1.8/doc/index.html.

Harkins, D.; Carrel, D., The Internet Key Exchange, RFC 2409, Novembro 1998, ftp://ftp.isi.edu/innotes/rfc2409.txt

Kent,S.; Atkinson, R., IP Authentication Header, RFC 2402, IETF, Novembro 1998, ftp://ftp.isi.edu/in-notes/rfc2402.txt

Kent,S.; Atkinson, R., IP Encapsulating Security Payload (ESP), RFC 2406, IETF, Novembro 1998, ftp://ftp.isi.edu/in-notes/rfc2406.txt

King, Christopher M. Information Security. The 8 Hurdles to VPN Deployment. March, 1999. http://www.infosecuritymag.com/mar99/cover.htm.

Kosiur, D., Building and Managing Virtual Private Networks, John Wiley & Sons, Inc, 1998

Kelly, S.; Ramamoorthi, S., Requirements for IPsec Remote Access Scenarios, draft-ietf-ipsra-reqmts-02, IPsec Remote Access Working Group, http://search.ietf.org/internet-drafts/draft-ietf-ipsra-reqmts-02.txt, Novembro 2000,

Nakamura, E. T., Um Modelo de Segurança de Redes para Ambientes Cooperativos, Tese de Mestrado, IC - UNICAMP, Campinas, Setembro 2000

Nakamura, E. T.; Geus, P. L., Análise de Segurança do Acesso Remoto VPN, Anais do SSI'2000, II Simpósio sobre Segurança em Informática, S. José dos Campos, SP, 24-26/10/2000, pp29-37.

Pillay, H., Mini How-to on Setting Up IP Aliasing On A Linux Machine, http://home1.pacific.net.sg/~harish/linuxipalias.html

Russel, R. Linux IP Firewalling Chains, http://netfilter.filewatcher.org/ipchains/
Publicado
05/03/2001
FIGUEIREDO, Francisco José Candeias; GEUS, Paulo Lício de. Acesso remoto em firewalls e topologia para gateways VPN. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 1. , 2001, Florianópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2001 . p. 107-118. DOI: https://doi.org/10.5753/sbseg.2001.21292.

Artigos mais lidos do(s) mesmo(s) autor(es)

1 2 3 > >>