Acesso remoto em firewalls e topologia para gateways VPN

  • Francisco José Candeias Figueiredo UNICAMP
  • Paulo Lício de Geus UNICAMP


VPNs are being hailed as the solution for several situations involved in the Internet these days. Firewalls have seen a decade of evolution and sophistication to deal with specific problems. However, we are also seeing the proliferation of VPN configurations on otherwise secure networks based on firewalls. This paper discusses the security problems incurred by the adoption of VPN gateways in standard firewalls. It also suggests more secure topology solutions for the standard VPN uses, as well as for the remote access client. We also propose an implementation based on freely available software that satisfies the security issues brought about by this paper.


Chapman, D.B.; Zwicky, E.D, Building Internet Firewalls, O'Reilly & Associates, 1995.

Denker, J. S.; Bellovin, S. M., Daniel, H.; Mintz, N. L.; Killian, T.; Plotnick, M. A., Moat: a Virtual Private Network Appliance and Services Plataform, Proceedings of LISA '99, Seatle, WA, USA, Novembro 1999

Ferguson, P.; Huston, G., What is a VPN?,

Linux FreeS/WAN 1.8 HTML Documentation tree,

Harkins, D.; Carrel, D., The Internet Key Exchange, RFC 2409, Novembro 1998,

Kent,S.; Atkinson, R., IP Authentication Header, RFC 2402, IETF, Novembro 1998,

Kent,S.; Atkinson, R., IP Encapsulating Security Payload (ESP), RFC 2406, IETF, Novembro 1998,

King, Christopher M. Information Security. The 8 Hurdles to VPN Deployment. March, 1999.

Kosiur, D., Building and Managing Virtual Private Networks, John Wiley & Sons, Inc, 1998

Kelly, S.; Ramamoorthi, S., Requirements for IPsec Remote Access Scenarios, draft-ietf-ipsra-reqmts-02, IPsec Remote Access Working Group,, Novembro 2000,

Nakamura, E. T., Um Modelo de Segurança de Redes para Ambientes Cooperativos, Tese de Mestrado, IC - UNICAMP, Campinas, Setembro 2000

Nakamura, E. T.; Geus, P. L., Análise de Segurança do Acesso Remoto VPN, Anais do SSI'2000, II Simpósio sobre Segurança em Informática, S. José dos Campos, SP, 24-26/10/2000, pp29-37.

Pillay, H., Mini How-to on Setting Up IP Aliasing On A Linux Machine,

Russel, R. Linux IP Firewalling Chains,
Como Citar

Selecione um Formato
FIGUEIREDO, Francisco José Candeias; GEUS, Paulo Lício de. Acesso remoto em firewalls e topologia para gateways VPN. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 1. , 2001, Florianópolis. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2001 . p. 107-118. DOI:

Artigos mais lidos do(s) mesmo(s) autor(es)

1 2 3 > >>