HUT - TML - Studies - Tik-110.501 - Introduction of topics

TML / Studies / Tik-110.501 / Topics

Seminar on Network Security
Introduction of the topics and some material for the session of
Remote access
Tutored by Jari Arkko, Tommi Linnakangas and Bengt Sahlin

Road Warrior Security (IPSec remote access)

The concept Road Warrior denotes a person that is travelling much and needs to get access to the "home network" securely through the public Internet. A person might for example want to connect to a computer in the private network of his company from an airport. The IPSec standards do not cover setting up an authenticated IPSec tunnel between the road warrior and the home network. The purpose of this paper is to study how such a tunnel can be set up.
References:
http://www.ietf.org/html.charters/ipsec-charter.html
http://www.ietf.org/html.charters/ipsra-charter.html

VPN and Firewall traversal

VPNs and firewalls places limitations on the traffic flow. Private networks often use Network Address Translators, translating private addresses into public addresses, and vice versa. This causes problems for end to end traffic flow and security (through IPSec).
The study should consider requirements and constraints on secure traffic traversal between over the VPN and firewall boundaries.
References:
http://www.ietf.org/html.charters/aft-charter.html
http://www.ietf.org/html.charters/ipsec-charter.html
http://www.ietf.org/internet-drafts/draft-aboba-nat-ipsec-02.txt
http://www.ietf.org/internet-drafts/draft-stenberg-ipsec-nat-traversal-00.txt
http://www.ietf.org/html.charters/nat-charter.html
http://www.ietf.org/rfc/rfc2709.txt
http://www.ietf.org/internet-drafts/draft-ietf-nat-rsip-ipsec-04.txt
http://www.ietf.org/html.charters/mobileip-charter.html
http://www.ietf.org/html.charters/ipsra-charter.html

Secure Zero configuration

Zero configuration means configuring a device to be connected to a network with a mininum amount of manual configuration. A new machine to be added to a LAN would then be set up almost automatically by just connecting it to the network. There is a need for security mechanisms to ensure correct setup and mitigate the risk of connecting unrestritcted equipment to the network.
References:
http://www.ietf.org/html.charters/zeroconf-charter.html

Attribute certificates in X.509

The IETF is working on standards for defining Attribute certificates for X.509. The purpose of this study is to present the X.509 PKI architecture shortly, and analyse the proposed attribute certificate mechanism. X.509 attribute certificates should be compared to SPKI certificates.
References:
http://www.ietf.org/html.charters/pkix-charter.html
http://www.ietf.org/internet-drafts/draft-ietf-pkix-ac509prof-05.txt
http://www.ietf.org/html.charters/spki-charter.html

This page is maintained by Network Security teaching staff, E-mail: netsec@tml.hut.fi.
The page has been last updated on September 11, 2000
URL: http://www.tml.hut.fi/Opinnot/Tik-110.501/2000/intro/remote.html