Printer Friendly
The Free Library
19,604,530 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Attack on IKEv2


What is it?

IPsec-based VPNs secure communication over public network infrastructures for remote workers. Before the VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks.  can protect the traffic, a precise sequence of complex events must occur: the user is identified and authorized, then a session key is securely negotiated. The final key must only be known to the two involved parties.

How does it work?

The complex protocol that performs these tasks is known as Internet Key Exchange Internet key exchange (IKE) is the protocol used to set up a security association (SA) in the IPsec protocol suite. Overview
IKE is defined in RFC 2407, RFC 2408 and RFC 2409. IKEv2 is defined in RFC 4306.  (IKE, currently IKEv2). It derives session keys that permit Internet Protocol See Internet and TCP/IP.

(networking) Internet Protocol - (IP) The network layer for the TCP/IP protocol suite widely used on Ethernet networks, defined in STD 5, RFC 791. IP is a connectionless, best-effort packet switching protocol.  traffic (IPv4 or IPv6) to be encrypted en·crypt  
tr.v. en·crypt·ed, en·crypt·ing, en·crypts
1. To put into code or cipher.

2. Computer Science .

Should I be worried?

This complexity is real. An unauthenticated attacker could crash strongSwan [open source IPsec-based VPN solution for Linux] using only the first IKEv2 packet.

How can I prevent it?

The best defense is to upgrade to the patched version of strongSwan. All IKEv2 implementations should be subjected to variations on real-world service-level traffic throughout the deployment life cycle, continuously establishing that they tolerate unexpected or invalid inputs without experiencing service degradation or downtime The time during which a computer is not functioning due to hardware, operating system or application program failure. .
Copyright 2008 SC Magazine
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright (c) Mochila, Inc.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Kowsik Guruswamy, co-founder and CTO, Mu Dynamics
Publication:SC Magazine
Date:Nov 5, 2008
Words:165
Previous Article:Study: Few second-hand hard disks wiped clean
Next Article:A few thoughts on data protection



Related Articles
RAPID TRANSIT PROJECT RELIES ON RAPTOR FIREWALL/POWERVPN.
Small office gateway.
VPN router. (Latest security products).
AdmitOne VPN for Pocket PC. (Network News And Products).
NETGEAR LAUNCHES FVS328 CABLE/DSL PROSAFE VPN FIREWALL.
VARAHA SELECTS CERTICOM FOR RE-KEYING/INTEROPERABILITY.
SafeNet Receives IKEv2 Interoperability Certification for IPSec Toolkit.
ICSA Labs Aids Vendors in Developing IKEv2-Interoperable Solutions.
Mocana Announces Support for IKEv2, EAP-IKEv2, and MOBIKE Protocols.
Mu Dynamics Discovers, Remediates Leading Open Source VPN Vulnerability: strongSwan IKEv2 Denial-of-Service.

Terms of use | Copyright © 2012 Farlex, Inc. | Feedback | For webmasters | Submit articles