IPSec Evaluation

IPSec Evaluation

IPSec Evaluation • Evaluation of IPSEC devices. – The aim of this evaluation is support acreditation processes.

– Tools: • Our own tools, simulating: – Negotiations. – Destructions. – Network Delays. – Different topologies.

© 2010 evalues

•Commercial tools (IXIA). - Standard conformity. •Reports and Methodology. -Our own evaluation methodology.

Titulo Presentación

2

Category Evaluation Tests IPSec Evaluation

Conformity tests

Functional tests

ESP Protocol

Cipher suit

AH Protocol

Authentication method

ISAKMP Protocol

Negotiation modes

Penetration Tests

Performance Tests

Inexpert Attacker

Tunnel Negotiation

Expert Attacker

Tunnel Destruction

Advance Attacker

Routing capacities

PFS

漏 2010 evalues

Titulo Presentaci贸n

3

IPSEC Evaluation Topology

2010 EVALUES - Seguridad en Sistemas de Informaci贸n

4

Performance Evaluation Topology

2010 EVALUES - Seguridad en Sistemas de Informaci贸n

5

Network Profiles; Examples Profile

Protocol

Message size

Direction

Latency

% Lost

% Retransmission

Max. BandWidth.

UDP

MTU

Bidirectional

0 ms

0%

0%

Red Saturada

UDP

MTU

Bidiretcional

1500 ms

40%

65%

Custom Use

90% TCP 9% UDP 1% ICMP

250 bytes

Bidirectional

0 ms

1%

2%

Asim. TCP Input

TCP

MTU

Toward E.I.

0 ms

1%

2%

Asim TCP Output

TCP

MTU

Toward E.I.

0 ms

1%

2%

2010 EVALUES - Seguridad en Sistemas de Informaci贸n

6

Evaluation fulfilled • Nokia • Cisco • Teldat

2010 EVALUES - Seguridad en Sistemas de Información

7