USENIX Technical Program - Abstract - USENIX Annual
Conference, Freenix Session - June 2000
Transparent Network Security Policy Enforcement
Angelos D. Keromytis, University of Pennsylvania; Jason L. Wright,
Network Security Technologies, Inc. (NETSEC)
Abstract
Recent work in the area of network security, such as IPsec, provides
mechanisms for securing the traffic between any two interconnected
hosts. However, it is not always possible, economical, or even practical
from an administration and operational point of view to upgrade the
software and configuration of all the nodes in a network to support such
security protocols.
One apparent solution to this problem is the use of security gateways
that apply the relevant security protocols on behalf of the protected
nodes, under the assumption that the "last hop" between the security
gateway and the end node is safe without cryptography. Such a gateway
can be set to enforce specific security policies for different types of
traffic. While this solution is appealing in static scenarios (such as
building so-called "intranets"), the use of Layer-3 (network) routers
as security gateways presents some transparency and configuration
problems with regards to peer authentication in the automated key
management protocol.
This paper describes the architecture and implementation of a Layer-2
(link layer) bridge with extensions for offering Layer-3 security
services. We extend the OpenBSD ethernet bridge to perform simple IP
packet filtering and IPsec processing for incoming and outgoing packets
on behalf of a protected node, completely transparently to both the
protected and the remote communication endpoint. The same mechanism may
be used to construct "virtual local area networks," by establishing
IPsec tunnels between OpenBSD bridges connected geographically separated
LANs. As our system operates in the link layer, there is no need for
software or configuration changes in the protected nodes.
|