[strongSwan] Security Comparison
Christian Salway
christian.salway at naimuri.com
Thu Jul 19 10:58:51 CEST 2018
Thanks. answers inline
> On 19 Jul 2018, at 09:38, Tobias Brunner <tobias at strongswan.org> wrote:
>
> Hi Christian,
>
>> I am also
>> limited to the native OSX/Windows VPN clients which currently support a
>> maximum of aes256-sha256-prfsha256-ecp256-modp2048 (Windows does not
>> support ecp)
>
> It does (at least on Windows 10), you just have to enable it via
> PowerShell (see [1]).
Even with the registry key added, the IKE ciphers are as follows:
WINDOWS 10
IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
IKE:AES_CBC_256/HMAC_SHA2_384_192/PRF_HMAC_SHA2_384/MODP_2048
ie, no ECP and annoyingly weakest first!
OSX
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256,
IKE:AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_1536,
IKE:AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024,
IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
>> Apart from IPSEC being Layer 3 and HTTP being Layer 6, meaning that
>> should a VPN client be infected with a worm, it is easier for that worm
>> to infect the network, I’m struggling to see another security argument.
>
> Probably depends on the IPsec policies (e.g. if split tunneling is used
> or even only single protocols/ports are allowed) and the firewall rules
> on the remote end vs. what is available via HTTPS connection (e.g. if
> the latter creates a VPN too or the malware can hijack the VDI somehow).
Split tunneling and select ports, but it is still easier for a worm to go down an IP than over VDI
>
>> Data encrypted over RSA 4096 SHA-2 on paper seems a secure connection.
>
> Nobody encrypts large amounts of data via RSA, if anything it's used to
> encrypt a symmetric key that's then used to encrypt the data, but mostly
> only for authentication (digital signatures). The key exchange usually
> happens via ephemeral DH (in IKE always and nowadays in TLS too).
>
>> Whereas IKE also uses a certificate to do the KeyExchange before
>> logging in
>
> No, the key exchange is done via DH, the certificate is used for
> authentication only (to prevent MITM attacks).
>
>> and then encrypting the data with ESP, so the ciphers used on
>> ESP I feel is the comparison that needs to be made.
>
> The cryptographic strength of all ciphers in a cipher suite should be
> consistent. For instance, using AES-256 for ESP is basically wasted
> when using MODP-2048 because that has only an estimated strength of 112
> bits (same for ECP-256 whose estimated strength is 128 bits).
Clearly the few points above tells me I need to understand how the secure cycle works.. any good websites that can explain HTTPS and IKE/IPSEC?
>
>> I will have a read of that Cipher suites page, but if I remember
>> correctly, it is not a comparison but a standpoint.
>
> It mainly documents the available options (there are some warnings/notes
> though). [2] has some general pointers regarding the security of
> IKE/IPsec connections.
>
> Regards,
> Tobias
>
> [1]
> https://wiki.strongswan.org/projects/strongswan/wiki/WindowsClients#AES-256-CBC-and-MODP2048
> [2]
> https://wiki.strongswan.org/projects/strongswan/wiki/SecurityRecommendations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20180719/fb2e7d48/attachment-0001.html>
More information about the Users
mailing list