[prev in list] [next in list] [prev in thread] [next in thread] 

List:       suse-security
Subject:    RE: [suse-security] IPSec system design questions (slightly OT)
From:       Ed <scotte () intheairnet ! com>
Date:       2001-06-30 4:21:17
[Download RAW message or body]

I would appreciate comments on some IPSec design issues.  
A transportation manufacture recently requested proposals for 
a Linux based system to put Internet and email services on 
their vehicles.  This system would let passengers plug a laptop 
into the on board network.  A number of protocols were specified 
including IPSec.  They also specified Linux kernel 2.4.x.

It seemed to me that they intended IPSec to be used from 
transportation vehicle to satellite to fixed server.  The VP 
of Technology here has recently discussed using IPSec 
on board vehicle from web server, email server and file 
server to passenger seats - typically many hundreds of 
passengers. 

The transportation manufacture specified:  "The file 
server will not preclude a user from initiating and completing 
a supported VPN connection from their user device through 
the transportation manufacturer network using the IPSec and 
PPTP protocol, as a minimum.  The system should allow the 
user to switch between IPSec VPN and non-VPN without need 
of rebooting the laptop.  The system will only pass IP based 
protocols between the laptop passenger interface and the file 
server.  Passenger laptops will be assigned default gateway 
address via DHCP.  The default gateway should reside in the 
server.  The system will by default, route user outbound packets 
to a configurable gateway."

Is it feasible to support IPSec from a passenger's laptop when 
implementations of IPSec vary and either ESP or AH modes might 
be used?  If feasible what performance hit would be involved?  I have 
heard estimates of 40% when encryption is used (mileage may vary I 
suppose based on CPU speed and resources). 

I assumed that a "default gateway at the server" implied that the 
IPSec pipe started or ended there.  Since the transportation 
manufacturer called out other security requirements to the passenger 
seat, I assumed that IPSec to the seat was not required.  

Examples of requested security:  "Multiple passengers will not be 
connected to shared physical media.  Laptop users will not be 
permitted to view packets from another user's network session.  
Each passenger's laptop's user interface will be isolated to its own 
link layer subnetwork.  The passenger laptop will not be able to access 
unauthorized IP address.  The system will be immune to DoS attacks.  
The server will ensure that passenger laptop's can only pass packets 
with that user's assigned IP address."

My main question are,
1) "Does the transportation manufacturer really want IPSec extended 
directly to the passenger's laptop?"
2) "Would it even be feasible to automate re configuration of IPSec 
software running on a passenger laptop to avoid compatibility issues?"
3) "What would the performance cost be of running ESP or AH IPSec 
on a laptop that might also be viewing an MPEG2 movie, web browsing 
or playing a game?"

I would appreciate any opinions you care to offer.  
The job you save may be my own.  <s>
Thanks,

Ed



[prev in list] [next in list] [prev in thread] [next in thread]