Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

24.4 Verification of IPSec Policies > 24.4.1 Modeling IPSec Security Policies - Pg. 616

616 CHAPTER 24 Formal Analysis of Policy-Based Security Configurations in Enterprise Networks transport, etc.) poses another challenge when modeling and analyzing IPSec policies. Rule con- flicts can occur due to IPSec misconfiguration within a single policy (called intrapolicy con- flicts) or due to the inconsistency between policies in different devices (called interpolicy conflicts). These conflicts may result in incorrect operation of IPSec and can lead to serious security threats including transmitting traffic insecurely, drop- ping legitimate traffic, and allowing undesired traffic into secure networks. Therefore, successful deployment of IPSec security is highly dependent on the availability of policy management tech- niques that can analyze, verify, and purify IPSec policy rules with minimal human intervention. Our contribution in this chapter comes in two- fold. First, we present a generic model that uses Boolean expressions to capture the single-trigger and multi-trigger semantics of IPSec filtering poli- cies. Second, we introduce a novel framework integrity, confidentiality, and authentication of data communications over IP networks. The end users can specify the security level (AH or ESP) and mode (tunnel or transport) [40, 41] to accommodate the traffic security policy require- ments. IPSec devices typically encrypt and encap- sulate the outgoing IP packets according to an IPSec security policy, while the receiving devices decapsulate and decrypt the incoming packets to verify integrity and authenticity. IPSec operations can be performed either at the traffic source and destination (transport mode) or at the intermedi- ate security gateways (tunnel mode) to allow for source-based or domain-based security, respec- tively. Due to the flexibility and application trans- parency of IPSec, it is widely used today as a very cost-effective means to establish Virtual Private Networks (VPNs) or secure channels between corporate networks over the Internet. The IPSec policy consists of lists of rules that