2 \todo{write this subsection}
4 \label{section:IPSECgeneral}
7 \todo{cm: check if there are downgrade attacks for checkpoint \& co} \\
11 \item[Settings:] \mbox{}
13 \paragraph*{Assumptions}\mbox{}\\
15 We assume the usage of IKE (v1 or v2) for this document, and ESP.
17 \paragraph*{Authentication}\mbox{}\\
19 IPSEC authentication should optimally be performed via RSA signatures,
20 with a key size of 2048 bits or more. Configuring only the trusted CA
21 that issued the peer certificate provides for additional protection
22 against fake certificates.
24 If you need to use Pre-Shared Key authentication:
27 \item Choose a \textbf{random}, \textbf{long enough} PSK (see below)
28 \item Use a \textbf{separate} PSK for any IPSEC connection
29 \item Change the PSKs regularily
32 The size of the PSK should not be shorter than the output size of
33 the hash algorithm used in IKE \footnote{It is used in a HMAC, see
34 \url{http://www.ietf.org/rfc/rfc2104.txt}.}.
36 For a key composed of upper- and lowercase letters, numbers, and two
37 additional symbols \footnote{64 possible values = 6 bits}, that gives
38 the following minimum lengths in characters:
45 IKE Hash & PSK length \\
54 \paragraph*{Cryptographic Suites}\mbox{}\\
56 IPSEC Cryptographic Suites are pre-defined settings for all the
57 items of a configuration; they try to provide a balanced security
58 level and make setting up VPNs easier.
60 When using any of those suites, make sure to enable ``Perfect Forward
61 Secrecy`` for Phase 2, as this is not specified in the suites. The
62 equivalents to the recommended ciphers suites in section
63 \ref{section:recommendedciphers} are:
70 Configuration A & Configuration B & Notes\\
72 \verb|Suite-B-GCM-256|\footnote{\url{http://tools.ietf.org/html/rfc6379}} &
73 \verb|Suite-B-GCM-128| & Uses NIST elliptic curves
74 \\ & \verb|VPN-B|\footnote{\url{http://tools.ietf.org/html/rfc4308}} &
80 \paragraph*{IKE or Phase 1}\mbox{}\\
82 Alternatively to the pre-defined cipher suites, you can define your
83 own, as described in this and the next section.
85 IKE or Phase 1 is the mutual authentication and key exchange phase.
87 Use only ``main mode``, as ``aggressive mode`` has known security
88 vulnerabilities \footnote{\url{http://ikecrack.sourceforge.net/}}.
90 \todo{how to make footnotes in a table appear in the output document?}
97 & Configuration A & Configuration B \\
99 Mode & Main Mode & Main Mode \\
100 Encryption & AES-256 & AES-256, CAMELLIA-256 \\
101 Hash & SHA2-* & SHA2-*, SHA1 \\
102 DH Group & Group 14--18 \footnote{2048--8192 bit DH},
103 19--21\footnote{(256--521 bit ECDH)} & Group 14--21 \\
104 Lifetime & \todo{need recommendations; 1 day seems to be common
110 \paragraph*{ESP or Phase 2}\mbox{}\\
112 ESP or Phase 2 is where the actual data are protected.
114 \todo{make the tables appear right here!}
121 & Configuration A & Configuration B \\
123 Perfect Forward Secrecy & yes & yes \\
124 Encryption & AES-GCM-16, AES-CTR, AES-CCM-16, AES-256 & AES-GCM-16, AES-CTR, AES-CCM-16, AES-256, CAMELLIA-256 \\
125 Hash & SHA2-* (or none for AES-GCM) & SHA2-*, SHA1 (or none for AES-GCM) \\
126 DH Group & Same as Phase 1 & Same as Phase 1 \\
127 Lifetime & \todo{need recommendations; 1-8 hours is common} & \\
132 \item[References:] \mbox{}
134 ``A Cryptographic Evaluation of IPsec'', Niels Ferguson and Bruce
135 Schneier: \url{https://www.schneier.com/paper-ipsec.pdf}
139 \subsubsection{Check Point FireWall-1}
142 \item[Tested with Version:] \mbox{}
145 \item R77 (should work with any currently supported version)
148 \item[Settings:] \mbox{}
150 Please see section \ref{section:IPSECgeneral} for guidance on
151 parameter choice. In this section, we will configure a strong setup
152 according to ``Configuration A''.
154 This is based on the concept of a ``VPN Community'', which has all the
155 settings for the gateways that are included in that community.
156 Communities can be found in the ``IPSEC VPN'' tab of SmartDashboard.
158 \todo{make those graphics prettier -- whoever has the right LaTeX
161 \includegraphics{checkpoint_1.png}
163 Either chose one of the encryption suites here, or proceed to
164 ``Custom Encryption...'', where you can set encryption and hash for
167 \includegraphics{checkpoint_2.png}
169 The Diffie-Hellman groups and Perfect Forward Secrecy Settings can be
170 found under ``Advanced Settings'' / ``Advanced VPN Properties'':
172 \includegraphics{checkpoint_3.png}
174 \item[Additional settings:]
176 For remote Dynamic IP Gateways, the settings are not taken from the
177 community, but set in the ``Global Properties'' dialog under ``Remote
178 Access'' / ``VPN Authentication and Encryption''. Via the ``Edit...''
179 button, you can configure sets of algorithms that all gateways support:
181 \includegraphics{checkpoint_4.png}
183 Please note that these settings restrict the available algorithms for
184 \textbf{all} gateways, and also influence the VPN client connections.
186 %\item[Justification for special settings (if needed):]
190 \item[References:]\mbox{}
195 \href{https://sc1.checkpoint.com/documents/R77/CP_R77_VPN_AdminGuide/html_frameset.htm}{VPN
196 R77 Administration Guide} (may require a
197 UserCenter account to access)
201 % \item[How to test:]
206 \subsubsection{OpenVPN}
210 \item[Tested with Version:] \mbox{}\\
213 \item OpenVPN 2.3.2 from Debian ``wheezy-backports'' linked against openssl (libssl.so.1.0.0)
214 \item OpenVPN 2.2.1 from Debian 7.0 linked against openssl (libssl.so.1.0.0)
217 \item[Settings:] \mbox{}
219 \paragraph{General}\mbox{}
221 We describe a configuration with certificate-based authentication; see
222 below for details on the \verb|easyrsa| tool to help you with that.
224 OpenVPN uses TLS only for authentication and key exchange. The
225 bulk traffic is then encrypted and authenticated with the OpenVPN
226 protocol using those keys.
228 Note that while the \verb|tls-cipher| option takes a list of ciphers
229 that is then negotiated as usual with TLS, the \verb|cipher|
230 and \verb|auth| options both take a single argument that must match on
233 \paragraph{Server Configuration}\mbox{}
235 % this is only a DoS-protection, out of scope:
236 % # TLS Authentication
239 \begin{lstlisting}[breaklines]
240 tls-cipher ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA
243 # generate with 'openssl dhparam -out dh2048.pem 2048':
247 \paragraph{Client Configuration}\mbox{}
249 Client and server have to use compatible configurations, otherwise they can't communicate.
250 The \verb|cipher| and \verb|auth| directives have to be identical.
252 \begin{lstlisting}[breaklines]
253 tls-cipher ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA
257 # http://openvpn.net/index.php/open-source/documentation/howto.html#mitm
258 remote-cert-tls server
260 tls-remote server.example.com
263 \item[Justification for special settings (if needed):] \mbox{}\\
265 OpenVPN 2.3.1 changed the values that the \verb|tls-cipher| option
266 expects from OpenSSL to IANA cipher names. That means from that
267 version on you will get ``Deprecated TLS cipher name'' warnings for
268 the configurations above. You cannot use the selection strings from
269 section \ref{section:recommendedciphers} directly from 2.3.1 on, which
270 is why we give an explicit cipher list here.
272 The configuration shown above is compatible with all tested versions.
274 \item[References:] \mbox{}\\
276 \url{http://openvpn.net/index.php/open-source/documentation/security-overview.html}
281 \item[Additional settings:] \mbox{}
283 \paragraph{Key renegotiation interval}\mbox{}
285 The default for renegotiation of encryption keys is one hour
286 (\verb|reneg-sec 3600|). If you
287 transfer huge amounts of data over your tunnel, you might consider
288 configuring a shorter interval, or switch to a byte- or packet-based
289 interval (\verb|reneg-bytes| or \verb|reneg-pkts|).
291 \paragraph{Fixing ``easy-rsa''}\mbox{}
293 When installing an OpenVPN server instance, you are probably using
294 {\it easy-rsa} to generate keys and certificates.
295 The file \verb|vars| in the easyrsa installation directory has a
296 number of settings that should be changed to secure values:
298 \begin{lstlisting}[breaklines]
300 export KEY_EXPIRE=365
301 export CA_EXPIRE=1826
304 This will enhance the security of the key generation by using RSA keys
305 with a length of 2048 bits, and set a lifetime of one year for the
306 server/client certificates and five years for the CA certificate.
308 In addition, edit the \verb|pkitool| script and replace all occurences
309 of \verb|sha1| with \verb|sha256|, to sign the certificates with
312 \item[Limitations:] \mbox{}
314 Note that the ciphersuites shown by \verb|openvpn --show-tls| are {\it
315 known}, but not necessarily {\it
316 supported} \footnote{\url{https://community.openvpn.net/openvpn/ticket/304}}.
324 PPTP is considered insecure, Microsoft recommends to ``use a more secure VPN
325 tunnel''\footnote{\url{http://technet.microsoft.com/en-us/security/advisory/2743314}}.
327 There is a cloud service that cracks the underlying MS-CHAPv2
328 authentication protocol for the price of USD~200\footnote{\url{https://www.cloudcracker.com/blog/2012/07/29/cracking-ms-chap-v2/}},
329 and given the resulting MD4 hash, all PPTP traffic for a user can
332 \subsubsection{Cisco ASA IPSec and AnyConnect (SSL/TLS)}
333 The following settings reflect our recommendations as best as possible on the Cisco ASA platform. These are - of course - just settings regarding SSL/TLS and IPSec. For further security settings regarding this platform the appropriate Cisco guides should be followed.
335 \item[Tested with Version:] \todo{version?}
337 \item[Settings:] \mbox{}
338 \begin{lstlisting}[breaklines]
339 crypto ipsec ikev2 ipsec-proposal AES-Fallback
340 protocol esp encryption aes-256 aes-192 aes
341 protocol esp integrity sha-512 sha-384 sha-256
342 crypto ipsec ikev2 ipsec-proposal AES-GCM-Fallback
343 protocol esp encryption aes-gcm-256 aes-gcm-192 aes-gcm
344 protocol esp integrity sha-512 sha-384 sha-256
345 crypto ipsec ikev2 ipsec-proposal AES128-GCM
346 protocol esp encryption aes-gcm
347 protocol esp integrity sha-512
348 crypto ipsec ikev2 ipsec-proposal AES192-GCM
349 protocol esp encryption aes-gcm-192
350 protocol esp integrity sha-512
351 crypto ipsec ikev2 ipsec-proposal AES256-GCM
352 protocol esp encryption aes-gcm-256
353 protocol esp integrity sha-512
354 crypto ipsec ikev2 ipsec-proposal AES
355 protocol esp encryption aes
356 protocol esp integrity sha-1 md5
357 crypto ipsec ikev2 ipsec-proposal AES192
358 protocol esp encryption aes-192
359 protocol esp integrity sha-1 md5
360 crypto ipsec ikev2 ipsec-proposal AES256
361 protocol esp encryption aes-256
362 protocol esp integrity sha-1 md5
363 crypto ipsec ikev2 sa-strength-enforcement
364 crypto ipsec security-association pmtu-aging infinite
365 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group14
366 crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256-GCM AES192-GCM AES128-GCM AES-GCM-Fallback AES-Fallback
367 crypto map Outside-DMZ_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
368 crypto map Outside-DMZ_map interface Outside-DMZ
370 crypto ikev2 policy 1
371 encryption aes-gcm-256
374 prf sha512 sha384 sha256 sha
375 lifetime seconds 86400
376 crypto ikev2 policy 2
377 encryption aes-gcm-256 aes-gcm-192 aes-gcm
380 prf sha512 sha384 sha256 sha
381 lifetime seconds 86400
382 crypto ikev2 policy 3
383 encryption aes-256 aes-192 aes
384 integrity sha512 sha384 sha256
386 prf sha512 sha384 sha256 sha
387 lifetime seconds 86400
388 crypto ikev2 policy 4
389 encryption aes-256 aes-192 aes
390 integrity sha512 sha384 sha256 sha
392 prf sha512 sha384 sha256 sha
393 lifetime seconds 86400
394 crypto ikev2 enable Outside-DMZ client-services port 443
395 crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
397 ssl server-version tlsv1-only
398 ssl client-version tlsv1-only
399 ssl encryption dhe-aes256-sha1 dhe-aes128-sha1 aes256-sha1 aes128-sha1
400 ssl trust-point ASDM_TrustPoint0 Outside-DMZ
403 \item[Additional settings:] \mbox{}
405 %Here you can add additional settings
407 \begin{lstlisting}[breaklines]
408 %copy \& paste additional settings
411 \item[Justification for special settings (if needed):] \mbox{}
412 New IPsec policies have been defined which do not make use of ciphers that may be cause for concern. Policies have a "Fallback" option to support legacy devices.
414 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
416 \item[References:] \todo{add references}
418 % add any further references or best practice documents here
421 % describe here or point the admin to tools (can be a simple footnote or \ref{} to the tools section) which help the admin to test his settings.
431 \subsubsection{Juniper VPN}
432 \todo{write this subsubsection. AK: ask Hannes}
436 \item[Tested with Version:] \todo{version?}
438 \item[Settings:] \mbox{}
440 \begin{lstlisting}[breaklines]
441 %Here goes your setting string
444 \item[Additional settings:] \mbox{}
446 %Here you can add additional settings
448 \begin{lstlisting}[breaklines]
449 %copy \& paste additional settings
452 \item[Justification for special settings (if needed):] \mbox{}
454 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
456 \item[References:] \todo{add references}
458 % add any further references or best practice documents here
461 % describe here or point the admin to tools (can be a simple footnote or \ref{} to the tools section) which help the admin to test his settings.
469 \subsubsection{L2TP over IPSec}
470 \todo{write this subsubsection}
474 \item[Tested with Version:] \todo{version?}
476 \item[Settings:] \mbox{}
478 \begin{lstlisting}[breaklines]
479 %Here goes your setting string
482 \item[Additional settings:] \mbox{}
484 %Here you can add additional settings
486 \begin{lstlisting}[breaklines]
487 %copy \& paste additional settings
490 \item[Justification for special settings (if needed):] \mbox{}
492 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
494 \item[References:] \todo{add references}
496 % add any further references or best practice documents here
499 % describe here or point the admin to tools (can be a simple footnote or \ref{} to the tools section) which help the admin to test his settings.
508 \subsubsection{Racoon}
509 \todo{write this subsubsection}
513 \item[Tested with Version:] \todo{version?}
515 \item[Settings:] \mbox{}
517 \begin{lstlisting}[breaklines]
518 %Here goes your setting string
521 \item[Additional settings:] \mbox{}
523 %Here you can add additional settings
525 \begin{lstlisting}[breaklines]
526 %copy \& paste additional settings
529 \item[Justification for special settings (if needed):] \mbox{}
531 % in case you have the need for further justifications why you chose this and that setting or if the settings do not fit into the standard Variant A or Variant B schema, please document this here
533 \item[References:] \todo{add references}
535 % add any further references or best practice documents here
538 % describe here or point the admin to tools (can be a simple footnote or \ref{} to the tools section) which help the admin to test his settings.