IPsec, someone is wrong here!

Printable View

08-02-2003, 09:43 AM
Apheleon

IPsec, someone is wrong here!

Ok I'm getting pretty frustrated here.

First I talk to Linksys support right? I ask them

"Should I leave IPSec enabled on my router? If I disabled IPSec, would this be less secure to my internal network, or less secure to BOTH my internal network and for my outgoing connections?"

The reply I get from Linksys was something like this, "IPSec is a application protocol. It's only for vpn routers blah blah" (can't remember the rest, but it wasn't much though)

So I say, "Is it ok if I disable it then?"

She says, "Yes".

Ok for some reason I still want to disagree here. Because of these two factors.

I am getting two totally different answers after I looked into this

#1: The linksys support site had this to say (aside from what the this lady told me)

Quote:

Does the Router support IPsec?

Yes. Firmware Version 1.23.4 and later support IPsec. IPsec is a security protocol that provides authentication and encryption over the Internet. Unlike SSL, which provides services at layer 4 and secures two applications, IPSEC works at layer 3 and secures everything in the network.

#2: Now I have this book here, been reading through it, and here is what my book says.

Quote:

IPsec is a series of draft standards that define a means of securing data as it is transmitted over a LAN using authentication and encryption. IPsec consists of two seperate proticols, AH and ESP....

Later it goes on to say..

Quote:

Because of the modifications that the AH and ESP protocols make all inside the datagrams, the routers on the network do not have to support IPsec.

Either way, I want to know one thing. Does IPsec provide any security over the internet/outgoing connections? The book says "over a LAN", but the linksys page tells me its used "over the Internet". The lady tells me to disable it and that it won't be any less secure.

I have this feature on my router, says, Enable/Disable IPsec passthrough

The default is Enabled<-------*gasp*

Something tells me IPsec is only used in "local internetworks" and not for outgoing connections/internet. Buuuut as the Linksys support page says... "IPsec is a security protocol that provides authentication and encryption over the Internet."

Can someone explain this in better detail? Because what I'm getting is IPSec is LAN only. But on the other end I'm reading it's used over the internet.

So why is it enabled on my router by default? Would I be ok disabling this or would this be less secure for my outgoing connections?

One last thing, I remember reading somewhere that SSL uses one of the IPsec protocols or something, I could be wrong however.

BTW, I don't use a vpn router (least I don't think I do). I use a BEFSR-41 in which a later firmware revision added in this IPSec feature.
08-02-2003, 10:10 AM
SkyDog

It would be more accurate to say that IPsec passes over TCP/IP instead of saying "over a LAN" or "over the Internet". It doesn't matter if you're talking about a LAN, WAN, MAN, Internet, Ethernet, Token Ring, or whatever -- if it can carry TCP/IP, it can carry IPsec traffic. IPsec is not LAN-only, as it's commonly used for VPN traffic. Whenever I establish a VPN session from home to work over the Internet, it's an IPsec connection. (And besides, if it was LAN-only, your router wouldn't need any settings for it since it wouldn't need to know how to pass the traffic.)

If you're not using VPN, then it shouldn't matter if you have IPsec enabled or disabled on your router since you most likely won't be using it.
08-02-2003, 10:23 AM
Apheleon

Thanks, sounds like I'll keep it enabled then.

Heh, Linksys told me it would be ok to disable it...

...

HAHA!
08-03-2003, 03:59 AM
Isezumi

okay...

you dont really seem to understand...

The point of IPsec is to SECURE A CONNECTION BETWEEN TWO OR MORE HOSTS. This does implicate that the OTHER HOST(S) are also using IPsec...if they arent your just throwing encrypted packets at them, that they cant read.
08-03-2003, 10:01 AM
BloodRed

Leaving the setting enabled won't do any harm. What Skydog meant was that unless you're using VPN to connect to a remote network that uses IPSec, you really don't need to allow IPSec Passthrough on your router.
08-03-2003, 11:26 AM
Thermo

Network security 101-security router lesson. Close everything. Absolutely everything. Then open only those ports and proto’s that you use. If it does not block you from doing something that you want to do, keep it closed. If you VPN from the internet, then you need IPsec. If you don’t, then you don’t need it.
08-04-2003, 10:46 AM
Apheleon

Ok, gotcha. Thanks alot for the info guys. I obviously don't use VPN, at least not from what I know of...

Does anyone have any good info or a good description of what a VPN is. My book describes it very vaguely.

Hey, I'm just trying to learn. Does anyone have any good links about what VPN is? Even how it is set up would be a good read for me.

Anything, links, or whatever, would be very very, appriciated.

(Sorry, I'm a noob in the more "advanced" networking areas.) :(

*edit*

Never mind, I found a good link

*/edit*
08-04-2003, 11:16 AM
Thermo

Virtual private networks are secured private network connections, built on top of publicly-accessible infrastructure, such as the Internet or the public telephone network. VPNs typically employ some combination of encryption, digital certificates, strong user authentication and access control to provide security to the traffic they carry. They usually provide connectivity to many machines behind a gateway or firewall.