LEAP more secure than IPSec?!?

Configuration and operational information about stumbled AP's

LEAP more secure than IPSec?!?

Postby WiFiLinux » Thu Sep 25, 2003 12:05 pm

Hi All,

Has anyone seen this article? I am not a VPN expert but I thought that IPSec could do dynamic key exchange after a tunnel was established. The author seems to think that LEAP is more secure than IPSec. Can someone please give me a reality check on this?

Thanks.
WiFiLinux
 
Posts: 105
Joined: Mon May 05, 2003 1:30 am
Location: 5280'>sea level

Postby Madhadder » Thu Sep 25, 2003 9:58 pm

Check the Cisco site for better info. There are also many
presentations,whitepapers,etc. about LEAP on the net, even
here if you search....

LEAP is only part of the overall picture if you use Cisco gear.
In addition, LEAP generates Dynamic WEP keys on a per user
basis, and changes them every 30sec or so. Add LEAP to the
other Cisco Wierdness and you have one very secure network..

PS: LEAP is only Avail. On Cisco Gear, anything else is a hack.
Legends may sleep, but they never die!!!!
User avatar
Madhadder
 
Posts: 1619
Joined: Sat Apr 13, 2002 5:37 am
Location: Munich, Germany

Postby WiFiLinux » Mon Sep 29, 2003 10:28 am

Thanks Madhadder,

I was really inquiring about IPSec’s ability to re-key after a tunnel has been established. I have done some research and can now verify that IPSec can re-key an existing tunnel (contrary to what the above website states). I should have posted this in the miscellaneous/off topic section. Sorry for any confusion
WiFiLinux
 
Posts: 105
Joined: Mon May 05, 2003 1:30 am
Location: 5280'>sea level

Postby nashr » Mon Sep 29, 2003 10:32 am

Madhadder, good summation.

WiFiLinux, I see your point. Do you have a link for your findings? Thanks.

P.S.
I work with the author of that website. He doesn't follow this site at all, as you can see by his number of postings. I'll pass along that others have been reading his work.
Help! I've been Simpsonized!
User avatar
nashr
 
Posts: 1585
Joined: Fri Aug 09, 2002 6:12 am
Location: Virginia

Postby WiFiLinux » Mon Sep 29, 2003 6:50 pm

Hi Nashr,

I found the information in the book “IPSec The New Security Standard for the Internet, Intranets, and Virtual Private Networks”. What I am referring to is the ability for IKE to create and tear down security associations (SA) during an IPSec VPN session. I found this information on page 112 of the text which says:

“In addition to those mandatory attributes there are also optional attributes that may be negotiated as part of a protection suite. Foremost among these optional attributes is a lifetime. The lifetime attribute determines how long the IKE SA exists. The longer an IKE SA exists, the greater the risk of leakage of its key, so an implementation is encouraged to include lifetimes in the protection suites offered to peers.”

If the manufacture does not implement IKE lifetime settings in their device then the aforementioned web page would be correct in stating that LEAP encryption is more secure than IPSec, however I think that most of them do. I have worked with Nortel Networks Contivity product to a limited extent and have seen re-keying as an option based on time, or the amount of data transferred. Sorry I don’t have links to this data other than the RFC which is not a fun read.

Again I’m not an IPSec / VPN expert so if someone has information contradicting me please post it as I am very interested in learning more about this topic.

Thank you,
WiFiLinux
 
Posts: 105
Joined: Mon May 05, 2003 1:30 am
Location: 5280'>sea level

Postby WiFiLinux » Mon Oct 27, 2003 2:08 pm

Hi Nashr,

I ran across this on the web and recalled this thread.

The IPsec Tunnel
"Once the Diffie-Hellman tunnel has been brought up, the IPsec process can begin. For the most part, there is little that needs to be done. You will provide the basic framework for the tunnel and the routers negotiate the specifics. The reason why the keys are negotiated between the routers is because a secure network requires the keys to expire occasionally. Every so often, the routers will renegotiate the keys and the tunnel continues on."

This is a really good high level explanation of IPSec and encryption in general.

I Hope this was helpful.

Thanks.
:)
WiFiLinux
 
Posts: 105
Joined: Mon May 05, 2003 1:30 am
Location: 5280'>sea level


Return to AP Information

Who is online

Users browsing this forum: No registered users and 2 guests

cron