DHCP Configuration of IPSEC Tunnel Mode -- dmeredit@cs.hmc.edu

Name: Daniel Meredith
Course: CS125 -- Computer Networks
Abstract Due Date: March 30, 2000
Journal Reference: draft-ietf-ipsec-dhcp-04.txt

The security of a private network as it is seen by the outside world has always been the prime focus of security specialists. But with the increasing movement of people wishing to work from home it has become necessary to consider to the security of those nodes operating outside of the protection of a companies private network. The easiest solution to this problem is to extent the wall of the private network around the outlying nodes. This raises a few obvious problems.

How do you extent the wall if a physical connection to the private network is beyond a reasonable distance?
If they must connect to the private network, how do you guarantee a secure and safe connection?
Once connected, how do you make sure that the node that was brought into the network is not a security risk to the whole network?

One possible solution to these problems is the use of DHCP over a VPN to secure and connect the outlying nodes. Once an external machine has been configured with some kind of external network interface (PPP, DSL, ISDN) a secure connection to a company server could be achieved via a Virtual Private Network (VPN). Similar to the days in the past when a person could dial directly in to their company or school mainframe to access the resources it contained, a secure VPN could be established to allow access to the resources of the company intranet.

The increased security in both IPSEC for IPv4 and IPv6 make it possible to create not only a secured connection for the VPN via tunneling, but also to establish the VPN in a secure manner. The outer node would simply need to create a Security Association (SA) and Key Exchange with the private network security gateway and then negotiate with the DHCP server via the SA with the security gateway until the VPN could be established. This allows the outer node to be incorporated into the private network in a very secure manner, and then the remainder of the connection can be maintained via a VPN operating in IPSEC tunnel mode.

The largest problem I see with this practice if the ability to bring an unsecured node into a previously secure network.

Example:
A worker for a large Internet Service Provider is forced to take some medical leave. During this time he decides that he could just as well work from home during this time and not take his leave. So the company decides that he should be allow to use their network via a secured VPN. Unknown to the company the workers machine has multiple Internet interfaces and while being connect to the VPN via one interface is also running ftp and irc servers on other interfaces. This creates a huge security hole if his machine can be compromised via one of the other interfaces. It is an open door to the private network of the ISP. This is a bad thing.

The ability to add more nodes to the network means that the network has that many more vulnerabilities. Thus security measures and standard must be setup and policed on any machine wishing to connect to the private network. This translates to higher security costs and raises the question: "Is connecting to the network from home, hotel, etc worth the extra costs to maintain security?"