09-13-2012 09:45 PM
Hi
Can someone help me to understand, why SSL VPN lacks in Anti-Replay attack protection?
Also please let me know if there is anyother security concerns in SSL VPN comparing to IPSec VPN. Thanks for your time in advance.
Regards,
Gan
09-14-2012 01:29 AM
Gan,
Have a look at RFC, I don't think it's fully the way you describe.
Sections 6.2.2 and 6.2.3 should be relevant.
(...) The MAC of the record also includes a sequence number so that missing, extra, or repeated messages are detectable.
M.
09-15-2012 06:49 PM
Hi Marcin,
Thanks for your time. Read the RFC and got to know that SSL VPN protects Anti-Replay Attack as well.
Can you please help me to understand which VPN is more seure IPSec VPN or SSL VPN? and Why?
Regards,
Gan
09-16-2012 02:16 AM
Gan,
I think you're looking at this the wrong way around.
Why don't you start with reading security considerations part of RFC:
SSLv3:
http://tools.ietf.org/html/rfc6101#appendix-F
IPsec and IKE:
http://tools.ietf.org/html/rfc2409#page-28
http://tools.ietf.org/html/rfc4301#page-72
Also, I relized I quoted the TLS RFC not SSL, here's a correction:
To prevent message replay or modification attacks, the MAC is computed from the MAC secret, the sequence number, the message length, the message contents, and two fixed-character strings
(Section F.2 - part of appendix F)
Edit: you can also read about IKEv2 security considerations! if you think IKEv1 is "not secure".
M.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide