09-13-2012 09:45 PM
Hi
Can someone help me to understand, why SSL VPN lacks in Anti-Replay attack protection?
Also please let me know if there is anyother security concerns in SSL VPN comparing to IPSec VPN. Thanks for your time in advance.
Regards,
Gan
09-14-2012 01:29 AM
Gan,
Have a look at RFC, I don't think it's fully the way you describe.
Sections 6.2.2 and 6.2.3 should be relevant.
(...) The MAC of the record also includes a sequence number so that missing, extra, or repeated messages are detectable.
M.
09-15-2012 06:49 PM
Hi Marcin,
Thanks for your time. Read the RFC and got to know that SSL VPN protects Anti-Replay Attack as well.
Can you please help me to understand which VPN is more seure IPSec VPN or SSL VPN? and Why?
Regards,
Gan
09-16-2012 02:16 AM
Gan,
I think you're looking at this the wrong way around.
Why don't you start with reading security considerations part of RFC:
SSLv3:
http://tools.ietf.org/html/rfc6101#appendix-F
IPsec and IKE:
http://tools.ietf.org/html/rfc2409#page-28
http://tools.ietf.org/html/rfc4301#page-72
Also, I relized I quoted the TLS RFC not SSL, here's a correction:
To prevent message replay or modification attacks, the MAC is computed from the MAC secret, the sequence number, the message length, the message contents, and two fixed-character strings
(Section F.2 - part of appendix F)
Edit: you can also read about IKEv2 security considerations! if you think IKEv1 is "not secure".
M.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: