LISA 2001 Abstract
IPSECvalidate - A Tool to Validate IPSEC Configurations
Reiner Sailer, Arup Acharya, Mandis Beigi, Raymond
Jennings, and Dinesh Verma, IBM T. J. Watson Research Center NY
Abstract
This paper describes a tool for validating the proper
configuration of the IPSEC protocol suite including IKE. The tool
validates that two hosts are able to communicate (normal ping
functionality) and that this communication is occurring using the
proper authentication/encryption transformations as required by IPSEC.
IPSEC configuration is very complex, and administrators are often
unable to determine if a machine configuration is offering the desired
protection. IPSEC and IKE operate in a manner transparent to IP
applications; an administrator is therefore unable to check the proper
operation of an IPSEC ``security association'' using traditional IP
tools.
- View the full text of this paper in
HTML,
PDF, and
PostScript.
The Proceedings are published as a collective work, © 2001 by the USENIX Association. All Rights Reserved. Rights
to individual papers remain with the author or the author's employer.
Permission is granted for the noncommercial reproduction of the complete
work for educational or research purposes. USENIX acknowledges all
trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|