SLIDE 1
Page 1 Page 1
Page 2 Page 2
Outline
Problems Requirements A Solution Next Step
Policy Based Security Management for IPSec Luis A. Sanchez August - - PowerPoint PPT Presentation
Policy Based Security Management for IPSec Luis A. Sanchez August - - PowerPoint PPT Presentation
Policy Based Security Management for IPSec Luis A. Sanchez August 25, 1998 Page 1 Page 1 Outline Problems Requirements A Solution Next Step Page 2 Page 2 Problems Need a common security policy specification language
SLIDE 2
SLIDE 3
Page 3
Problems
Need a common security policy specification
language
Need to specify enforcement points for each policy Discovery of security gateways Resolution of security requirements for inter-
domain communication
Consistency checking of local security policies Management of dynamic security associations
SLIDE 4
Page 4
Requirements
Support for complex topologies
t multiple embedded tunnels
Support for legacy systems
t non IPSec compliant
Scalable and deployable incrementally Independence of protocol suite, KMP NAT Friendly Graceful failure
SLIDE 5
Page 5
A Solution
SS1 Src Dst Domain 1 Domain 2 SS21 SS2 Domain 2.1 REQ 1 REQ2 REQ2 REQ21 REQ21 REQd RPY21 RPY1 RPYd CMD21 C M D 1 SG1 SG2 SG21 RPY2 CMD2
Security Policy Negotiation Protocol (SPP) Message Flow
Legend
SPP Messages
- REQ#: SPP-Request
- RPY#: SPP-Reply
- CMD#: SPP-Policy
Functions
l
provides server and security services discovery
l
domain based policy resolution
l
enforcement point selection
l
security association bundle management
SLIDE 6
Page 6
Next Step
Code Release: Pre-Alpha by End of Sept. 1998 2 Internet-Drafts underway:
t Security Policy Specification Language t Security Policy System (policy exchange and resolution protocol)
Request feedback from Community and vendors in
general
any questions:
t lsanchez@bbn.com