Introduction

This document contains tips for configuring IPsec on Microsoft Windows Vista and Windows Server 2008 systems to operate with HP-UX IPSec versions A.02.01 and later. For information on configuring IPsec on Microsoft Windows XP and Windows 2003 systems to operate with HP-UX IPSec, see in Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec.

The intended audience for this document is a network security administrator who is familiar with Microsoft Windows Vista or Windows Server 2008, the HP-UX IPSec product, and the IP Security protocol suite.

Related Documentation

The following documents are available from the HP Technical Documentation website at http://docs.hp.com:

For information on configuring IPsec on Microsoft Windows XP and Windows 2003 systems to operate with HP-UX IPSec, see Configuring Microsoft Windows IP Security to Operate with HP-UX IPSec.

For general information about configuring HP-UX IPSec, see the HP-UX IPSec A.02.01 Administrator's Guide or the HP-UX IPSec A.03.00 Administrator's Guide.

For information about configuring HP-UX IPSec to use Microsoft Windows security certificates, see Using Microsoft Windows Certificates with HP-UX IPSec A.02.01and Using Microsoft Windows Certificates with HP-UX IPSec A.03.00.

Protocol implementation differences

HP-UX and Microsoft Windows both implement the IP Security protocol suite. However, there are features in the protocol suite that HP-UX implemented that Microsoft did not implement, and vice-versa. There are also differences in default parameter values.

IKE version

At the time this document was published, Microsoft Windows Vista and Windows Server 2008 supported only Internet Key Exchange (IKE) IKE version 1. HP-UX IPSec version A.03.00 supports IKE version 1 and IKE version 2. In this document, the term “IKE” refers to IKE version 1.

IKE authentication method

The Windows default IKE authentication method is Kerberos. RFC 2408 defines an optional Kerberos Token payload, but does not describe how to implement it. HP-UX IPSec does not support Kerberos for IKE authentication. You must configure the Microsoft connection security rule to use certificates or preshared keys for IKE authentication.

On HP-UX A.02.00 and A.02.01 systems, you specify the IKE authentication method using the – authentication option in the ipsec_config add ike command.

On HP-UX A.03.00 systems, you specify the IKE authentication method using the –local_methodand –remote_methodoptions in the ipsec_config add auth command.

IKE default algorithms

The Windows advanced firewall configures the IKE encryption and hash (integrity) algorithms as pairs in security methods. By default, the Windows configuration contains the following security methods:

AES-128 encryption and SHA-1 integrity

AES-128 encryption and MD5 integrity

2

Page 1 Page 3
Page 2
Image 2
HP UX IPSec Software manual Introduction, Related Documentation
Page 1 Page 3

UX IPSec Software specifications

HP-UX IPSec Software is an integral component of the HP-UX operating system, providing robust and secure communication capabilities for enterprise environments. As organizations increasingly rely on secure networking solutions, HP-UX IPSec stands out with its comprehensive set of features and technologies designed to safeguard sensitive data.

One of the core characteristics of HP-UX IPSec Software is its implementation of the Internet Protocol Security (IPSec) framework. This technology secures Internet Protocol (IP) communications through authentication and encryption, ensuring the integrity and confidentiality of data transmissions. By leveraging IPSec, HP-UX provides a secure method for connecting remote users and secure sites over untrusted networks, such as the internet.

A notable feature of the HP-UX IPSec Software is its support for both transport and tunnel modes. The transport mode encrypts only the payload of the IP packet, whereas the tunnel mode encapsulates the entire IP packet within a new packet, allowing for secure communications between entire networks. This flexibility enables organizations to tailor their security strategies based on specific use cases and requirements.

HP-UX IPSec also emphasizes interoperability and compliance with industry standards. The software supports various encryption algorithms and authentication methods, including those defined by the Internet Engineering Task Force (IETF). This commitment to open standards ensures that HP-UX can seamlessly integrate with a diverse range of networking infrastructures and security solutions.

In addition to its security features, HP-UX IPSec Software offers administration tools that simplify the configuration and management of IPSec policies. The software includes a user-friendly command-line interface, allowing system administrators to specify security associations and policies efficiently. Moreover, comprehensive logging and monitoring capabilities help organizations keep track of their security posture and detect potential vulnerabilities.

Another essential characteristic of HP-UX IPSec Software is its scalability. Designed to accommodate the needs of both small and large enterprises, it can handle increased loads and adapt to changing security demands without compromising performance.

In conclusion, HP-UX IPSec Software stands as a vital solution for organizations seeking to protect their data transmissions over IP networks. With its core technologies, such as transport and tunnel modes, adherence to industry standards, user-friendly administration tools, and scalability, it provides a formidable layer of security in an increasingly interconnected world. This makes it a preferred choice for enterprises aiming to enhance their network security frameworks.
Top Page Image Contents