Identifying authentication requirements

Identifying authentication requirements

Determine how you will identify and authenticate the partners in your VPN. Sidewinder and Soft-PK both support using digital certificates and pre-shared key VPN configurations. In addition, when you use Sidewinder version 5.1.0.02 or later, you can set up Extended Authentication to provide increased security to your VPN network. The following summarizes VPN authentication methods.

Using digital certificate authentication

When using digital certificates (or "public key authentication"), each system in the VPN requires a unique private key file and a corresponding public key certificate file.

￿The private key file

A private key file is unique to each system in the network and kept secret by the holder (VPN client, firewall, etc.). It is used to create digital signatures and, depending upon the algorithm, to decrypt data encrypted with the corresponding public key.

￿The certificate file (with public key)

Certificates contain informational values such as the identity of the public key’s owner, a copy of the public key itself (so others can encrypt messages or verify digital signatures), an expiration date, and the digital signature of creating entity (CA or firewall).

When using Sidewinder, the trusted source for authorizing key/ certificate pairs can be Sidewinder itself through "self-signed" certificates, or a public or private Certificate Authority (CA) server (for example; Netscape, Baltimore, Entrust, etc.). Digital certificate implementations using Sidewinder/Soft-PK follow the X.509 standard.

IMPORTANT: You must configure the necessary certificates before you configure the VPN

connection parameters on Sidewinder or Soft-PK.

In addition, digital certificates have an "effective" date and an "expiration date." Before certificates expire, they must be retrieved and updated in the VPN gateway (i.e., Sidewinder firewall) to continue using them in a VPN.

Planning Your VPN Configuration

2-3

 

 

Page 23
Image 23
Secure Computing Soft-PK Version 5.1.3 Build 4, SafeNet manual Identifying authentication requirements, Private key file