Security Considerations for ipsecinit.conf and ipsecconf

If, for example, the /etc/inet/ipsecinit.conf file is sent from an NFS-mounted file system, an adversary can modify the data contained in the file. The outcome would be a change to the configured policy. Consequently, you should use extreme caution if transmitting a copy of the ipsecinit.conf file over a network.

Policy cannot be changed for TCP sockets or UDP sockets on which a connect(3SOCKET) or accept(3SOCKET) has been issued. A socket whose policy cannot be changed is called a latched socket. Adding new policy entries does not affect latched sockets.

Ensure that you set up the policies before starting any communications, because existing connections might be affected by the addition of new policy entries. Similarly, do not change policies in the middle of a communication.

Protect your naming system. If the following two conditions are met, then your host names are no longer trustworthy:

• Your source address is a host that can be looked up over the network

• Your naming system is compromised

Security weaknesses often lie in misapplication of tools, not the actual tools. You should be cautious when using the ipsecconf command. Use a console or other hard-connected TTY for the safest mode of operation.