|
Secure traffic between two systems
|
Involves:
-
Adding addresses to the /etc/inet/ipnodes file
-
Entering the IPsec policy in the /etc/inet/ipsecinit.conf file
-
Setting up key exchange
-
Activating the ipsecinit.conf file
|
How to Secure Traffic Between Two Systems
|
|
Secure a web server by using IPsec policy
|
Involves enabling only secure traffic by entering different security requirements for different ports in the ipsecinit.conf file. Also involves activating the file.
|
How to Secure a Web Server
|
|
Set up a virtual private network (VPN)
|
Involves:
-
Turning off IP forwarding
-
Turning on IP strict destination multihoming
-
Disabling most network and Internet services
-
Adding security associations
-
Configuring the IPsec policy
-
Configuring a secure tunnel
-
Turning on IP forwarding
-
Configuring a default route
-
Running the routing protocol
|
How to Set Up a Virtual Private Network (VPN)
|
|
Generate random numbers
|
Involves using the od command to generate random numbers for keying material when you manually create SAs.
|
How to Generate Random Numbers
|
|
Create or replace security associations (SAs) manually
|
Involves using the ipseckey command to create SAs. Also involves creating an ipseckeys
file to hold the keying material.
|
How to Manually Create IPsec Security Associations
|
|
Check that IPsec is protecting the packets
|
Involves examining snoop output for specific headers that indicate how the IP datagrams are protected.
|
How to Verify That Packets Are Protected
|
