Summary

  

This chapter discussed the concepts of IPSec and SASL. IPSec is a set of protocols that are used to secure the Internet Protocol for VPNs, IP version 4, and IP version 6. No discussion of network security would be complete without discussing the standards that are used to protect the current version of the Internet Protocol. The IPSec has defined protocols for secure key exchanges and secure messaging through the network. IPSec also provides tunneling, which provides the capability to proxy through firewalls. I started this chapter by looking at the Simple Key Management for Internet Protocols (SKIP), which led me to the www.skip.org , RFC 2356, and Sun's SunScreen product.

Many references that led to the SKIP disappeared after 1996 and were replaced by ISAKMP. ISAKMP is just one of the protocols that are part of the IPSec. The IPSec covers securing the Internet Protocol and provides multiple protocols working together to make up the IPSec. The SKIP protocol is just one protocol that makes up the secure key exchange. I looked for a while for any implementation of SKIP and found several examples from other books. Most of them did not implement a CDR, header, or other components of SKIP.

The IPSec was created to be used with Ipv4 and Ipv6 and is handled by many services at the hardware and device driver level. It is also important when generating IP services that talk at the network transport level, such as applications that use Java sockets, that they can support these protocols if the security is high. There are many other protocols that can be used to some degree in place of IPSec, such as SSL, TLS, and GSS-API, but hardware devices like routers, that IPSec supports, do not support these protocols.

No discussion can happen about authentication with Java without SASL. SASL is heavily used for authenticating LDAP servers and is used with JNDI authentications. SASL is a protocol for key transfer and authentication that can use different pluggable authentication mechanisms. SASL doesn't define the implementation like JAAS, and JAAS can be used as the implementation for SASL. SASL doesn't have to be used just for JNDI or LDAP, but can be used as an authentication protocol for any client-server connection.

  


Java Security Solutions
Java Security Solutions
ISBN: 0764549286
EAN: 2147483647
Year: 2001
Pages: 222

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net