HPE Community
Operating System - HP-UX
1819909 Members
2527 Online
109607 Solutions
New Discussion юеВ

Re: turn on IPSEC on Lan card hardware?

 
SOLVED
Go to solution
TwoProc
Honored Contributor

тАО03-20-2008 12:01 PM

тАО03-20-2008 12:01 PM

turn on IPSEC on Lan card hardware?

I've been told by our Microsoft admins that they have turned on IPSEC between each port on the switch and the servers for databases (MSSqlserver). I'm told that it is simply a setting in the port configuration on the switch, and a corresponding one in the MSWin server itself.

A) Can I do this for my HPUX and Linux servers?
B) This seems to easy to count this as encrypted traffic... Is it really that easy to obtain the goal of non-sniffable data transfer between servers?

We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
4 REPLIES 4
Jim Keeble
Trusted Contributor

тАО03-21-2008 04:24 AM

тАО03-21-2008 04:24 AM

Solution

Re: turn on IPSEC on Lan card hardware?

I can't speak for Linux, but I suspect it's similar to HP-UX. HP-UX has an IPSEC "product" that is free for download from software.hp.com, and may be included by default in some operating environments.

It is as simple as installing and configuring the product, but I don't mean to imply that it's a single radio button to configure it. You do have to have some parameters that the server is using as far as encryption type, what type of traffic to encrypt, and usually some pre-shared keys for authentation purposes.
Reply
rick jones
Honored Contributor

тАО03-21-2008 08:52 AM

тАО03-21-2008 08:52 AM

Re: turn on IPSEC on Lan card hardware?

I a triffle surprised that a _switch_ would care about IPSEC. IPSEC is up at the network layer, (layer 3) and _switches_ operate at the data-link layer (layer 2). Now, there might be management functionality in the switch and that would be akin to having a small host in the switch, but for normal server to server stuff I'd think the switch is a noop for IPSEC.

As for A, someone has already pointed-out there is an add-on for IPSEC on HP-UX

As for B, yes, it can be that easy. If not at the network (IP) layer via IPSEC then at the application layer using SSL/TLS.
there is no rest for the wicked yet the virtuous have no pillows
Reply
TwoProc
Honored Contributor

тАО03-21-2008 09:11 AM

тАО03-21-2008 09:11 AM

Re: turn on IPSEC on Lan card hardware?

Thanks Jim and Rick for responding with that information. I've found the software for download from hp.com.

So, I'm reading up on this now at various sites, and this is something that I set up b/w two servers? Is this something I can set up between a server and a virtual web tier farm? Would I do that keying process between each server, or just one to the virtual IP for the farm? In other words, can this be set up as a one-to-many communication method? Or does that just defeat the purpose?

Still trying to figure this one out, thanks for all the help!
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
rick jones
Honored Contributor

тАО03-21-2008 09:18 AM

тАО03-21-2008 09:18 AM

Re: turn on IPSEC on Lan card hardware?

SSL/TLS are encryption between two applications talking over a TCP connection. Both sides have to know it is to be used.

Similarly, IPSEC is encryption between two IP addresses. Both endpoints have to know it is to be used.
there is no rest for the wicked yet the virtuous have no pillows
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.