ISAKMPD Monitor:
Cynthia Irvine, David Shifflett, Timothy Levin, and Bruce Allen
Center for Information Systems Security and Research
Naval Postgraduate School
ISAKMPD works in tandem with IPsec to provide secure peer-to-peer connectivity between two systems over a network. The isakmpd_mon provides an isakmpd GUI monitor for observing aspects of this connectivity. Also provide by isakmpd_mon is a real-time display of Security Association Data (SAD), a polled display of the Security Policy Data (SPD), and a real-time view of overall host-based IP packet traffic. Currently, isakmpd_mon runs on OpenBSD 3.0.
The SAD window presents a table of "security associations" established for IPsec connections. Connection information includes security parameter index values, associated port numbers, and the encryption algorithm used by the given connection. Security associations are established when two peers begin to communicate. For example when a peer begins to communicate via FTP with another peer, a connection is created and new SAD information is shown by isakmpd_mon. Once established, security associations are retained for future availability.
The SPD window displays which peer connections may be formed by IPsec. Connection attempts not defined in this database are not allowed. The actual security attributes assigned to connections are defined by a keynote policy configuration file.
Note that isakmpd_mon also requires the Ehereal Network Analyzer, Kaffe, and the Java Swing library and is expected to be available in the OpenBSD 3.2 Ports tree.
To obtain isakmp_mon, download unzip and untar the following file on OpenBSD and see the README file for instructions on using isakmpd_mon.
|
