CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


I'd like to thank everyone involved for making "The CPUG Challenge" a great success.
We helped a lot of people see and learn a bit more about R80.10, while having some fun.
We will be using this success to try and bring more events to more locations soon. -E

 

Results 1 to 7 of 7

Thread: What are the recommended protocols for s2s vpn today?

  1. #1
    Join Date
    2017-07-10
    Posts
    9
    Rep Power
    0

    Default What are the recommended protocols for s2s vpn today?

    Hello all,

    I would like to know, security wise, what are the recommended protocols to use in site to site vpn for phase 1 and phase 2 e.g. ASE256 phase 1 -SHA1/256 pahse2?

    Please let me know what is recommended for most secured tunnel.

    Thanks

  2. #2
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,052
    Rep Power
    12

    Default Re: What are the recommended protocols for s2s vpn today?

    Quote Originally Posted by daniba View Post
    Hello all,

    I would like to know, security wise, what are the recommended protocols to use in site to site vpn for phase 1 and phase 2 e.g. ASE256 phase 1 -SHA1/256 pahse2?

    Please let me know what is recommended for most secured tunnel.

    Thanks
    Obviously the "most secure" would involve cranking all algorithms to their maximum values. However I'd postulate that the following is "reasonable" in today's world, others may disagree:

    Phase 1: Main Mode (not Aggressive Mode unless absolutely necessary)
    Encryption: AES-256
    Hashing: SHA-256 (Not SHA-384 since this keeps the VPN traffic from being accelerated)
    DH Group: 19
    SA Lifetime: 8 hours (default is 24 hours)

    Phase 2 Quick Mode:
    Encryption: AES-128
    Hashing: SHA-256 (Not SHA-384 since this keeps the VPN traffic from being accelerated)
    PFS: Yes, DH Group 5
    SA Lifetime: 1 hour

    Avoid 3DES and SHA-384 due to performance reasons; avoid SHA1 due to security reasons. Bit disappointing that R80.10 still defaults to SHA1 for IKE Phase 1 & 2...
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  3. #3
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    966
    Rep Power
    12

    Default Re: What are the recommended protocols for s2s vpn today?

    Quote Originally Posted by ShadowPeak.com View Post
    Obviously the "most secure" would involve cranking all algorithms to their maximum values. However I'd postulate that the following is "reasonable" in today's world, others may disagree:

    Phase 1: Main Mode (not Aggressive Mode unless absolutely necessary)
    Encryption: AES-256
    Hashing: SHA-256 (Not SHA-384 since this keeps the VPN traffic from being accelerated)
    DH Group: 19
    SA Lifetime: 8 hours (default is 24 hours)

    Phase 2 Quick Mode:
    Encryption: AES-128
    Hashing: SHA-256 (Not SHA-384 since this keeps the VPN traffic from being accelerated)
    PFS: Yes, DH Group 5
    SA Lifetime: 1 hour

    Avoid 3DES and SHA-384 due to performance reasons; avoid SHA1 due to security reasons. Bit disappointing that R80.10 still defaults to SHA1 for IKE Phase 1 & 2...

    Second that. One just need to see these settings are legal in your country. Not the case for Russia, China and probably some other places.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  4. #4
    Join Date
    2009-04-30
    Location
    Colorado, USA
    Posts
    2,052
    Rep Power
    12

    Default Re: What are the recommended protocols for s2s vpn today?

    Quote Originally Posted by varera View Post
    Second that. One just need to see these settings are legal in your country. Not the case for Russia, China and probably some other places.
    Er yes, but that's not purely a technical issue. :-)
    --
    My book "Max Power: Check Point Firewall Performance Optimization"
    now available via http://maxpowerfirewalls.com.

  5. #5
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    966
    Rep Power
    12

    Default Re: What are the recommended protocols for s2s vpn today?

    Quote Originally Posted by ShadowPeak.com View Post
    Er yes, but that's not purely a technical issue. :-)
    Correct. My point was, the full answer would be "those encryption and hash protocols, unless your local laws require something different"
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  6. #6
    Join Date
    2014-04-10
    Posts
    2
    Rep Power
    0

    Default Re: What are the recommended protocols for s2s vpn today?

    For additional guidance you can start on page 39 from the following guide:

    https://bettercrypto.org/static/appl...-hardening.pdf

    Authentication: IPSEC authentication should optimally be performed via RSA signatures, with
    a key size of 2048 bits or more. Configuring only the trusted CA that issued the peer certificate
    provides for additional protection against fake certificates.
    If you need to use Pre-Shared Key authentication:
    1. Choose a random, long enough PSK (see below)
    2. Use a separate PSK for any IPSEC connection
    3. Change the PSKs regularly

    The size of the PSK should not be shorter than the output size of the hash algorithm used in
    IKE

    For a key composed of upper- and lowercase letters, numbers, and two additional symbols table 2.2 gives the minimum lengths in characters.

    Table 2.2.: PSK lengths
    IKE Hash PSK length (chars)
    SHA256 43
    SHA384 64
    SHA512 86


    Table 2.4.: IPSEC Phase 1 parameters
    Mode Main Mode
    Encryption AES-256
    Hash SHA2-*
    DH Group Group 14-18

    Table 2.5.: IPSEC Phase 2 parameters
    Perfect Forward Secrecy ✔
    Encryption AES-GCM-16, AES-CTR, AES-CCM-16, AES-256
    Hash SHA2-* (or none for AEAD)
    DH Group Same as Phase 1

    Regards,

    Luis

  7. #7
    Join Date
    2007-03-30
    Location
    DFW, TX
    Posts
    34
    Rep Power
    0

    Default Re: What are the recommended protocols for s2s vpn today?

    Strictly, due to a key scheduling issue in AES-192 and AES-256, both of those variants are less secure than AES-128. All three are strong enough as to be impervious to all known faster-than-brute-force attacks before the sun burns out, but AES-128 is also lower-impact. Thus, it should be used rather than the others whenever possible.

    The really important thing with VPN security is the length of the authenticating data on the gateways. Use long shared secrets or certificates with large keys.

    In shared secrets, character variety matters far less than length. If you stick to hexadecimal with all letters in one case, you have 16 possible values per glyph for four bits of entropy. Expanding that to the full range of characters you can type on a normal US keyboard gets you 94 possibilities per glyph for 6.55 bits of entropy per glyph (log2(94) ~= 6.55). For 256 bits of entropy, you need 64 single-case hex characters or 40 full-keyboard characters. When exchanging a secret over a phone, I vastly prefer the 64 hex characters to explaining to someone what a tilde is.

    Research suggests elliptical curve cryptography is not as secure as originally believed. I would stick with very long DH groups (group 14 is the longest supported by Check Point at 2048 bits).

    Due to the way HMAC works, all of the hashes available are more than long enough. MD5, SHA1, SHA-256, whatever all get computed, tangled with the private key, then truncated down to the first 96 bits. Since there is no real advantage to length here, and MD5 is the fastest to compute, that is the one I would use. That said, SHA1 and SHA-256 are typically fast enough on modern hardware, and they sound better to auditors.
    Zimmie

Similar Threads

  1. New Recommended JHF for R77.30: Take 185
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 10
    Last Post: 2016-11-21, 20:21
  2. New Recommended JHF for R77.30: Take 159
    By PhoneBoy in forum Check Point Release Notifications
    Replies: 11
    Last Post: 2016-08-23, 13:26
  3. Dual ISP in Active/Active forwarding traffic based on protocols
    By bhavinjbhatt in forum ISP Redundancy
    Replies: 2
    Last Post: 2015-03-06, 08:56
  4. Stateful Protocols - ICMP
    By manuadoor in forum Miscellaneous
    Replies: 5
    Last Post: 2010-07-26, 11:47
  5. R62 and incorrect handling syslog and ESP protocols
    By sabyno in forum Miscellaneous
    Replies: 2
    Last Post: 2006-12-05, 05:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •