Using IPsec to protect data

This guidance is intended for the protection of data transmitted within a single organization or among a network of organizations across bearer networks, including the internet or commercial WAN connections. Various contexts may benefit from the principles described herein, such as safeguarding data exchanges via dedicated links between organizations and cloud service providers, or within inter-data center connections in those providers’ networks.

This guidance targets system administrators tasked with the configuration of network cryptographic devices and/or software. It delineates two profiles for implementing IPsec:

• The Recommended Profile, based on contemporary cryptographic algorithms and protocols.
• The Legacy Profile, designed for older devices that might not support some or all parameters of the Recommended Profile.

IPsec plays a critical role in securing the confidentiality and integrity of your data while it traverses less secure networks. Network-based encryption is executed using the IPsec protocol to create Virtual Private Networks (VPNs). This can take place through a software client on an End User Device (EUD), a dedicated hardware appliance (VPN gateway), or integrated capabilities within various networking infrastructure equipment (such as routers).

IPsec VPNs can either serve a singular function (for instance, connecting two gateways that link data centers) or be utilized by multiple clients simultaneously (as seen with remote working setups).

Mastering Device Principles

Creating reliable encrypted network links extends beyond just the technology—it demands proficient management by qualified personnel executing their responsibilities effectively and securely, under a management system that upholds the overall integrity of the network.

Devices implementing cryptographic defenses through IPsec should:

• be deployed and managed by an authorized entity in a manner that does not undermine the protections they are designed to offer, from a suitable management platform.
• be configured to ensure effective cryptographic protection.
• be disposed of securely.
• generate and safeguard private keys in a manner that is suitable.
• be updated promptly when new software or firmware versions are released (as outdated versions can introduce vulnerabilities).
• utilize certificates for identifying and trusting other devices, potentially implementing a suitable PKI, while optionally using Pre-Shared Keys (PSKs) for authentication when certificates are unsupported by both parties.

Further guidance regarding VPN usage can be found in the NCSC’s Device Security Guidance.

Pre-Shared Keys (PSKs)

While the use of certificates for device authentication is strongly recommended, the NCSC does not endorse using PSKs, Group Domain of Interpretation (GDOI), or other methods for establishing shared keys across multiple devices. Nevertheless, we acknowledge that PSKs are widely employed in site-to-site VPNs and may, in some cases, be the only authentication option available. In such scenarios, we advise that PSKs be:

• generated using cryptographic security measures, ensuring a minimum of 128 bits of entropy;
• exclusive to a group of devices needing to authenticate one another, and not shared across different groups;
• managed securely with access limited to authorized personnel from their creation through to distribution and eventual disposal, to prevent breaches;
• changed immediately if there are suspicions of compromise.

Principles of Network Design

• Maintaining simplicity in network design is one of the most effective strategies to ensure the network meets expected security and performance standards. Hence:
• Avoid relying too heavily on one product or network feature for multiple security functions, as a fault in one aspect could jeopardize the entire system.
• VPN gateways should ideally incorporate three interfaces: a LAN-side interface, a WAN-side interface managing IPsec-encrypted data, and a management interface.
• The management interface should connect to a dedicated management LAN (or a secure management WAN with adequate encryption), where traffic is suitably encrypted with robust authentication measures, authorization, and logging of management activities.
• The device management features should not be directly reachable through the WAN interface.
• Monitor VPN gateways and their traffic to identify unusual patterns that may indicate misconfigurations or security breaches.

Designing a network may involve additional complexity due to features like:

• Multiple LAN or WAN interfaces;
• Traffic routing rules that might allow some traffic to pass unencrypted based on specific characteristics.

When adding complexity to a network, caution is essential, as increased intricacy heightens the likelihood of misrouting or faulty device configurations that could grant unauthorized access to attackers.

For more detailed information on secure network design, review the Secure design principles and the Security architecture anti-patterns. Additional insights regarding management networks and the protection of management traffic can be found in the Acquiring, managing, and disposing of network devices guidance.

As a standard policy, VPN gateways and clients should be configured in the following manner:

• To exclusively offer and accept the Recommended Profile and/or the Legacy Profile.
• Not to allow the negotiation of alternative cipher suites unless specifically approved by an administrator.

Both profiles are suitable for safeguarding information classified as OFFICIAL in government and public sector networks. However, based on the equipment and infrastructure capabilities, preference should be given to the Recommended Profile. If devices lack full support for the Recommended Profile, the Legacy Profile may be supplemented with elements of the Recommended Profile (see profile alterations below for further information).

Important Notice

Usage of Main Mode is compulsory; no alternative modes are permissible.