Has anybody tried that approach already? I'm really considering it: Instead of relying on network based IDS etc., every packet must use encryption which was initiated by a certificate issued by my own CA.
- Every client gets a unique client certificate
- Every server gets a unique server certificate
- Every service additionally requires to login.
Both SSL and SSH would be ok. Access to the internet would be done via an SSL tunnel to the gateway.
Is it feasible? Does it create practical problems? How could it be done and enforced? What do you think?
More details
My goal is to simplify the LAN's security concept - I'm not yet sure, if that's a crazy idea! But I feel, that securing a HTTPS or SSH server from internet threats (if using mutual authentication) is sometimes easier than monitoring everything that can happen in the wild world of a LAN.
On a non-encrypted LAN, I feel it's really hard to be a good step ahead of a potential attacker, because of threats like:
- Low level attacks like ARP spoofing, Port stealing, ...
- WLAN access (e.g. every developer will be allowed to access the SVN server from the (W)LAN - I don't think it will be through a VPN...)
=> For simplicity, isn't it easier to make the assumption, that there is always an attacker in the LAN?
=> Could I end up simplifying a (small company's) LAN security concept by treating it like a WAN? Or would I rather complicate it?
IPSec and alternatives
IPSec sounds very promising, but I'd be interested in alternatives to IPSec, too - Using SSL/SSH individually per service and creating an Stunnel to the Gateway? Using Kerberos maybe? ... What are the advantages of IPSec or the others?
If you can help me with getting a better grasp on IPSec, please see my follow-up question specifically on IPSec.