IPSec Security (Windows Embedded CE 6.0)
1/6/2010
IPSec v4 for Windows Embedded CE has been implemented to avoid the most common security attacks, but some security risks remain.
To protect your device from security attacks, follow these security best practices.
Best Practices
Use certificate authentication
Use authentication through a user certificate instead of preshared-key authentication. Preshared-key authentication is not scalable. If you decide to use preshared-key authentication, make sure to use long and strong passwords. For more information, see Certificates.
Understand the impact of setting the action for outgoing traffic to "soft"
If the outAction member of the IPSEC_API_MODE_INFO structure is set to IPSEC_API_OUT ACTION_SOFT, and the peer does not respond to IPSec, the system will resort to the fallback mechanism. In this case, packets will be sent to that peer in clear text. If you want both incoming and outgoing traffic to be secure, set the inAction member of IPSEC_API_MODE_INFO to IPSEC_API_IN_ACTION_SECURE and set the outAction member to IPSEC_API_OUT ACTION_SECURE.
Understand the strengths of encryption algorithms
If you want strong encryption, use 3DES instead of DES.
Note
If your policy supports DES and 3DES, a peer can choose to use DES.
If you want to use only 3DES, configure the policy accordingly. Setting the encryption algorithm to IPSEC_API_CONF_ALGO_NONE implies that the peer can choose to select no encryption.
Understand the strengths of hashing (MAC) algorithms
Use SHA1 if possible.
Note
If your policy supports SHA1 and MD5, a peer can choose to use MD5.
If you want to use only SHA1, configure the policy accordingly. Setting the hash mask to IPSEC_API_AUTH_ALGO_NONE implies that the peer can choose to select no integrity check.
Understand which source IP address IPSec is applied to
IPSec policy is applied per source IP address. The IPSec policy that is applied to one specific source IP address does not apply to your data if the network traffic passes through a network interface with a different source IP address.
If you want the IPSec policy to automatically apply to all source IP addresses, set the srcIP member in the IPSEC_API_MODE_INFO structure to zero and use IPSEC_API_APPLY_TO_ALL_SRC_IP to call SetIPSecMode. If your IPSec policy is set to a specific source IP address, the caller of the IPSec functions must handle the renewal of IP addresses and the appearance of new network interfaces.
See Also
Other Resources
IPSec v4
Security Association
Enhancing the Security of a Device