I recently had to start using PulseSecure. For authentication that damn thing loads a full blown webpage in the background, actually executes the JavaScript therein, fills some forms and submits that via POST. There's a PulseSecure module for openconnect, but it's unable to send the keepalive reauthentications, because it's unable to correctly associate the presented form inputs with the credential fields, so I'd have enter them manually, on each keepalive.
I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there, and then desintegrates their heads, too, just to be sure.
But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.
I can tell you that as long as the crypto in WireGuard is DJB stuff that can't be FIPS certified, Cisco and Juniper and such will still do a strong VPN business and you will rarely see it in BigCo, at least in the US.
Security is largely about checking boxes to reduce liability, and FIPS is a checkbox.
Corporate IT is unbelievably conservative. It's all still about Active Directory, Windows domains, and SSL VPNs with FIPS certification and AD support.
Corp IT is still on AD as AD is literally the foundation of everything MS based. No matter if Exchange, workstations, file servers, even Office 365 - all is stored in Active Directory. Even their cloud services, even Microsoft Partner Program, it's all AD under the hood.
Sure you can use Samba / OpenLDAP / half a dozen of IMAP/SMTP servers for groupware but holy hell administering it is an utter hellhole of a mess compared to the MS offerings.
Corp IT cares about two things: retraining costs for employees and admins, and efficiency. And Apache Directory Studio just doesn't cut it compared with AD Editor.
Bureaucratic inertia. I've been hoping for years that it'll be certified. They've talked about Curve25519 and Curve448 for a while but no movement so far. My insider sources tell me there's opposition, but I have no clue why... either the NSA prefers weaker crypto or (more likely) industry wants the status quo because they fear competition from open source superior products like WireGuard among many others.
I feel like having a restricted set of algorithms in FIPS 140-2 is kind of the whole point of having things like AES in the first place. First you get everyone to agree on an algorithm, then you mandate that algorithm for your own applications. I don't expect them to budge from that, and I don't think it has anything to do with quality. At the point NIST certifies XSalsa20 as FIPS-compliant, they might as well rename it AESbis.
Industry prefers FIPS 140-2 because cryptographic expertise is extremely scarce and, prior to AES, commercial products were choc-a-bloc with broken hand-rolled cryptography. It's a rational decision to delegate selection of primitives to NIST.
I think FIPS 140-2 is aging poorly, but I think that's in part because all cryptographic standards are aging poorly; like, the whole concept: top-down standardization efforts with whole cryptosystems designed by committee have a very poor track record, and probably aren't the right vehicle to improve cryptographic soundness in the industry.
NIST SP 800-186 (Draft) has the curve definitions. But says only for Ed25519, not for X25519. They have a Weierstrass curve W-25519 that is isomorphic to Curve25519 that might allow using X25519 code, but that's way above my ability to judge. 'tptacek or 'jedisct1 or others will know.
One of the reasons it is still AD is that the management of users and computers is simplified. You have several layers of admin access etc.
I use Linux since 1993 and love it. All my servers are on Linux. Managing them as a group is a nightmare. I would love to have an umbrella à la AD to have all servers and users unified inside.
People regularly manage thousands of servers using Puppet or Ansible and version control. The structured text configuration files all UNIX-like software utilize makes this trivial.
The strengths of AD are more related to client software, where many of them uses the policy mechanisms therein for management. Maintaining servers isn't what it does best.
This is a large part of the reason why "the cloud" is pretty much Linux native.
I use ansible and salt to provision servers. It works great.
It has limited to no use to manage users and their passwords or authorizations, their control over machines, remote access to a share and zillons other usages you need specialized software for. AD has it all natively.
People with large environments that needs to be managed homogenously would beg to differ. How else would people manage these things large scale? It's exactly the kind of functionality that this software provides. Expressing rules in code might be radically different to someone used to a product like AD, but the learning curve is pretty quick and it is inherently more powerful.
I do not know about products for large environments. Our is arguably medium (around 10,000 servers) and we use solutions where each does its thing, without any reasonable cooperation between the solutions:
- users management? NIS
- configuration management? ansible / salt
- machines management? none (we use a homebrew system based off salt)
- shared storage? NFS
- policies? salt or ansible if they are common to groups of machines, or NIS if for people
etc.
I would love to have a unified tool (similar to what Zen was trying to do 20 years ago) but I do not know any. What AD does for Windows is nice (though I do not use Windows servers but I see their management from the side), Linux was intended to be standalone and this is what there are so many specialized, but disconnected management systems.
Right, but NIS and NFS are just protocols. You might as well have said DNS and IMAP. There are also services behind those protocols that needs to be managed. This is what Puppet(/Chef/Salt) does.
Take NFS as an example. Let's say all your users with meets certain criteria needs an NFS share named after their user and with an ACL that gives some running software access to drop files there. Maybe this share should be mounted on every machine where this software is present, regardless of who own it or where it runs. You write this rule in Puppet code and then it is guaranteed to be true for everyone forever.
Note that we didn't even need to feed Puppet any new information to do this. All the data required to implement the change was already in the configuration database. (Which is not even a real database but only the result of existing rules.)
Compare with a product such as AD. It doesn't really do the management for you. You can store the data there, but then you need to write a script to implement this change across your server farm. This need to be maintained, and regularly checked re-run to check for changes. Someone has to schedule this. When conditions change, the software which got access changes id, or is installed in another way, the script needs to be maintained accordingly.
Having this version controlled adds another aspect to this. Since everything is text, if you find this rule you can follow the commits and see exactly who brought this into production and when.
It's interesting that you refer to Linux as a standalone system. Linux and other unices have their roots not in single instance "personal computers" but in multi user environments. This is why to this day Linux admins treat everything as text and work mostly by text commands. Others may find this archaic but without this and without version control we could never maintain large homogenous environments. You might say that automation is built into the very way we use these systems.
WireGuard is actually pretty awful from an IT security org perspective. There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures. Additionally, there is no concept of two step auth, so if your key is compromised, anyone can connect without anyone knowing about the compromise.
If security companies adopt WireGuard, expect things like PulseSecure to remain as a wrapper around WireGuard. They'll at least standardize on a performant and verifiable VPN solution.
There are (at least) two pieces to WireGuard. The wireguard "wire" protocol itself, which is implemented in the kernel. And the authentication and key exchange, that are done by userspace tools.
Right now there exist the "default" tools, which require a manual exchange of key pairs and do only very rudimentary user mapping and authorization.
However: It is perfectly possible to implement much more complex authorization schemes, with all the two step auth, logging, etc. you desire. Somebody has to write the tools for that, still. But the nice thing is, that this is a pretty much independent task, which you could do over any transport/protocol you desire (HTTPS, SSH, custom made, etc.).
An idea I've had for a longer time, but don't have the time to actually invest developing it, is using wireguard for a pure IPv6 mesh VPN.
- The ULA network part would be the key-id (lower bits) of the mesh public key (i.e. with knowledge of the mesh private key you can join the mesh), used for the mesh setup.
- The Host part would be each individual host's key-id (again lower bits of the public key).
> WireGuard is actually pretty awful from an IT security org perspective. There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures. Additionally, there is no concept of two step auth, so if your key is compromised, anyone can connect without anyone knowing about the compromise.
WireGuard's open source. Also you should bring these points up on the mailing lists. Even if you're not the one who writes it, mentioning it should put it on peoples' radar.
As you noted, Wireguard is only a part of what makes the current VPN solutions.
But that does not mean that it will stay that way. There's already effort at wg-dynamic, for dynamic allocation of ip addresses (as opposed to static allocation, which is current status quo in wireguard).
Later, it might be worth of effort to try running 802.1x over wireguard for authentication and accounting.
> There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures.
I'm wondering if this would be a use case for eBPF
Apologies for sounding flippant: this sounds like a good opportunity for someone to build tools that use wireguard as a foundation to achieve what you want.
I tend to agree with this statement. I have been tracking WireGuard as a potential replacement for PulseSecure and it's a far ways off. We need 2FA and SAML support along with dynamic address assignment and logging before we can make the case to replace PulseSecure.
> I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there
I'm not sure that will happen. I mean, we had multiple solutions very close to what wg provides already. They're not as trivial to configure, but it would definitely be easier than creating a custom java applet instead.
Whatever makes enterprise VPN so bad, it doesn't seem to be the availability of better tech.
Currently looking at new vpn solutions where I work. Would like to use WG but it's just not suitable for a corporate environment (and neither is openvpn really, though we use it today), and it likely never will be because of how its designed (not a bad thing).
I've used it privately for a while and it is much better than anything else.
> But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.
This might quite literally be F5’s reasoning behind their BIG-IP Edge VPN client. :)
I recently had to start using PulseSecure. For authentication that damn thing loads a full blown webpage in the background, actually executes the JavaScript therein, fills some forms and submits that via POST. There's a PulseSecure module for openconnect, but it's unable to send the keepalive reauthentications, because it's unable to correctly associate the presented form inputs with the credential fields, so I'd have enter them manually, on each keepalive.
I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there, and then desintegrates their heads, too, just to be sure.
But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.