IPSec tools. Tips asked for selecting some toolsets

I have written FTP and HTTP functionality to my apps for years, using
mainly ICS tools and also some parts with INDY.

Now I should be able to open and handle IPSec VPN tunnels for secure
banking connections. Currently I am a bit lost with all these new
cryptography and key management abbreviations etc. I don't know where to
start digging myself into this new area.

I'll list here some keywords about those IPSec banking connections, in
hope someone easily understands it, and could point me to a right
direction.

IKE/ISAKMP server settings
--------------------------
Main mode
- Pre-shared keys (the payment terminal certificate)
Phase1:
- algorithms 3DES + SHA1
- lifetime 28800 seconds, kilobytes not used (=0)
- identities IPV4_SUBNET
- Diffie-Hellman group 5
Phase2:
- (ESP) algorithms 3DES + SHA1
- lifetime 3600 seconds, kilobytes not used (=0)
- identities IPV4_SUBNET
- Diffie-Hellman group 5
- PFS USED
-Key management and connection opening phases in docs
RFC 2407, 2408, 2409, 2412
-RFC 2406 IP Encapsulating Security Payload (ESP)

I know there are third party security tools for Delphi, like these two,
and maybe some others too:
http://www.secureblackbox.com/
http://www.clevercomponents.com

But I am not able to determine if both these will cover all that is
needed, and if they conform all the needed IPSec versions and
capabilities etc.

And also if both (or any) of these has some ready-made demo that could
cover most of the things that are listed above. Good demo apps will
usually save a lot of time for a beginner.

I saw that these packages include both free stuff and components and
commercial parts. Currently I can't even determine what components of
these should I choose. Do I need SSL package or SHH package. Or maybe
still something else to cover all those IPSec versions and stuff?

---
Those IPSec connections was the trickier part. But what I would need
*immediately* is a secure FTP connection over SSL (?) lines.

I have studied Free + Commercial package MoveItFreely, it offers a
secure FTP over SSL connection.
http://www.stdnet.com/products/?category_number=7&subcategory_number=2

I do fancy how easily I could get it to work. I just replaced FTP.EXE
with MoveItFreely's FTPS.EXE, and all my old command line FTP scripts
and connections were replaced with secure FTP connections. I had no idea
that I could build secure SSL connections that easy.

If I am right, I do not have to know *anything* about Public and Private
any Keys or anything with MoveItFreely, when doing FTP-transfers over
SSL. It does all on the background. I am even afraid that I have
understood something totally wrong, and suspect if my FTP connections
could still be not secured:(
Yet it seems to work easily with several secured FTP sites. And my
TCP-logger shows that the traffic is non-readable, so it should be
crypted.

I found that MoveItFreely uses this commercial SSL-toolset:
http://www.theultimatetoolbox.com
But it is written in C++ (Yuk), and I would prefer to find a
Delphi/Pascal replacement for it.

So if anyone has read this far this lengthy message from me, here are
the actual questions finally.

What toolsets should I start learning to:

1.) First to get those secure SSL + FTP connetions to work (ICS
preferred)
2.) Secondly, to quickly learn something about that IPSec, key
management etc. Currently all the documentation about those
connections and their management looks quite awful to me.

I am in a hope that some single, easy to learn security toolset could
solve both of these problems. But I am flexible for any combinations or
suggestions:-)

Thanks for any comments.

Erno
.

Relevant Pages

  • Re: Linux kernel on FreeBSD
    ... Is there something I'm missing with the firewalls ... Netfilter seems to have better nat proxy support for protocols like ftp ... If you setting incomming ftp connections to an ftp server ...
    (freebsd-questions)
  • Re: As my customer says it is an odd problem - is it DST, DNS or what? (long)
    ... Some places will refuse email if they can not resolve the machine's ... to change to the Bellsouth DNS servers on their windows system ... using Windows ftp. ... connections if they can not resolve the name/IP combination from ...
    (comp.unix.sco.misc)
  • Re: Iptables FTP question
    ... The -m helper "ftp" which was suggested by Cedric will propably do what I ... > source port of 20 if it is for port mode data connections(for a standard ... > it were for passive mode data connections. ... > rules directly to the forward chains. ...
    (comp.security.firewalls)
  • RE: FTP Window of opportunity?
    ... does it seemingly accept the connections and drop them once the response ... Subject: FTP Window of opportunity? ... blocked by the firewall. ... the FTP port shows up. ...
    (Pen-Test)
  • Re: Pass Through FTP Port?
    ... I'm trying to avoid the VPN side of the world but what you have ... I love with ISA can do ... Protocols: FTP Server ... I have played with secure ftp but not behind ISA. ...
    (microsoft.public.windows.server.sbs)