Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9

Chia sẻ: Nothing Nothing | Ngày: | Loại File: PPT | Số trang:24

Thêm vào BST

Báo xấu

52
lượt xem 3
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Module 9: Securing network traffic by using IPSec. This module provides you with the knowledge and skills to secure network traffic and to use certificates with IPSec for increased security. After completing this module, students will be able to: Implement IPSec, understand IPSec deployment scenarios, monitor IPSec.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9

Module 9: Securing Network Traffic by Using IPSec
Overview • Implementing IPSec • Understanding IPSec Deployment Scenarios • Monitoring IPSec
Lesson: Implementing IPSec • Multimedia: The Role of IPSec in a Network Infrastructure • What Is IPSec? • How IPSec Works • IPSec Protocols • IPSec Security Policy • How IPSec Policies Work Together • Certificates and IPSec • Multimedia: Certificate Enrollment • Practice: Implementing IPSec
Multimedia: The Role of IPSec in a Network Infrastructure • The objective of this presentation is to describe how IPSec is used to ensure secure private communications over IP networks • At the end of this presentation, you will be able to: – Explain what IPSec is – Describe how IPSec works – Describe how IPSec policies work
What Is IPSec? IPSec verifies, authenticates, and encrypts IP packets to provide secure network transmissions IPSec provides: Mutual authentication before and during communications Confidentiality through encryption of IP traffic Integrity of IP traffic by rejecting modified traffic Protection from replay attacks
How IPSec Works Active 1 Directory IPSec IPSec Policy Policy Security Association Negotiation (ISAKMP) 2 TCP TCP Layer Layer IPSec IPSec Driver Driver 3 Encrypted IP Packets
IPSec Protocols AH provides authentication, integrity, and anti- replay protection IP payload IP Authentication (TCP segment, UDP message, ICMP header header message) Signed by Authentication header ESP provides confidentiality, authentication, integrity, and anti-replay protection IP payload ESP IP ESP ESP (TCP segment, UDP message, Auth header header trailer ICMP message) trailer Encrypted with ESP header Signed by ESP Auth trailer
IPSec Security Policy IPSec uses rules and policies to secure network traffic Rules are composed of:  A filter  A filter action  An authentication method Default policies include:  Client (Respond Only)  Server (Request Security)  Secure Server (Require Security)
Demonstration: Configuring an IPSec Policy Your instructor will demonstrate how to: Create an IP filter list Create an IP filter action Configure and assign the IPSec policy
How IPSec Policies Work Together Server Secure Client (Reques No policy Server (Respon t assigned (Require d Only) Security Security) ) No No policy No IPSec No IPSec No IPSec communicati assigned on Client (Respond No IPSec No IPSec IPSec IPSec Only) Server (Request No IPSec IPSec IPSec IPSec Security) Secure No Server communicati IPSec IPSec IPSec (Require on Security)
Certificates and IPSec A certificate is an electronic credential that authenticates a user on the Internet and intranets Use certificates with IPSec to: Allow interoperability between external clients Implement VPN communications using L2TP
Multimedia: Certificate Enrollment • The objective of this presentation is to provide a highlevel overview of certificate enrollment • At the end of this presentation, you will be able to: – Define certificate enrollment – Describe how certificate enrollment works
Practice: Implementing IPSec In this practice, you will: • Enroll for a computer certificate • Implement IPSec • Configure IPSec to use a certificate
Lesson: Understanding IPSec Deployment Scenarios • Recommended Uses of IPSec • IPSec Packet Filtering • Considerations for Using IPSec to Secure Internal Communications • IPSec Configurations for Virtual Private Networking • Practice: Understanding IPSec Deployment Scenarios
Recommended Uses of IPSec Consider using IPSec for: Packet filtering Securing host-to-host traffic on specific paths Securing traffic to servers L2TP/IPSec for VPN connections Site-to-site (gateway-to-gateway) tunneling
IPSec Packet Filtering Packet-filtering rules allow a computer to determine what traffic is allowed and the level of security required DEN- -srv1 SRV1 :/ /den ht tp ftp: / /den -srv 1 IP Filter List Filter Action HTTP traffic Block FTP traffic Require security
Considerations for Using IPSec to Secure Internal Communications When implementing IPSec internally to secure network communications, consider the following: Use IPSec to add security to unsecured services Not all operating systems support the use of IPSec IPSec increases connection times IPSec increase CPU utilization IPSec consumes additional bandwidth Compatibility issues with NAT
IPSec Configurations for Virtual Private Networking L2TP uses IPSec to encrypt data LAN Use certificates or a preshared key for authentication L2 TP ov er VPN Server I PS Internet ec Remote Client
Practice: Understanding IPSec Deployment Scenarios In this the practice, you will configure an IPSec packet filter
Lesson: Monitoring IPSec • IP Security Monitor • Guidelines for Monitoring IPSec Policies • Practice: Monitoring IPSec