intTypePromotion=1
zunia.vn Tuyển sinh 2024 dành cho Gen-Z zunia.vn zunia.vn
ADSENSE

Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9

Chia sẻ: Nothing Nothing | Ngày: | Loại File: PPT | Số trang:24

52
lượt xem
3
download
 
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Module 9: Securing network traffic by using IPSec. This module provides you with the knowledge and skills to secure network traffic and to use certificates with IPSec for increased security. After completing this module, students will be able to: Implement IPSec, understand IPSec deployment scenarios, monitor IPSec.

Chủ đề:
Lưu

Nội dung Text: Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9

  1. Module 9: Securing Network Traffic by Using IPSec 
  2. Overview • Implementing IPSec • Understanding IPSec Deployment Scenarios • Monitoring IPSec
  3. Lesson: Implementing IPSec • Multimedia: The Role of IPSec in a  Network Infrastructure • What Is IPSec? • How IPSec Works  • IPSec Protocols • IPSec Security Policy • How IPSec Policies Work Together • Certificates and IPSec • Multimedia: Certificate Enrollment • Practice: Implementing IPSec 
  4. Multimedia: The Role of IPSec in a Network  Infrastructure • The objective of this presentation is to  describe how IPSec is used to ensure  secure private communications over IP networks • At the end of this presentation, you will  be able to: – Explain what IPSec is – Describe how IPSec works – Describe how IPSec policies work
  5. What Is IPSec? IPSec verifies, authenticates, and encrypts IP packets to provide secure network transmissions IPSec provides: Mutual authentication before and during communications Confidentiality through encryption of IP traffic Integrity of IP traffic by rejecting modified traffic Protection from replay attacks
  6. How IPSec Works Active 1 Directory IPSec IPSec Policy Policy Security Association Negotiation (ISAKMP) 2 TCP TCP Layer Layer IPSec IPSec     Driver Driver 3 Encrypted IP Packets
  7. IPSec Protocols AH provides authentication, integrity, and anti- replay protection IP payload IP Authentication (TCP segment, UDP message, ICMP header header message) Signed by Authentication header ESP provides confidentiality, authentication, integrity, and anti-replay protection IP payload ESP IP ESP ESP (TCP segment, UDP message, Auth header header trailer ICMP message) trailer Encrypted with ESP header Signed by ESP Auth trailer
  8. IPSec Security Policy IPSec uses rules and policies to secure network traffic Rules are composed of:  A filter  A filter action  An authentication method Default policies include:  Client (Respond Only)  Server (Request Security)  Secure Server (Require Security)
  9. Demonstration: Configuring an IPSec Policy Your instructor will demonstrate how to: Create an IP filter list Create an IP filter action Configure and assign the IPSec policy
  10. How IPSec Policies Work Together Server Secure Client (Reques No policy Server (Respon t assigned (Require d Only) Security Security) ) No No policy No IPSec No IPSec No IPSec communicati assigned on Client (Respond No IPSec No IPSec IPSec IPSec Only) Server (Request No IPSec IPSec IPSec IPSec Security) Secure No Server communicati IPSec IPSec IPSec (Require on Security)
  11. Certificates and IPSec A certificate is an electronic credential that authenticates a user on the Internet and intranets Use certificates with IPSec to: Allow interoperability between external clients Implement VPN communications using L2TP
  12. Multimedia: Certificate Enrollment • The objective of this presentation is to  provide a high­level overview of certificate enrollment • At the end of this presentation, you will  be able to: – Define certificate enrollment – Describe how certificate enrollment  works 
  13. Practice: Implementing IPSec In this practice, you will: • Enroll for a computer certificate • Implement IPSec • Configure IPSec to use a certificate
  14. Lesson: Understanding IPSec Deployment  Scenarios • Recommended Uses of IPSec • IPSec Packet Filtering • Considerations for Using IPSec to Secure Internal Communications • IPSec Configurations for Virtual Private Networking • Practice: Understanding IPSec Deployment Scenarios
  15. Recommended Uses of IPSec Consider using IPSec for: Packet filtering Securing host-to-host traffic on specific paths Securing traffic to servers L2TP/IPSec for VPN connections Site-to-site (gateway-to-gateway) tunneling
  16. IPSec Packet Filtering Packet-filtering rules allow a computer to determine what traffic is allowed and the level of security required DEN- -srv1 SRV1 :/ /den ht tp ftp: / /den -srv 1 IP Filter List Filter Action HTTP traffic Block FTP traffic Require security
  17. Considerations for Using IPSec to Secure  Internal Communications When implementing IPSec internally to secure network communications, consider the following: Use IPSec to add security to unsecured services Not all operating systems support the use of IPSec IPSec increases connection times IPSec increase CPU utilization IPSec consumes additional bandwidth Compatibility issues with NAT
  18. IPSec Configurations for Virtual Private  Networking L2TP uses IPSec to encrypt data LAN Use certificates or a preshared key for authentication L2 TP ov er VPN Server I PS Internet ec Remote Client
  19. Practice: Understanding IPSec Deployment  Scenarios In this the practice, you will configure an IPSec packet filter
  20. Lesson: Monitoring IPSec • IP Security Monitor  • Guidelines for Monitoring IPSec Policies • Practice: Monitoring IPSec
ADSENSE

CÓ THỂ BẠN MUỐN DOWNLOAD

 

Đồng bộ tài khoản
3=>0