Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9
lượt xem 3
download
Module 9: Securing network traffic by using IPSec. This module provides you with the knowledge and skills to secure network traffic and to use certificates with IPSec for increased security. After completing this module, students will be able to: Implement IPSec, understand IPSec deployment scenarios, monitor IPSec.
Bình luận(0) Đăng nhập để gửi bình luận!
Nội dung Text: Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 9
- Module 9: Securing Network Traffic by Using IPSec
- Overview • Implementing IPSec • Understanding IPSec Deployment Scenarios • Monitoring IPSec
- Lesson: Implementing IPSec • Multimedia: The Role of IPSec in a Network Infrastructure • What Is IPSec? • How IPSec Works • IPSec Protocols • IPSec Security Policy • How IPSec Policies Work Together • Certificates and IPSec • Multimedia: Certificate Enrollment • Practice: Implementing IPSec
- Multimedia: The Role of IPSec in a Network Infrastructure • The objective of this presentation is to describe how IPSec is used to ensure secure private communications over IP networks • At the end of this presentation, you will be able to: – Explain what IPSec is – Describe how IPSec works – Describe how IPSec policies work
- What Is IPSec? IPSec verifies, authenticates, and encrypts IP packets to provide secure network transmissions IPSec provides: Mutual authentication before and during communications Confidentiality through encryption of IP traffic Integrity of IP traffic by rejecting modified traffic Protection from replay attacks
- How IPSec Works Active 1 Directory IPSec IPSec Policy Policy Security Association Negotiation (ISAKMP) 2 TCP TCP Layer Layer IPSec IPSec Driver Driver 3 Encrypted IP Packets
- IPSec Protocols AH provides authentication, integrity, and anti- replay protection IP payload IP Authentication (TCP segment, UDP message, ICMP header header message) Signed by Authentication header ESP provides confidentiality, authentication, integrity, and anti-replay protection IP payload ESP IP ESP ESP (TCP segment, UDP message, Auth header header trailer ICMP message) trailer Encrypted with ESP header Signed by ESP Auth trailer
- IPSec Security Policy IPSec uses rules and policies to secure network traffic Rules are composed of: A filter A filter action An authentication method Default policies include: Client (Respond Only) Server (Request Security) Secure Server (Require Security)
- Demonstration: Configuring an IPSec Policy Your instructor will demonstrate how to: Create an IP filter list Create an IP filter action Configure and assign the IPSec policy
- How IPSec Policies Work Together Server Secure Client (Reques No policy Server (Respon t assigned (Require d Only) Security Security) ) No No policy No IPSec No IPSec No IPSec communicati assigned on Client (Respond No IPSec No IPSec IPSec IPSec Only) Server (Request No IPSec IPSec IPSec IPSec Security) Secure No Server communicati IPSec IPSec IPSec (Require on Security)
- Certificates and IPSec A certificate is an electronic credential that authenticates a user on the Internet and intranets Use certificates with IPSec to: Allow interoperability between external clients Implement VPN communications using L2TP
- Multimedia: Certificate Enrollment • The objective of this presentation is to provide a highlevel overview of certificate enrollment • At the end of this presentation, you will be able to: – Define certificate enrollment – Describe how certificate enrollment works
- Practice: Implementing IPSec In this practice, you will: • Enroll for a computer certificate • Implement IPSec • Configure IPSec to use a certificate
- Lesson: Understanding IPSec Deployment Scenarios • Recommended Uses of IPSec • IPSec Packet Filtering • Considerations for Using IPSec to Secure Internal Communications • IPSec Configurations for Virtual Private Networking • Practice: Understanding IPSec Deployment Scenarios
- Recommended Uses of IPSec Consider using IPSec for: Packet filtering Securing host-to-host traffic on specific paths Securing traffic to servers L2TP/IPSec for VPN connections Site-to-site (gateway-to-gateway) tunneling
- IPSec Packet Filtering Packet-filtering rules allow a computer to determine what traffic is allowed and the level of security required DEN- -srv1 SRV1 :/ /den ht tp ftp: / /den -srv 1 IP Filter List Filter Action HTTP traffic Block FTP traffic Require security
- Considerations for Using IPSec to Secure Internal Communications When implementing IPSec internally to secure network communications, consider the following: Use IPSec to add security to unsecured services Not all operating systems support the use of IPSec IPSec increases connection times IPSec increase CPU utilization IPSec consumes additional bandwidth Compatibility issues with NAT
- IPSec Configurations for Virtual Private Networking L2TP uses IPSec to encrypt data LAN Use certificates or a preshared key for authentication L2 TP ov er VPN Server I PS Internet ec Remote Client
- Practice: Understanding IPSec Deployment Scenarios In this the practice, you will configure an IPSec packet filter
- Lesson: Monitoring IPSec • IP Security Monitor • Guidelines for Monitoring IPSec Policies • Practice: Monitoring IPSec
CÓ THỂ BẠN MUỐN DOWNLOAD
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 1
31 p | 51 | 5
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 10
46 p | 71 | 5
-
Course 2277C: Implementing, managing, and maintaining a Microsoft® Windows Server™ 2003 network infrastructure: Network services
13 p | 55 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 7
30 p | 50 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 5
23 p | 41 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 4
43 p | 41 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 2
24 p | 48 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 11
16 p | 35 | 4
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 6
20 p | 41 | 3
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 3
20 p | 62 | 3
-
Course 2277C: Implementing, managing, and maintaining a Microsoft Windows Server 2003 network infrastructure: Network services - Module 8
15 p | 36 | 3
Chịu trách nhiệm nội dung:
Nguyễn Công Hà - Giám đốc Công ty TNHH TÀI LIỆU TRỰC TUYẾN VI NA
LIÊN HỆ
Địa chỉ: P402, 54A Nơ Trang Long, Phường 14, Q.Bình Thạnh, TP.HCM
Hotline: 093 303 0098
Email: support@tailieu.vn