1 / 22

Module 9: Configuring IPsec

Module 9: Configuring IPsec. Module Overview. Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement. Lesson 1: Overview of IPsec. Benefits of IPsec Recommended Uses of IPsec Tools Used to Configure IPsec What Are Connection Security Rules?

ezra-pace
Download Presentation

Module 9: Configuring IPsec

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Module 9: Configuring IPsec

  2. Module Overview • Overview of IPsec • Configuring Connection Security Rules • Configuring IPsec NAP Enforcement

  3. Lesson 1: Overview of IPsec • Benefits of IPsec • Recommended Uses of IPsec • Tools Used to Configure IPsec • What Are Connection Security Rules? • Demonstration: Configuring General IPsec Settings

  4. Benefits of IPsec IPsec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network • IPsec has two goals: to protect IP packets and to defend against network attacks • Configuring IPsec on sending and receiving computers enables the two computers to send secured data to each other • IPsec secures network traffic by using encryption and data signing • An IPsec policy defines the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated

  5. Recommended Uses of IPsec Recommended uses of IPsec include: • Authenticating and encrypting host-to-host traffic • Authenticating and encrypting traffic to servers • L2TP/IPsec for VPN connections • Site-to-site tunneling • Enforcing logical networks

  6. Tools Used to Configure IPsec To configure IPsec, you can use: • Windows Firewall with Advanced Security MMC(used for Windows Server 2008 and Windows Vista) • IP Security Policy MMC (Used for mixed environments and to configure policies that apply to all Windows versions) • Netsh command-line tool

  7. What Are Connection Security Rules? Connection security rules involve: • Authenticating two computers before they begin communications • Securing information being sent between two computers • Using key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: • Firewall rules allow traffic through, but do not secure that traffic • Connection security rules can secure the traffic, but creating a connection security rule does not allow traffic through the firewall

  8. Demonstration: Configuring General IPsec Settings In this demonstration, you will see how to configure General IPsec settings in Windows Firewall with Advanced Security

  9. Lesson 2: Configuring Connection Security Rules • Choosing a Connection Security Rule Type • What Are Endpoints? • Choosing Authentication Requirements • Authentication Methods • Determining a Usage Profile • Demonstration: Configuring a Connection Security Rule

  10. Choosing a Connection Security Rule Type

  11. What Are Endpoints? Data IP HDR ESP TRLR IP HDR ESP Auth ESP HDR Encrypted Data IP HDR Data New IP HDR ESP TRLR ESP Auth ESP HDR Encrypted IP Packet ESP Transport Mode ESP Tunnel Mode

  12. Choosing Authentication Requirements

  13. Authentication Methods

  14. Determining a Usage Profile Security Settings can change dynamically with the network location type Windows supports three network types, and programs can use these locations to automatically apply the appropriate configuration options: • Domain: selected when the computer is a domain member • Private: networks trusted by the user (home or small office network) • Public: default for newly detected networks, usually the most restrictive settings are assigned because of the security risks present on public networks The network location type is most useful on portable computers which are likely to move from network to network

  15. Demonstration: Configuring a Connection Security Rule In this demonstration, you will see how to configure a Connection Security rule

  16. Lesson 3: Configuring IPsec NAP Enforcement • IPsec Enforcement for Logical Networks • IPsec NAP Enforcement Processes • Requirements to Deploy IPsec NAP Enforcement

  17. IPsec Enforcement for Logical Networks HRA VPN 802.1X DHCP NPS proxy NAP administration server Network policies NAP health policies Connection request policies SHVs SHAs NAP agent NAP ECs SHAs NAP agent NAP ECs NPS servers NAP enforcement servers Non-compliant NAP client Certificate services E-mail servers NAP policy servers Compliant NAP client Non-NAP capable client Secure servers Remediation servers Secure Network Restricted Network Boundary Network

  18. IPsec NAP Enforcement Processes VPN Server Active Directory IEEE 802.1X Devices Health Registration Authority Internet NAP Health Policy Server DHCP Server Intranet Perimeter Network Restricted Network Remediation Servers NAP Client with limited access IPsec NAP Enforcement includes: • Policy validation • NAP enforcement • Network restriction • Remediation • Ongoing monitoring of compliance

  19. Requirements to Deploy IPsec NAP Enforcement Requirements for deploying IPsec NAP Enforcement: Active Directory ü Active Directory Certificate Services ü Network Policy Server ü Health Registration Authority ü

  20. Lab: Configuring IPsec NAP Enforcement • Exercise 1: Preparing the Network Environment for IPsec NAP Enforcement • Exercise 2: Configuring and Testing IPsec NAP Enforcement Logon information Estimated time: 60 minutes

  21. Lab Review • What would the implication be if you installed the Certificate Server as an Enterprise CA, as opposed to a Standalone CA, and you have workgroup computers that need to be NAP compliant? • Under what circumstances would Authentication Exemption be useful in a Connection Security Rule?

  22. Module Review and Takeaways • Review Questions • Common Misconceptions About IPsec • IPsec Benefits • Tools

More Related