Download Chapter 9

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
Document related concepts

Cyberwarfare wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Information security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Airport security wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Electronic authentication wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Unix security wikipedia , lookup

Mobile security wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Authentication wikipedia , lookup

Security and safety features new to Windows Vista wikipedia , lookup

Deep packet inspection wikipedia , lookup

Wireless security wikipedia , lookup

3-D Secure wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Security-focused operating system wikipedia , lookup

Distributed firewall wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Securing Data Transmission and Authentication
Securing Traffic with IPSec
 IPSec allows us to protect our network from within
 IPSec secures the IP protocol
 IPSec has two principle goals:
 To protect the contents of IP packets
 To provide defense against network attacks through
packet filtering and the enforcement of trusted
communication.
 Attacks that IPSec can prevent and reduce:
Packet Sniffing
Man in the Middle
Data Modification
Denial of Service
Identity Spoofing
Understanding IPSec
 IPSec can be deployed in the following scenarios:
 LAN – Client/Server and peer to peer LANs
 WAN – Router to Router
 Remote Access – Dial up clients and Internet access from
private networks
 Both sides require a shared IPSec policy to establish the
security settings that will be used.
 IPSec can be configured to use one of two modes:
 Transport mode – Use this mode when you require packet
filtering and when you require end-to-end security.
 Tunnel mode – Use tunnel mode for site-to-site
communications that cross the Internet. Gateway-toGateway protection
Understanding IPSec contd.
 IPSec provides security using a combination of
individual protocols.
 Authentication Header (AH) – protocol provides
authentication, integrity, and anti-replay for the packet.
This protocol does not encrypt, but protects from
modification.
 Encapsulating Security Payload (ESP) – provides
confidentiality of the packet (encryption).
Understanding Security Associations
 SA – is the combination of security services, protection
mechanisms, and keys agreed to by communicating
peers.
 When traffic meets a filter that is defined in the policy,
the security parameters much then be negotiated. The
SA is what is agreed upon.
 Internet Key Exchange (IKE) – an algorithm used to
generate the secret keys agreed upon in the SA.
IPSec Policies
 Policies are the security rules that define the desired
security levels negotiated in the SA.
 The policy also define which traffic is “interesting” and
whether or not to negotiate IPSec or just send the
information with out modification.
 Components of a Policy:
 Tunnel setting
 Network Type
 IP filter
 IP protocol Port
 IP filter list
 Filter Action
 Authentication method
Creating IPSec Policies
 Go to local security Policy
 Use “IP security policies” for policies that must be
compatible with versions of Windows older than
Vista/Server 2008
 Use Windows Firewall with Advanced Security for
Vista/Server 2008 systems.
Breaking it all down
 Example on board
Configuring Network Authentication
 When a computer connects to a network it must be
authenticated. Typically this is done through Active
Directory and Kerberos.
 However, if there is no AD domain or you have older
clients you may need to change the Authentication
type to NTLM.
 Computer Configuration->Policies->Windows Setting> Security Settings->Security Options->Network
Security:NTLM
Related documents
Slide 1
Slide 1
IPSEC Presentation
IPSEC Presentation
Secure Mobile IP Communication - Department of Computer Science
Secure Mobile IP Communication - Department of Computer Science
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
William Stallings, Cryptography and Network Security 3/e
Security Issues in Mobile Ad
Security Issues in Mobile Ad
IPSec (IP Security)
IPSec (IP Security)
Mullvad Barnprogram
Mullvad Barnprogram
Web Security
Web Security
Secure Mobility - Grand Rapids ISSA
Secure Mobility - Grand Rapids ISSA
Lecture X ISA & IPSecurity
Lecture X ISA & IPSecurity
Packet Timing Security Aspects TICTOC – IETF 78
Packet Timing Security Aspects TICTOC – IETF 78
ipSecMicrosof
ipSecMicrosof
IPSec VPN`s
IPSec VPN`s
NET 536Network Security
NET 536Network Security
Lecture 9: Communication Security
Lecture 9: Communication Security
here. - DePaul University
here. - DePaul University
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Binod_nepalPresentation
Binod_nepalPresentation
IPsec VPNs with Digital Certificates: The Most Secure and Scalable
IPsec VPNs with Digital Certificates: The Most Secure and Scalable
IPSec
IPSec
Security policy design with IPSec
Security policy design with IPSec