Download Chapter 9

Securing Data Transmission and Authentication
Securing Traffic with IPSec
 IPSec allows us to protect our network from within
 IPSec secures the IP protocol
 IPSec has two principle goals:
 To protect the contents of IP packets
 To provide defense against network attacks through
packet filtering and the enforcement of trusted
communication.
 Attacks that IPSec can prevent and reduce:
Packet Sniffing
Man in the Middle
Data Modification
Denial of Service
Identity Spoofing
Understanding IPSec
 IPSec can be deployed in the following scenarios:
 LAN – Client/Server and peer to peer LANs
 WAN – Router to Router
 Remote Access – Dial up clients and Internet access from
private networks
 Both sides require a shared IPSec policy to establish the
security settings that will be used.
 IPSec can be configured to use one of two modes:
 Transport mode – Use this mode when you require packet
filtering and when you require end-to-end security.
 Tunnel mode – Use tunnel mode for site-to-site
communications that cross the Internet. Gateway-toGateway protection
Understanding IPSec contd.
 IPSec provides security using a combination of
individual protocols.
 Authentication Header (AH) – protocol provides
authentication, integrity, and anti-replay for the packet.
This protocol does not encrypt, but protects from
modification.
 Encapsulating Security Payload (ESP) – provides
confidentiality of the packet (encryption).
Understanding Security Associations
 SA – is the combination of security services, protection
mechanisms, and keys agreed to by communicating
peers.
 When traffic meets a filter that is defined in the policy,
the security parameters much then be negotiated. The
SA is what is agreed upon.
 Internet Key Exchange (IKE) – an algorithm used to
generate the secret keys agreed upon in the SA.
IPSec Policies
 Policies are the security rules that define the desired
security levels negotiated in the SA.
 The policy also define which traffic is “interesting” and
whether or not to negotiate IPSec or just send the
information with out modification.
 Components of a Policy:
 Tunnel setting
 Network Type
 IP filter
 IP protocol Port
 IP filter list
 Filter Action
 Authentication method
Creating IPSec Policies
 Go to local security Policy
 Use “IP security policies” for policies that must be
compatible with versions of Windows older than
Vista/Server 2008
 Use Windows Firewall with Advanced Security for
Vista/Server 2008 systems.
Breaking it all down
 Example on board
Configuring Network Authentication
 When a computer connects to a network it must be
authenticated. Typically this is done through Active
Directory and Kerberos.
 However, if there is no AD domain or you have older
clients you may need to change the Authentication
type to NTLM.
 Computer Configuration->Policies->Windows Setting> Security Settings->Security Options->Network
Security:NTLM