1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Network Security. Reasons to attack Steal information Modify information Deny service (DoS)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Chapter 13 Securing Windows Server 2008
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Agenda Introduction Network Access Protection platform architecture
Module 3 Windows Server 2008 Branch Office Scenario.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Internet Protocol Security (IPSec)
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Security Data Transmission and Authentication
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.
Windows Server 2008 Chapter 10 Last Update
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 6: Configuring and Troubleshooting Routing and Remote Access
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Module 9: Fundamentals of Securing Network Communication.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Configuring Network Access Protection
Module 5: Designing Security for Internal Networks.
Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Securing Network Communications Using IPSec Chapter Twelve.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Security Data Transmission and Authentication Lesson 9.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
SECURING NETWORK TRAFFIC WITH IPSEC
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Module 8: Securing Network Traffic by Using IPSec and Certificates
Module 8: Securing Network Traffic by Using IPSec and Certificates
Security and identity (Network Access Protection, Parental Controls)
Presentation transcript:

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection

Wireless Access Configuration in Windows Server x standard –Network access control provides an authentication mechanism to allow or deny network access based on port connection –WPA2-EAP (Wi-Fi Protected Authentication 2 – EAP) More secure than both PSK and WEP that use static key EAP  Use Certificate 2

Wireless Access Configuration in Windows Server 2008 (continued) Categories of EAP implementations –EAP over local area network (LAN) EAP-TLS –EAP over wireless PEAP: Protected Extensible Authentication Protocol 802.1x uses a three-component model for authenticating access to networks –Supplicant: Wireless client/device –Authenticator: Wireless Access Point –Authentication server: NPS/RADIUS server 3

4

Internet Protocol Security An open-standards framework for securing network communications IPSec meets three basic goals –Authentication –Integrity –Confidentiality 5

IPSec Threats Depending on the configuration of IPSec, it provides protection from the following threats –Data tampering –Denial of service –Identity spoofing –Man-in-the-middle attacks –Repudiation (rootkit) –Network traffic sniffing 6

How IPSec Works IPSec modes of operation –Transport mode –Tunnel mode IPSec Security Methods –Authentication Header (AH) –Encapsulating Security Payload (ESP) Scenarios available when deploying IPSec –Site to site –Client to client –Client to site 7

Transport Mode Used between two hosts (Client-to-Client or Client to Site) Both communication ends must support IPSec

Tunnel Mode Used between two routers (Site-to-Site) Two hosts communicating through the routers do not need to support IPSec Computers taking part in the conversation are not authenticated

AH Method Provides authentication of the two endpoints and adds a checksum to the packet Authentication guarantees that the two endpoints are known and the checksum guarantees that the packet is not modified in transit Payload of the packet is unencrypted Use whenever you are concerned about packets being captured with a packet sniffer and replayed later Less processor intensive than ESP mode

11

ESP Method Provides authentication of the two endpoints which guarantees that the two endpoints are known Adds a checksum to each packet Encrypts the data in the packet Most implementations of IPSec use ESP mode because data encryption is desired

IPSec Authentication Authentication is for the devices at two IPSec end points, NOT the users logged into the devices Internet Key Exchange is the process used by two IPSec hosts to negotiate their security parameters/protocols –IKE generates the encryption and authentication keys used by IPSec for the transaction When security parameters have been agreed upon, this is referred to as security association

Pre-shared key – Simple. But have to move key in advance Kerberos – Integrated with Windows Active Directory. Only for Active Directory Certificates –Issued by trusted organizations on the Internet called certification authorities –Certificate must be validated using the digital signature of the certification authority IPSec Connections Authentication Methods

Enabling IPSec IPSec is enabled on Windows using IPSec policies Unlike 2003, Windows 2008 does not have default policy Policies can be configured manually on each server or distributed through Group Policy – Choose tunnel or transport mode, network type – Specify IP filter and filter actions Can be managed with the following tools –WFAS Connection Security Rules –IP Security Policy snap-in –Netsh –gpme.msc

Assigning IPSec Policies Multiple IPSec policies may be configured Only assigned one is actually used No policy is used until it is assigned Only one policy can be assigned at a time per machine Assignment does not take effect immediately IPSec Policy Agent must be restarted for the change to take effect

Troubleshooting IPSec Most common IPSec troubleshooting tools are: –Ping –IPSec Security Monitor – MMC Snap-in –Event Viewer – Security log –Resultant Set of Policy – Group Policy resultant set –Network Monitor

Using IPSec

Network Access Protection NAP can be broken into three parts –Health policy validation –Health policy compliance –Access limitation 20

NAP Terminology Enforcement Client (Windows 7, 2008, Vista, XP SP3) Enforcement Server (2008 NPS Server) Host Credential Authorization Protocol (for 802.1x client) Health Registration Authority –Distribute Health Certificates. –Required for IPSec enforcement –A Role Services of NPS Server Role Network Policy Server Remediation Server (Updates clients) System Health Agent (a service on NAP client monitoring status of Firewall and Antivirus) System Health Validator 21

NAP Enforcement Methods The five types of NAP enforcement methods used by NAP –802.1x-authenticated connections (EAP) –Dynamic Host Configuration Protocol (DHCP) address configurations –IPSec communications based on IP Address or Port numbers Require HRA and Certificates Service –Terminal Services Gateway (TS Gateway) connections –Virtual Private Network (VPN) connections 22

23 Implementing NAP

Install, Configure and Enforce NAP Add NPS role and installed as part of the NPS role –Add Roles Wizard or servermanagercmd.exe command Configure Windows Security Health Validator –NPS  NAP  System Health Validators Create two new Health Policies –One Compliant policy and one Non-compliant policy –NPS  Policies  Health Policies Enable NAP Enforcement Method on client computers –napclcfg command –NAP Client Configuration snap-in Set Network Policies or Connection Security Rules 24

NAP Client Configuration

NAP Client Configuration (Continue) Turn-on Security Center in Local Computer Policy –gpedit.msc or Group Policy Object Editor snap-in –Computer Configuration  Administrative Templates  Windows Components  Security Center –Needed to work with standard Windows SHV Start Network Access Protection Agent service

NAP Monitoring Log Files –On NAP Enforcement Server: Windows Logs\Security log: non-compliant clients –On Vista or 2008 NAP Enforcement Clients : Applications and Services log\Microsoft\Windows \Network Access Protection\Operational log –On XP SP3 NAP Enforcement Client: System log

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.