Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Internet Protocol Security (IPSec)
Security Data Transmission and Authentication
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Clinic Security and Policy Enforcement in Windows Server 2008.
Hands-On Microsoft Windows Server 2008 Chapter 10 Securing Windows Server 2008.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Windows Server 2008 Chapter 10 Last Update
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Implementing Network Security
Using Windows Firewall and Windows Defender
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Configuring Network Access Protection
Module 5: Designing Security for Internal Networks.
Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Securing Network Communications Using IPSec Chapter Twelve.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Module 10: Windows Firewall and Caching Fundamentals.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Module 6: Network Policies and Access Protection.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Module 5: Network Policies and Access Protection
Securing Access to Data Using IPsec Josh Jones Cosc352.
Security Data Transmission and Authentication Lesson 9.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
Module Overview Installing and Configuring a Network Policy Server
SECURING NETWORK TRAFFIC WITH IPSEC
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Module 8: Securing Network Traffic by Using IPSec and Certificates
Server-to-Client Remote Access and DirectAccess
Goals Introduce the Windows Server 2003 family of operating systems
{ Security Technologies}
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

6.1 Overview of IPsec Benefits of IPsec Recommended Uses of IPsec Tools Used to Configure IPsec What are Connection Security Rules ?

Benefits of IPsec IPsec – suite of protocols that allows secure, encrypted communication between 2 computers over an unsecured network 2 goals; to protect IP packet & to defend against network attacks IPsec secures network traffic by using encryption & data signing An IPsec policy defines the type of traffic that Ipsec examines, how that traffic is secured & encrypted, and how IPsec peers are authenticated

Recommended Uses of IPsec Authenticating & encrypting host-to-host traffic Authenticating & encrypting traffic to servers Layer 2 Tunneling Protocol (L2TP)/IPsec for VPN connections Site-to-site (gateway-to-gateway) tunneling Enforcing logical networks (server/domain isolation)

Tools Used to Configure IPsec Windows Firewall with Advanced Security MMC (used for Windows Server 2008 & Windows Vista) IP Security Policy MMC (used for mixed environments & to configure policies that apply to all Windows versions) Netsh command-line tool

What are Connection Security Rules? Connection security rules involve: Authenticating 2 computers before they begin communications Securing information being sent between 2 computers Using key exchange, authentication, data integrity & data encryption (optionally) How firewall rules & connection rules are related: Firewall rules allow traffic through, but do not secure that traffic Connection security rules can secure the traffic, but creating a connection security rule does not allow traffic through the firewall

6.2 Configuring Connection Security Rules Choosing a Connection Security Rule Type What are Endpoints? Choosing Authentication Requirements Authentication Methods Determining a Usage Profile

Choosing a Connection Security Rule Type Description Isolation Restricts connections based on authentication criteria that you define Authentication Exemption Exempts specific computers, or a group or range of IP addresses, from being required to authenticate Grants access to those infrastructure computers with which this computer must communicate before authentication occurs Server-to-server Authenticates 2 specific computers, 2 groups of computers, 2 subnets, or specific computer & a group of computers or subnet Tunnel Provides secure communications between 2 peer computers through tunnel endpoints (VPN or L2TP IPsec tunnels) Custom Enables you to create a rule with special settings

What are Endpoints? Computer endpoints are the computers or the group of computers that form peers for the connection IPsec tunnel mode protects an entire IP packet by treating it as an AH or ESP payload ESP encrypts packets and applies a new unencryptes header to facilitate routing ESP function in 2 modes: Transport mode Tunnel mode

ESP Transport Mode ESP Tunnel Mode IP HDR Data ESP HDR Encrypted Data ESP TRLR ESP Auth IP HDR ESP Tunnel Mode IP HDR Data New IP HDR ESP HDR Encrypted IP Packet ESP TRLR ESP Auth

Choosing Authentication Requirements Option Description Request Authentication for inbound and outbound connections Ask that all inbound/outbound traffic be authenticated, but allow the connection if authentication fails Require authentication for inbound connections and request authentication for outbound connections Require inbound be authenticated or it will be blocked Outbound can be authentication fails Require authentication for inbound and outbound connections Require that all inbound/outbound traffic be authenticated or the traffic will be blocked

Authentication Methods Key Points Default Use the authentication method configured on the IPsec Settings tab Computer & User (Kerberos V5) You can request or require both the user & computer authenticate before communications can continue; domain membership required Computer (Kerberos V5) Request or require the computer to authenticate using Kerberos V5 User (Kerberos v5) Request or require the user to authenticate using Kerberos V5; domain membership required Computer certificate Request or require a valid computer certificate, requires at least one CA Only accept health certificates: request or require a valid health certificate to authenticate, requires IPsec NAP Advanced Configure any available method; you can specify methods for First & Second Authentication

Determining a Usage Profile Security settings can change dynamically with the network location type Windows supports 3 network types : Domain: selected when the computer is a domain member Private: networks trusted by the user (home or small office network) Public: default for newly detected networks, usually the most restrictive settings are assigned because of the security risks present on public networks The network location type is most useful on portable computers which are likely to move from network to network

6.3 Configuring IPsec NAP Enforcement IPsec Enforcement for Logical Networks IPsec NAP Enforcement Processes Requirements to Deploy IPsec NAP Enforcement

IPsec Enforcement for Logical Networks HRA VPN 802.1x DHCP NPS proxy NAP administration server Network policies NAP health policies Connection request policies SHVs SHAs NAP agent NAP ECs NAP enforcement servers SHAs NAP agent NAP ECs NPS servers Non-compliant NAP client Remediation servers Certificate services Email servers NAP policy servers Non-NAP Capable client Compliant NAP client Secure servers Restricted network Boundary Network Secure Network

IPsec NAP Enforcement Processes IPsec NAP Enforcement includes: Policy validation NAP enforcement Network restriction Remediation Ongoing monitoring of compliance VPN Server Active Directory IEEE 802.1x Devices Health Registration Authority Internet NAP Health Policy Server DHCP Server Intranet Perimeter Network Restricted network Remediation Server NAP Client with limited access

Requirements to Deploy IPsec NAP Enforcement Active Directory Active Directory Certificate Services Network Policy Server Health Registration Authority

6.4 Monitoring IPsec Activity Tools used to Monitor IPsec Using IP Security Monitor to Monitor Ipsec Using Windows Firewall with Advanced Security to Monitor IPsec

Tools Used to Monitor IPsec Key Points IP Security Monitor Used in Windows XP and higher MMC snap-in Administrators can monitor local and remote IPsec policy usage IPsecmon Only available in Windows 2000 Command-line tool Reduced level of information available for troubleshooting Windows Firewall with Advanced Security MMC New in Windows Vista and Windows Server 2008 Detailed IKE tracing using Netsh Trace file found in: systemroot\debug\oakley.log Enabled in Windows XP and Windows 2000 through Registry modification

Using IP Security Monitor to Monitor IPsec Options for using the IP Security Monitor: Modify IPsec data refresh interval to update information in the console at a set interval Allow DNS name resolution for IP addresses to provide additional information about computers connecting with IPsec Computers can monitored remotely: To enable remote management editing, the HKLM\system\currentcontrolset\services\policyagent key must have a value of 1 To Discover the Active security policy on a computer, examine the Active Policy Node in the IP Security Monitoring MMC Main Mode Monitoring monitors initial IKE and SA: Information about the Internet Key Exchange Quick Mode Monitoring monitors subsequent key exchanges related to IPsec: Information about the IPsec driver

Using Windows Firewall with Advanced Security to Monitor IPsec The Windows Firewall in Windows Vista and Windows Server 2008 incorporates IPsec Use the Connection Security Rules and Security Associations nodes to monitor IPsec connections The Connection Security Rules and Security Associations nodes will not monitor policies defined in the IP Security Policy snap-in Items that can be monitored include: Security Associations Main Mode Quick Mode

6.5 Troubleshooting IPsec IPsec Troubleshooting Process Troubleshooting Internet Key Exchange (IKE) Troubleshooting IKE Negotiation Events

IPsec Troubleshooting Process Stop the IPsec Policy Agent and use the ping command to verify communications 1 Verify firewall settings 2 Start the IPsec Policy Agent and use IP Security Monitor to determine if a security association exists 3 Verify that the policies are assigned 4 Review the policies and ensure they are compatible 5 Use IP Security Monitor to ensure that any changes are applied 6

Troubleshooting IKE ü ü ü ü Identify connectivity issues related with IPsec and IKE ü Identify firewall and port issues ü View the Oakley.log file for potential issues ü Determine Main mode exchange issues ü

Troubleshooting IKE Negotiation Events Common Security Event log codes: Success: 541 - IKE Main Mode or Quick Mode established 542 - IKE Quick Mode was deleted 543 - IKE Main Mode was deleted  Information Log Entries: Largely pertains to monitoring for denial of service attacks There might not be any errors but resources will run low, which affects performance for legitimate clients Quick Mode audit failures are denoted with 547 error message

End of Chapter 6

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.