Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

Slides:



Advertisements
Similar presentations
5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Advertisements

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Agenda Introduction Network Access Protection platform architecture
Module 3 Windows Server 2008 Branch Office Scenario.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Security Data Transmission and Authentication
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Clinic Security and Policy Enforcement in Windows Server 2008.
Module 13: Configuring Availability of Network Resources and Content.
Implementing Dynamic Host Configuration Protocol
1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.
Implementing Network Security
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
Module 14: Configuring Print Resources and Printing Pools.
Securing Microsoft® Exchange Server 2010
Module 6: Configuring and Troubleshooting Routing and Remote Access
70-411: Administering Windows Server 2012
Implementing Network Access Protection
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 14: Configuring Server Security Compliance
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Windows 7 Firewall.
Module 12: Routing Fundamentals. Routing Overview Configuring Routing and Remote Access as a Router Quality of Service.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Module 11: Remote Access Fundamentals
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
Module 8: Configuring Network Access Protection
Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.
Module 11: Implementing ISA Server 2004 Enterprise Edition.
Module 9: Fundamentals of Securing Network Communication.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Welcome Windows Server 2008 安全功能 -NAP. Network Access Protection in Windows Server 2008.
Configuring Network Access Protection
Module 5: Designing Security for Internal Networks.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Module 7: Implementing Security Using Group Policy.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
Module 10: Windows Firewall and Caching Fundamentals.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Module 6: Network Policies and Access Protection.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Module 5: Network Policies and Access Protection
Securing Access to Data Using IPsec Josh Jones Cosc352.
Security Data Transmission and Authentication Lesson 9.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
SECURING NETWORK TRAFFIC WITH IPSEC
Implementing Network Access Protection
Securing the Network Perimeter with ISA 2004
Configuring and Troubleshooting Routing and Remote Access
Module 8: Securing Network Traffic by Using IPSec and Certificates
Server-to-Client Remote Access and DirectAccess
Goals Introduce the Windows Server 2003 family of operating systems
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Module 9: Configuring IPsec

Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement

Lesson 1: Overview of IPsec Benefits of IPsec Recommended Uses of IPsec Tools Used to Configure IPsec What Are Connection Security Rules? Demonstration: Configuring General IPsec Settings

Benefits of IPsec IPsec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network IPsec has two goals: to protect IP packets and to defend against network attacks Configuring IPsec on sending and receiving computers enables the two computers to send secured data to each other IPsec secures network traffic by using encryption and data signing An IPsec policy defines the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated

Recommended Uses of IPsec Recommended uses of IPsec include: Authenticating and encrypting host-to-host traffic Authenticating and encrypting traffic to servers L2TP/IPsec for VPN connections Site-to-site tunneling Enforcing logical networks

Tools Used to Configure IPsec To configure IPsec, you can use: Windows Firewall with Advanced Security MMC (used for Windows Server 2008 and Windows Vista) IP Security Policy MMC (Used for mixed environments and to configure policies that apply to all Windows versions) Netsh command-line tool

What Are Connection Security Rules? Connection security rules involve: Authenticating two computers before they begin communications Securing information being sent between two computers Using key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: Firewall rules allow traffic through, but do not secure that traffic Connection security rules can secure the traffic, but creating a connection security rule does not allow traffic through the firewall

Demonstration: Configuring General IPsec Settings In this demonstration, you will see how to configure General IPsec settings in Windows Firewall with Advanced Security

Lesson 2: Configuring Connection Security Rules Choosing a Connection Security Rule Type What Are Endpoints? Choosing Authentication Requirements Authentication Methods Determining a Usage Profile Demonstration: Configuring a Connection Security Rule

Choosing a Connection Security Rule Type Rule TypeDescription Isolation Restricts connections based on authentication criteria that you define Authentication Exemption Exempts specific computers, or a group or range of IP addresses, from being required to authenticate Grants access to those infrastructure computers with which this computer must communicate before authentication occurs Server-to-Server Authenticates two specific computers, two groups of computers, two subnets, or a specific computer and a group of computers or subnet Tunnel Provides secure communications between two peer computers through tunnel endpoints (VPN or L2TP IPsec tunnels) CustomEnables you to create a rule with special settings

What Are Endpoints? Encrypted IP Packet ESP TRLR ESP Auth ESP HDR New IP HDR Data ESP Tunnel Mode ESP Transport Mode Encrypted Data ESP TRLR ESP Auth ESP HDR IP HDR Data

Choosing Authentication Requirements OptionDescription Request Authentication for inbound and outbound connections Ask that all inbound/outbound traffic be authenticated, but allow the connection if authentication fails Require authentication for inbound connections and request authentication for outbound connections Require inbound be authenticated or it will be blocked Outbound can be authenticated but will be allowed if authentication fails Require authentication for inbound and outbound connections Require that all inbound/outbound traffic be authenticated or the traffic will be blocked

Authentication Methods MethodKey Points Default Use the authentication method configured on the IPsec Settings tab Computer and User (Kerberos V5) You can request or require both the user and computer authenticate before communications can continue; domain membership required Computer (Kerberos V5) Request or require the computer to authenticate using Kerberos V5 Domain membership required User (Kerberos V5) Request or require the user to authenticate using Kerberos V5; domain membership required Computer certificate Request or require a valid computer certificate, requires at least one CA Only accept health certificates: Request or require a valid health certificate to authenticate, requires IPsec NAP Advanced Configure any available method; you can specify methods for First and Second Authentication

Determining a Usage Profile Windows supports three network types, and programs can use these locations to automatically apply the appropriate configuration options: Domain: selected when the computer is a domain member Private: networks trusted by the user (home or small office network) Public: default for newly detected networks, usually the most restrictive settings are assigned because of the security risks present on public networks Security Settings can change dynamically with the network location type The network location type is most useful on portable computers which are likely to move from network to network

Demonstration: Configuring a Connection Security Rule In this demonstration, you will see how to configure a Connection Security rule

Lesson 3: Configuring IPsec NAP Enforcement IPsec Enforcement for Logical Networks IPsec NAP Enforcement Processes Requirements to Deploy IPsec NAP Enforcement

IPsec Enforcement for Logical Networks SHAs NAP agent NAP ECs Restricted Network Boundary Network Secure Network Non-NAP capable client Non-compliant NAP client NAP enforcement servers Remediation servers Compliant NAP client Secure servers NPS servers HRA VPN 802.1X DHCP NPS proxy SHAs NAP agent NAP ECs NAP administration server Network policies NAP health policies Connection request policies SHVs Certificate services servers NAP policy servers

IPsec NAP Enforcement includes: Policy validation NAP enforcement Network restriction Remediation Ongoing monitoring of compliance IPsec NAP Enforcement Processes Intranet Remediation Servers Internet NAP Health Policy Server DHCP Server Health Registration Authority IEEE 802.1X Devices Active Directory VPN Server Restricted Network NAP Client with limited access Perimeter Network

Requirements to Deploy IPsec NAP Enforcement Requirements for deploying IPsec NAP Enforcement: Active Directory Active Directory Certificate Services Network Policy Server Health Registration Authority

Lab: Configuring IPsec NAP Enforcement Exercise 1: Preparing the Network Environment for IPsec NAP Enforcement Exercise 2: Configuring and Testing IPsec NAP Enforcement Logon information Virtual machines NYC-DC1, NYC-CL1, NYC-CL2 User nameAdministrator Password Pa$$w0rd Estimated time: 60 minutes

Lab Review What would the implication be if you installed the Certificate Server as an Enterprise CA, as opposed to a Standalone CA, and you have workgroup computers that need to be NAP compliant? Under what circumstances would Authentication Exemption be useful in a Connection Security Rule?

Module Review and Takeaways Review Questions Common Misconceptions About IPsec IPsec Benefits Tools

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.