Scribd
Upload
51 views

Module 10 - Ipsec: Ing. Rayner Durango E. Msig Mcse, MCT

This document discusses implementing and monitoring IPSec. It covers IPSec protocols, authentication methods, security policies, packet filtering, deployment scenarios including VPN configurations, and monitoring tools like the IP Security Monitor. The key aspects of IPSec include verifying, authenticating, and encrypting IP traffic to provide secure network transmissions.

Uploaded by

Jhono Bass
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views

Module 10 - Ipsec: Ing. Rayner Durango E. Msig Mcse, MCT

This document discusses implementing and monitoring IPSec. It covers IPSec protocols, authentication methods, security policies, packet filtering, deployment scenarios including VPN configurations, and monitoring tools like the IP Security Monitor. The key aspects of IPSec include verifying, authenticating, and encrypting IP traffic to provide secure network transmissions.

Uploaded by

Jhono Bass
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

Module 10 – IPSec

Ing. Rayner Durango E. Msig


MCSE, MCT
Overview

• Implementing IPSec
• Understanding IPSec Deployment Scenarios
• Monitoring IPSec
Lesson: Implementing IPSec

• What is IPSec?
• How the IPSec Protocol Secures Traffic
• What is Internet Key Exchange (IKE)?
• IPSec Protocols
• Authentication Methods Used with IPSec
• IPSec Security Policy
• IPSec Packet Filtering
• IPSec Security Policy (Group Policy)
What Is IPSec?

IPSec verifies, authenticates, and encrypts IP packets to


provide secure network transmissions

IPSec provides:
Mutual authentication before and
during communications
Confidentiality through encryption of IP traffic
Integrity of IP traffic by rejecting modified traffic
Protection from replay attacks

Source: Microsoft Official Curriculum 2277C


How the IPSec Protocol Secures Traffic

1 Active Directory

IPSec Policy IPSec Policy

Internet Key
Exchange (IKE)
Negotiation

TCP Layer
2 TCP Layer

IPSec Driver IPSec Driver

3
Encrypted IP Packets

Source: Microsoft Official Curriculum 2823B


What is Internet Key Exchange (IKE)?

• The Internet Key Exchange (IKE) is an IPsec (Internet


Protocol Security) standard protocol used to ensure
security for virtual private network (VPN) negotiation
and remote host or network access. Specified in IETF
Request for Comments (RFC) 2409, IKE defines an
automatic means of negotiation and authentication for
IPsec security associations (SA).

• Security associations are security policies defined for


communication between two or more entities; the
relationship between the entities is represented by a
key.

Source: http://searchsecurity.techtarget.com/definition/Internet-Key-Exchange
What is Internet Key Exchange (IKE)?

• A hybrid protocol, IKE implements two earlier security


protocols, Oakley and SKEME, within an ISAKMP
(Internet Security Association and Key Management
Protocol) TCP/IP-based framework.
• ISAKMP specifies the framework for key exchange and
authentication; the Oakley protocol specifies a sequence
of key exchanges and describes their services (such as
identity protection and authentication); and SKEME
specifies the actual method of key exchange.
• Although IKE is not required for IPsec configuration, it
offers a number of benefits, including: automatic
negotiation and authentication; anti-replay services (see
anti-replay protocol); certification authority (CA)
support; and the ability to change encryption keys
during an IPsec session. Source: http://searchsecurity.techtarget.com/definition/Internet-Key-Exchange
IPSec Protocols

AH provides authentication, integrity, and anti-replay


protection
IP IP payload
Authentication header
header (TCP segment, UDP message, ICMP message)

Signed by Authentication header

ESP provides confidentiality, authentication, integrity,


and anti-replay protection

IP payload
IP ESP ESP Auth
(TCP segment, UDP message, ICMP ESP trailer
header header trailer
message)

Encrypted with ESP header

Signed by ESP Auth trailer

Source: Microsoft Official Curriculum 2277C


Authentication Methods Used with IPSec

Authentication
Method Use
Clients running the Kerberos V5 protocol
Kerberos V5
that are members of the same or trusted
security protocol
domains

Internet access
Remote access to corporate resources
Public key
certificate External business partners
Computers that do not run the Kerberos
V5 security protocol

Preshared When both computers must manually


secret key configure IPSec

Source: Microsoft Official Curriculum 2823B


IPSec Security Policy

IPSec uses “Rules” to secure network traffic


Rules are composed of:
 A filter
 A filter action
 An authentication method

IP security policy
Rules
IPfilter
filterlists
lists Filter actions
IPIPfilter lists IPIPfilter
filterlists
lists
IP filters

Source: Microsoft Official Curriculum 2277C


IPSec Packet Filtering

Packet-filtering rules allow a computer to determine


what traffic is allowed and the level of security required

DEN-SRV1

IP Filter List Filter Action


HTTP traffic Block
FTP traffic Require security

Source: Microsoft Official Curriculum 2277C


IPSec Security Policy (Group Policy)

Default policies include:


 Client (Respond Only)
 Server (Request Security)
 Secure Server (Require Security)

Client Server
Secure Server
No policy assigned (Respond (Request
(Require Security)
Only) Security)

No policy
No IPSec No IPSec No IPSec No communication
assigned

Client (Respond
No IPSec No IPSec IPSec IPSec
Only)
Server (Request
No IPSec IPSec IPSec IPSec
Security)
Secure Server
(Require No communication IPSec IPSec IPSec
Security)

Source: Microsoft Official Curriculum 2277C


Understanding IPSec Deployment Scenarios

• IPSec Modes
• Recommended Uses of IPSec
• IPSec Configurations for Virtual Private
Networking
IPSec Modes

Tunnel mode
Use tunnel mode to
secure traffic
Router Router
between two
networks

Transport mode
Use transport mode
to secure traffic
between any two
hosts
Router

Source: Microsoft Official Curriculum 2823B


Recommended Uses of IPSec

Consider using IPSec for:


Packet filtering
Securing host-to-host traffic on specific paths
Securing traffic to servers
L2TP/IPSec for VPN connections
Site-to-site (gateway-to-gateway) tunneling

Source: Microsoft Official Curriculum 2277C


IPSec Configurations for Virtual Private Networking

L2TP uses IPSec to encrypt data


LAN
Use certificates or a preshared
key for authentication

VPN Server
Internet

Remote Client

Source: Microsoft Official Curriculum 2277C


Monitoring IPSec

• IP Security Monitor
• Guidelines for Monitoring IPSec Policies
IP Security Monitor

Use the IP Security Monitor to view details


about IPSec policies, such as:
Active IPSec policy details
Main-mode statistics
 Information from the Internet Key Exchange
Quick-mode statistics
 Information about the IPSec driver

Source: Microsoft Official Curriculum 2277C


Guidelines for Monitoring IPSec Policies

To help isolate the cause of a communication issue:

1 Stop the IPSec Policy Agent and use the ping command to
verify communications
2 Start the IPSec Policy Agent and use IP Security Monitor to
determine if a security association exists
3 Verify that the policies are assigned
4 Review the policies and ensure they are compatible
Use IP Security Monitor to ensure that any changes are
5 applied

Source: Microsoft Official Curriculum 2277C

You might also like