Chapter 9 “Securing Data Transmission and Authentication”

Thursday, April 04, 2013

IPSec is a suite of protocols that provide a series of cryptographic algorithms that can be used to provide security for all TCP/IP hosts at the Internet layer, regardless of the application that is used for data transmission.  There are three scenarios that IPSec can use to protect data transmissions, a Local Area Network (Client/Server and peer-to-peer LANs), Wide Area Network (Router-to-Router and Gateway-to-Gateway WANs), and Remote Access (Dial-up clients and Internet access from private networks).  Both sides require a shared configuration (called an IPSec policy) to establish security settings that will enable two computers to transmit secured data between them.  IPSec policies are security rules that define the desired security level, hashing algorithms, and length of the key.  There are four options for managing IPSec policies.  The “Local Computer” option is used to manage IP Security on the computer that is running the MMC IPSec console.  The “Active Directory Domain Of Which This Computer Is A Member” option is used when you want to manage policies that apply to the entire local Active Directory domain.  The “Another Active Directory Domain (Use The Full DNS Name Of IP Address)” option is used when you want to manage policies that apply to a remote Active Directory domain.  Finally, the “Another Computer” option is used to manage policies stored locally on another computer.  IPSec policies are organized in a hierarchical form starting with each policy consisting of one or more IP Security Rules, each IP Security Rule includes a single IP Security action that is applied to one or more IP Filter Lists, and each IP Filter List contains one or more IP Filters.  Windows Server 2008 was the driving force behind combining administration of the Windows Firewall with IPSec policies to streamline network administration.  Windows Firewall With Advanced Security allows the configuration of many default settings for IPSec rules that can be configured.  There are four pre-configured Connection Security Rule templates that come with Windows Server 2008, the Isolation rule, the Authentication exemption rule, the Server-to-server rule, and the Tunnel rule.