Computer Performance, Windows Server 2003

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

 

IPSec in Windows Server 2003

Guy RecommendsGFi Events Manager

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

OpusFlow Exchange
Group Calendar

OpusFlow Exchange Group Calender

Introduction to IPSec in Windows Server 2003

IPSec deals with encrypting data over the network.  What IPSec does is protect data against those bad people with their protocol analysers.  Encryption prevents these network monitors capturing packets and reading sensitive information inside.  In my mind's eye, using IPSec is like putting one of those clear cellophane envelopes in a sealed parcel.

Topics for IPSec

Attacks that you are protecting against

  • Network Monitoring - Protocol Analysers capturing data
  • Data Modification - Sending counterfeit data in your name e.g. alter the delivery address
  • Password cracking - Intruders capturing your password then logging to your network
  • Address Spoofing - Appear to come from a different email address

IPSec OptionsIPSec in Windows Server 2003

The best way to set IPSec is through Group Policies, alternatively, you can check through TCP/IP properties, Advanced.

IPSec is Disabled by default, here are the other three settings

  1. Client (Respond only) Means 'I will speak IPSec if you wish'.
  2. Server (Request Security) Means 'I would like to speak IPSec, but if you cannot comprehend IPSec then I will speak normally.
  3. Secure Server (Require Security) Means 'I will only speak with clients who understand IPSec'.

TrainSignal - Recommended Training VideosNetwork security is complex.  As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Network Security or go for a combination of modules.  See more about Network Security training here

IPSec ModesIPSEC in Windows Server 2003

Transport Mode is designed to ensure that traffic between two machines is secure, for example the Financial Director and the CEO.

Tunnel Mode is to secure traffic between two networks and is particularly useful for VPN traffic where you need encryption over the internet.

The diagram on the right gives a hint that there are a surprising number of setting and properties for IPSec.  In particular I recommend that you check out the filtering tabs.  (If necessary click and enlarge the thumb-nailed picture)

Encryption Schemes

Remembering that the whole purpose is to encrypt the data leads me to check out the encryption settings.

Authentication

  • SHA - Secure Hashing Algorithm. US government 160-bit encryption
  • MD5 - Message Digest 5.  Widespread for commerce 138-bit encryption

Packet Encryption

  • 56-bit DES (Data Encryption Standard)
  • 40-bit DES (France uses)
  • 3 DES (Triple 56-bit highest level of encryption utilizes the processor significantly)

Related Topics

 .

Google

WebComputerperformance.co.uk

GFi Events Manager

Guy Recommends: GFi EventsManager

Here is a solution to monitor, manage and archive thousands of events that are generated by devices across your entire network.  Get your free evaluation copy of GFI EventsManager.

 

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.