Organizations want to ensure that communications remain secure. Therefore, it's important for network administrators to monitor network communications to ensure that communications are indeed trustworthy. A number of tools included with Windows Server 2003 can be used to monitor network protocol security. The following sections introduce you to some of these tools and how they can be used. Using the IP Security MMC Snap-InInternet Protocol Security (IPSec) is a protocol used to secure communications between two hosts. (The IPSec protocol is covered in more detail in Chapter 5, "Routing and Remote Access.") As part of managing and maintaining network security, administrators can use the IP Security Monitor tool to validate that communications between hosts are indeed secure. It provides information such as which IPSec policy is active and whether a secure communication channel is being established between computers. The IP Security Monitor tool included with Windows Server 2003 contains many new features not found in the Windows 2000 version. The IP Security Monitor tool in Windows 2000 was simply an executable program called ipsecmon .exe. Now in Windows Server 2003, it is implemented as a Microsoft Management Console (MMC) snap-in. Some of the additional enhancements include the following:
To open the IP Security Monitor snap-in, perform the following steps:
You can use the IP Security Monitor console, shown in Figure 4.11, to view IPSec information locally or on a remote computer. To add another computer to the console, right-click the IP Security Monitor container within the console and click Add Computer. Type the name of the computer that you want to connect to, or click the Browse button to search for it. Figure 4.11. The IP Security Monitor snap-in.
Expanding the IP Security Monitor container displays the name of the local computer or any remote computer that you are connected to. By expanding the computer, you will see three containers: Active Policy, Main Mode, and Quick Mode. As noted previously, IP Security Monitor can be used to view the active IPSec policies on a computer. Clicking the Active Policy container within the console displays the following information:
You'll notice two other containers listed under your server within the IP Security Monitor console: Main Mode and Quick Mode. Clicking on either of these containers displays a number of other containers (see Figure 4.12). In any case, you can use these different options to monitor communications between hosts. A multitude of statistics can be used to monitor IPSec. Figure 4.12. Viewing main mode statistics.
Using the Support ToolsWindows Server 2003 also includes a number of other tools that can be used to monitor network protocol security. These tools are not installed by default. To install the support tools, perform the following steps:
Some of the tools that you might find useful for monitoring network protocol security include the following:
|