Organizations want to ensure that communications remain secure. Therefore, it's important for network administrators to monitor network communications to ensure that communications are indeed trustworthy. A number of tools included with Windows Server 2003 can be used to monitor network protocol security. The following sections introduce you to some of these tools and how they can be used. Using the IP Security MMC Snap-InInternet Protocol Security (IPSec) is a protocol used to secure communications between two hosts. (The IPSec protocol is covered in more detail in Chapter 5, "Routing and Remote Access.") As part of managing and maintaining network security, administrators can use the IP Security Monitor tool to validate that communications between hosts are indeed secure. It provides information such as which IPSec policy is active and whether a secure communication channel is being established between computers. You can use the IP Security Monitor MMC to monitor IPSec on a computer running Windows Server 2003. Some of the functionality of the tool includes the following:
To open the IP Security Monitor snap-in, perform the following steps:
You can use the IP Security Monitor console, shown in Figure 4.11, to view IPSec information locally or on a remote computer. To add another computer to the console, right-click the IP Security Monitor container within the console and click Add Computer. Type the name of the computer that you want to connect to, or click the Browse button to search for it. Figure 4.11. The IP Security Monitor snap-inExam Alert IP Security Monitor can only be used to monitor computers running Windows XP and Windows Server 2003. The version of IP Security Monitor included with Windows Server 2003 cannot be used to monitor a computer running Windows 2000. Expanding the IP Security Monitor container displays the name of the local computer or any remote computer that you are connected to. By expanding the computer, you will see three containers: Active Policy, Main Mode, and Quick Mode. As noted previously, IP Security Monitor can be used to view the active IPSec policies on a computer. Clicking the Active Policy container within the console displays the following information:
You'll notice two other containers listed under your server within the IP Security Monitor console: Main Mode and Quick Mode. Clicking on either of these containers displays a number of other containers (see Figure 4.12). In any case, you can use these different options to monitor communications between hosts. A multitude of statistics can be used to monitor IPSec. Figure 4.12. Viewing main mode statisticsUsing the Support ToolsWindows Server 2003 also includes a number of other tools that can be used to monitor network protocol security. These tools are not installed by default. To install the support tools, perform the following steps:
Some of the tools that you might find useful for monitoring network protocol security include the following:
|