What You Must Know

Previous page
Table of content
Next page

Before you start to configure IPSec, you should be aware of the following.

Identify Your Protocol and Port Requirements

Before you create and apply IPSec policies to block ports and protocols, make sure you know which communication you need to secure including the ports and protocols used by day-to-day operations. Consider the protocol and port requirements for remote administration, application communication, and authentication.

IPSec Does Not Secure All Communication

Several types of IP traffic are exempt from filtering. For more information, see Microsoft Knowledge Base article 253169, "Traffic That Can and Cannot Be Secured by IPSec."

Firewalls and IPSec

If a firewall separates two hosts that use IPSec to secure the communication channel, the firewall must open the following ports:

  • TCP port 50 for IPSec Encapsulating Security Protocol (ESP) traffic

  • TCP port 51 for IPSec Authentication Header (AH) traffic

  • UDP port 500 for Internet Key Exchange (IKE) negotiation traffic

Filters, Filter Actions, and Rules

An IPSec policy consists of a set of filters, filter actions, and rules.

  • Filters

    A filter is used to match traffic. It consists of:

    • A source IP address or range of addresses

    • A destination IP address or range of addresses

    • An IP protocol, such as TCP, UDP, or "any"

    • Source and destination ports (for TCP or UDP only)

    Note  

    An IP filter list is used to group multiple filters together so that multiple IP addresses and protocols can be combined into a single filter.

  • Filter Actions

    A filter action specifies which actions to take when a given filter is invoked. It can be one of the following:

    • Permit . The traffic is not secured; it is allowed to be sent and received without intervention.

    • Block . The traffic is not permitted.

    • Negotiate security . The endpoints must agree on and then use a secure method to communicate. If they cannot agree on a method, the communication does not take place. If negotiation fails, you can specify whether to allow unsecured communication or to whether all communication should be blocked.

  • Rules

    A rule associates a filter with a filter action and is defined by the IPSec policy.



Previous page
Table of content
Next page
Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613
Authors: Microsoft Corporation
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Special Edition Using Crystal Reports 10
Ruby Cookbook (Cookbooks (OReilly))
Microsoft WSH and VBScript Programming for the Absolute Beginner
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy