|
|
Snooping involves sniffing a cable and looking for information being sent across the wire in an attempt to gain someone's username and password.
Spoofing involves impersonating another user or computer in an attempt to gain information with the stolen identity.
Passwords can be compromised via one of the many password-cracking utilities on the market, by sniffing the cable (snooping), or by using social engineering to trick users into giving their passwords.
DoS disrupts the services running on a computer in an attempt to make the server unavailable to legitimate requests.
In a MITM attack, an intruder sits between a client and a server and watches the communications from both parties.
Application-directed attacks try to exploit known vulnerabilities in applications.
Compromised Key attacks are geared toward obtaining a user's private key. After the intruder has the user's private key, the intruder can use it to impersonate the user.
IPSec provides security at the network layer. This makes IPSec completely transparent to the applications running on the computer.
IPSec provides integrity, authentication, and confidentiality.
IPSec has two modes—tunnel mode and transport mode. Transport mode uses TCP/IP to send IPSec-encrypted information directly between two clients. The clients send unencrypted information to a tunnel endpoint. The tunnel endpoints use TCP/IP and IPSec to encrypt the client information.
IPSec uses two protocols—authentication header and Encrypted Security Payload. AH provides data integrity and authentication but not confidentiality. ESP can provide authentication, integrity, and confidentiality but does not encrypt the entire packet.
IPSec uses a security association between two computers to determine the algorithms and protocols to be used by each computer.
There are several tools available within Windows 2000 that allow you to configure and monitor all aspects of IPSec implementation and usage on your network. They are:
IP Security Policies
IP Security Monitor
IPSec Policy Agent Service
TCP/IP Advanced Options
Certificates Snap-in
Security Log
IPSec is managed through a custom MMC console containing the IPSec Security Policy snap-in.
An IPSec policy has three main components—IP security rules, IP filter lists, and IP filter actions.
IP security rules apply to computers that match criteria in the filter list.
An IP filter list contains source and destination IP addresses.
IP filter actions determine the level of security (authentication and encryption) and the method by which security is negotiated.
|
|