Chapter 8. Implementing, Managing, and Troubleshooting IPSec to Secure Network Traffic


In today's competitive and security-focused business world, it's not surprising anymore to find companies that are concerned not only with the integrity and safety of data crossing in and out of the private network, but also with the data that is flowing internally between servers and hosts on the typically safe and secure internal network. To that end, Windows Server 2003 provides native support for the IP Security (IPSec) protocol, which can be configured and managed to provide secure data transfers across your network.

This chapter covers the IP Security (IPSec) portion of the unit "Implementing, Managing, and Maintaining Network Security" for Exam 70-291, "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure."

Objectives

Monitor network protocol security. Tools might include the IP Security Monitor Microsoft Management Console (MMC) snap-in and Kerberos support tools.

  • After you've addressed the issue of securing the client and server operating systems, you should consider securing the traffic between them on the network. You can use the IPSec protocol to secure traffic between the computers on a network. After you have IPSec configured and placed in operation, you need to monitor it to ensure that communications are being secured as required.

Troubleshoot network protocol security. Tools might include the IP Security Monitor MMC snap-in, Event Viewer, and Network Monitor.

  • As you might expect, intended results don't always work out perfectlyespecially when you're dealing with IPSec, which can be a tough subject with which to come to terms. Fortunately, Microsoft provides several Windows Server 2003 tools that can be used to troubleshoot and correct IPSec-related problems.

Outline

  

Introduction

522

Introduction to IP Security (IPSec)

522

Understanding the Architecture and Components of IPSec

523

Authentication Header (AH)

523

Encapsulating Security Protocol (ESP)

524

Internet Security Key Association Key Management Protocol (ISAKMP/Oakley)

526

L2TP and IPSec

526

What's New with Windows Server 2003 IPSec

527

Configuring and Implementing IPSec

529

Understanding IPSec Policy Components

534

The Rules Tab

534

The General Tab

539

Creating Customized IPSec Policies

541

Monitoring and Troubleshooting Network Protocol Security

557

Monitoring IPSec

557

Troubleshooting IPSec

563

Monitoring and Troubleshooting Kerberos

564

kerbtray.exe

565

klist.exe

567

Chapter Summary

570

Key Terms

570

Apply Your Knowledge

570

Exercises

571

Exam Questions

572

Answers to Exam Questions

576

Suggested Readings and Resources

577


Study Strategies

  • Carefully work your way through the material discussing the component parts of an IPSec policy. Practice creating and implementing an IPSec policy between two computers on your network.

  • Ensure that you are comfortable with creating IPSec policies before you try to monitor and troubleshoot IPSec. Although configuring and implementing IPSec is not covered in Exam 70-291, it's unlikely that you will be able to effectively monitor and troubleshoot IPSec if you cannot configure and implement it.

  • Get your hands dirty. The Step by Step exercises throughout this book provide plenty of directions and exercises, but you should go beyond those examples and create some of your own. If you can, experiment with each of the topics we discuss in this chapter to see how they work and why you would use each one.




MCSA(s)MCSE 70-291(c) Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
MCSA/MCSE 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam Prep)
ISBN: 0789736497
EAN: 2147483647
Year: 2006
Pages: 196
Authors: Will Schmied

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net