In today's competitive and security-focused business world, it's not surprising anymore to find companies that are concerned not only with the integrity and safety of data crossing in and out of the private network, but also with the data that is flowing internally between servers and hosts on the typically safe and secure internal network. To that end, Windows Server 2003 provides native support for the IP Security (IPSec) protocol, which can be configured and managed to provide secure data transfers across your network. This chapter covers the IP Security (IPSec) portion of the unit "Implementing, Managing, and Maintaining Network Security" for Exam 70-291, "Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure." Objectives Monitor network protocol security. Tools might include the IP Security Monitor Microsoft Management Console (MMC) snap-in and Kerberos support tools. After you've addressed the issue of securing the client and server operating systems, you should consider securing the traffic between them on the network. You can use the IPSec protocol to secure traffic between the computers on a network. After you have IPSec configured and placed in operation, you need to monitor it to ensure that communications are being secured as required. Troubleshoot network protocol security. Tools might include the IP Security Monitor MMC snap-in, Event Viewer, and Network Monitor. As you might expect, intended results don't always work out perfectlyespecially when you're dealing with IPSec, which can be a tough subject with which to come to terms. Fortunately, Microsoft provides several Windows Server 2003 tools that can be used to troubleshoot and correct IPSec-related problems. Outline | |
---|
Introduction | 522 | Introduction to IP Security (IPSec) | 522 | Understanding the Architecture and Components of IPSec
| 523 | Authentication Header (AH)
| 523 | Encapsulating Security Protocol (ESP)
| 524 | Internet Security Key Association Key Management Protocol (ISAKMP/Oakley)
| 526 | L2TP and IPSec
| 526 | What's New with Windows Server 2003 IPSec
| 527 | Configuring and Implementing IPSec | 529 | Understanding IPSec Policy Components
| 534 | The Rules Tab
| 534 | The General Tab
| 539 | Creating Customized IPSec Policies
| 541 | Monitoring and Troubleshooting Network Protocol Security | 557 | Monitoring IPSec
| 557 | Troubleshooting IPSec
| 563 | Monitoring and Troubleshooting Kerberos
| 564 | kerbtray.exe
| 565 | klist.exe
| 567 | Chapter Summary | 570 | Key Terms | 570 | Apply Your Knowledge | 570 | Exercises
| 571 | Exam Questions
| 572 | Answers to Exam Questions
| 576 | Suggested Readings and Resources | 577 |
Study Strategies Carefully work your way through the material discussing the component parts of an IPSec policy. Practice creating and implementing an IPSec policy between two computers on your network. Ensure that you are comfortable with creating IPSec policies before you try to monitor and troubleshoot IPSec. Although configuring and implementing IPSec is not covered in Exam 70-291, it's unlikely that you will be able to effectively monitor and troubleshoot IPSec if you cannot configure and implement it. Get your hands dirty. The Step by Step exercises throughout this book provide plenty of directions and exercises, but you should go beyond those examples and create some of your own. If you can, experiment with each of the topics we discuss in this chapter to see how they work and why you would use each one. |