-
Be familiar with the three default IPSec policies defined: Client (Respond Only), Server (Request Security), and Server (Require Security).
-
IPSec policies can be deployed via Group Policies in Active Directory and via Local policy deployments.
-
IPSec provides security at the Network and Transport layers and is transparent to all layers above them.
-
Kerberos version 5 is the default authentication method used with IPSec policies in an Active Directory domain.
-
Public key certificates are used for external systems, such as those that access the environment via the Internet, and by internal systems that cannot run Kerberos version 5.
-
Preshared keys can be used between systems and require that both parties manually configure IPSec.
-
IPSec Monitor can be used for advanced IPSec troubleshooting to view the details of an active IPSec policy applied locally or to a domain.
-
The IP Security Policy MMC can be used to create, delete, and modify IPSec policies.
-
The RSoP tool can be used to determine the IPSec policies that are assigned but not being applied to IPSec clients . The tool shows the filter rules, filter actions, authentication methods , tunnel endpoints, and connection type for the policy being applied.
-
You can use Event Viewer to view IPSec Policy Agent events in the audit log, IPSec driver events in the system log, IKE events in the audit log, and IPSec policy change events in the audit log.
-
Extensible Authentication Protocol (EAP) is a PPP “based authentication protocol used to support authentication for generic tokens, one-time password schemes, MD5 challenges, and Transport Layer Security (TLS) for smart cards and certificate support.
-
Legacy systems in which one or both computers are running Microsoft Windows NT 4.0 use NTLM version 1 (NTLM v1) and/or NTLM version 2 (NTLM v2) as the authentication protocol.
-
NTLM v2 is the authentication protocol for non-domain systems, such as standalone servers and systems installed in workgroups.
