Monitoring Network Protocol Security

Previous page
Table of content
Next page

Organizations want to ensure that communications remain secure. Therefore, it's important for network administrators to monitor network communications to ensure that communications are indeed trustworthy. A number of tools included with Windows Server 2003 can be used to monitor network protocol security. The following sections introduce you to some of these tools and how they can be used.

Using the IP Security MMC Snap-In

Internet Protocol Security (IPSec) is a protocol used to secure communications between two hosts. (The IPSec protocol is covered in more detail in Chapter 5, "Routing and Remote Access.") As part of managing and maintaining network security, administrators can use the IP Security Monitor tool to validate that communications between hosts are indeed secure. It provides information such as which IPSec policy is active and whether a secure communication channel is being established between computers.

You can use the IP Security Monitor MMC to monitor IPSec on a computer running Windows Server 2003. Some of the functionality of the tool includes the following:

  • Administrators have the capability to monitor IPSec on the local computer or on a remote system.

  • It provides information such as the name and description of active IPSec policies.

  • Administrators can view main mode and quick mode statistics. Main mode and quick mode are the two phases of IKE negotiations.

  • The refresh rates can be customized.

  • Administrators can search for filters based on a source or destination IP address.

To open the IP Security Monitor snap-in, perform the following steps:

1.

Click Start and click Run.

2.

Type MMC and click OK.

3.

In the Microsoft Management Console, click File and then click Add/Remove Snap-in.

4.

From the Add/Remove Snap-in window, click Add.

5.

From the list of available snap-ins, select IP Security Monitor and click the Add button (see Figure 4.10). Click Close.

Figure 4.10. Adding the IP Security Monitor snap-in


6.

Click OK.

You can use the IP Security Monitor console, shown in Figure 4.11, to view IPSec information locally or on a remote computer. To add another computer to the console, right-click the IP Security Monitor container within the console and click Add Computer. Type the name of the computer that you want to connect to, or click the Browse button to search for it.

Figure 4.11. The IP Security Monitor snap-in


Exam Alert

IP Security Monitor can only be used to monitor computers running Windows XP and Windows Server 2003. The version of IP Security Monitor included with Windows Server 2003 cannot be used to monitor a computer running Windows 2000.


Expanding the IP Security Monitor container displays the name of the local computer or any remote computer that you are connected to. By expanding the computer, you will see three containers: Active Policy, Main Mode, and Quick Mode.

As noted previously, IP Security Monitor can be used to view the active IPSec policies on a computer. Clicking the Active Policy container within the console displays the following information:

  • Policy Name Lists the name of the active IPSec policy.

  • Policy Description Lists an optional description of the policy outlining the purpose of the policy.

  • Policy Last Modified Indicates when the policy was last modified. This option is applicable only to policies applied to a local computer.

  • Policy Store Specifies the storage location for the active IPSec policy.

  • Policy Path Specifies the Lightweight Directory Access Protocol path to the IPSec policy.

  • Organizational Unit Specifies the Organizational Unit to which the group policy is applied.

  • Group Policy Object Name Specifies the name of the group policy object to which the IPSec policy is applied.

You'll notice two other containers listed under your server within the IP Security Monitor console: Main Mode and Quick Mode. Clicking on either of these containers displays a number of other containers (see Figure 4.12). In any case, you can use these different options to monitor communications between hosts. A multitude of statistics can be used to monitor IPSec.

Figure 4.12. Viewing main mode statistics


Using the Support Tools

Windows Server 2003 also includes a number of other tools that can be used to monitor network protocol security. These tools are not installed by default. To install the support tools, perform the following steps:

1.

Insert the Windows Server 2003 CD.

2.

From the Welcome screen, click Browse This CD.

3.

Locate the Support\Tools directory on the CD.

4.

Double-click suptools.msi and follow the instructions to complete the installation.

Some of the tools that you might find useful for monitoring network protocol security include the following:

  • Netdiag Netdiag can be used to obtain basic network information. One thing to note is that the version of Netdiag included with Windows Server 2003 does not display any IPSec-specific statistics.

  • Netsh This command-line utility can be used to view or modify the network configuration of a computer.


Previous page
Table of content
Next page
Exam Cram(c) 70-291 Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
Exam Cram(c) 70-291 Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
ISBN: 131516345
EAN: N/A
Year: 2006
Pages: 126
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
Project Management JumpStart
Strategies for Information Technology Governance
The Complete Cisco VPN Configuration Guide
101 Microsoft Visual Basic .NET Applications
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy