Chapter 8: Using IPSec


Overview

A chain is only as strong as its weakest link. Even when a network admin has implemented all the appropriate security controls on the computers under their control, if they have to share a network with someone else's insecure computers, there is risk of exploitation. If the other computers are compromised, malicious hackers can use them to spy on, sniff, and exploit the more secure computers. Worms infecting the less-protected computers can attack across the network and look for vulnerabilities. What is an admin to do?

If there is no legitimate business reason for the secure and insecure computers to communicate with each other, use IPSec to prevent unauthorized network connections. IPSec can be used to create VPN tunnels between two endpoints, be configured like a firewall, or require a valid digital certificate for two hosts to communicate. This chapter introduces IPSec, discusses Microsoft's implementation, describes how to create an implementation strategy and explains IPSec-specific attacks and defenses, and makes specific recommendations.



Professional Windows Desktop and Server Hardening
Professional Windows Desktop and Server Hardening (Programmer to Programmer)
ISBN: 0764599909
EAN: 2147483647
Year: 2004
Pages: 122

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net