Chapter 8
IP Security
About This Chapter
Internet Protocol security (IPSec) is an Internet Engineering Task Force (IETF) body of standards that defines a protocol for authenticating and encrypting IP traffic between hosts on an IP network. IPSec allows the hosts to negotiate encryption and authentication methods that are compatible with both the Internet and private IP networks, and appropriate for the type of traffic flowing over the connection.
IPSec operates at the network layer as a component of IP. It can be passed by any intermediate gateways that can route IP packets and can encapsulate IP to create private tunnels for secure point-to-point communications on the Internet. Because it operates at the network layer, it is transparent to higher-level programs and can be added to supplement security for any network application.
Because it is so flexible, configuring IPSec is complex and multifaceted. You use a number of tools to perform configuration and troubleshooting, and there is usually more than one way to accomplish the same goal.
Ensure that you understand the role of IPSec in a network, why you would deploy AH and ESP, and the different methods used to distribute IPSec keys.
Before You Begin
To complete this chapter, you will need
A domain controller for the domain.fabrikam.com domain named dc01
A domain controller for the extranet.graphicdesigninstitute.com named gdi-dc-01 with an IP address of 192.168.241.60
A member server in domain.Fabrikam.com named ms01 with an IP address of 192.168.241.63
A client workstation in the domain.Fabrikam.com domain named CLIENT01
All three of these servers should be on the same local network. You can modify the IP addresses if desired, but remember to use the revised addresses consistently throughout the exercises in this chapter.