|< Day Day Up >|| |
Transmission Control Protocol/Internet Protocol (TCP/IP), the protocol suite used by most private networks and the Internet, was not designed for security. In fact, it is extraordinarily vulnerable. Communications are passed between as many as dozens of different network devices, and in the case of the public Internet, the sender of the message has no control over who owns the network equipment that carries the messages. There is ample opportunity for an attacker to eavesdrop on your private communications.
TCP/IP communications are also easy to impersonate and manipulate. When a computer receives a TPC/IP message, the computer has no way of determining whether the IP address in the message is genuine, or whether the message was modified in transit. This makes TCP/IP vulnerable to such attacks as the man-in- the-middle attack, which an attacker can use to compromise private data and user credentials.
Internet Protocol security (IPSec) is a newer protocol suite that works with TCP/ IP to verify the integrity of communications, authenticate computers, and encrypt traffic. When implemented, IPSec dramatically reduces the risk of several common attacks. Microsoft Windows Server 2003, in addition to other recent versions of Microsoft Windows, includes IPSec capabilities. However, understanding, planning, and configuring an IPSec infrastructure is a complex task. This chapter will teach you the fundamentals of IPSec, provide you with information for planning an IPSec deployment, and familiarize you with the tools used to configure IPSec.
If you fulfilled the requirements for the previous chapters, you already have the necessary hardware and software configured. You can use the computers in the state they were in after completing the previous chapters, or you can install the software from scratch. To perform the practices, examples, and lab exercises in this chapter, you must have:
A private network that is connected to the Internet and protected by a firewall. This network should not have any production computers connected to it.
Two computers. Perform a Windows Server 2003 installation with default settings on both computers. On the first computer, assign the computer name Computer1. Add the Domain Controller role to the computer, using the default settings, and specify the domain name cohowinery.com. Configure the computer to use itself as its own primary Domain Name System (DNS) server. On the second computer, assign the computer name Computer2. Configure the computer to use Computer1 as its primary DNS server. Then join it to the cohowinery.com domain as a member server. If you have Computer2 configured as a cohowinery.com domain controller after completing Chapter 7, you can leave the domain controller role intact without affecting the exercises in this chapter.
|< Day Day Up >|| |