Securing Data Transmission and Authentication

Securing Traffic with IPSec IPSec allows us to protect our network from within

IPSec secures the IP protocolIPSec has two principle goals:

To protect the contents of IP packetsTo provide defense against network attacks through

packet filtering and the enforcement of trusted communication.

Attacks that IPSec can prevent and reduce:Packet Sniffing Man in the MiddleData Modification Denial of ServiceIdentity Spoofing

Understanding IPSecIPSec can be deployed in the following scenarios:

LAN – Client/Server and peer to peer LANsWAN – Router to RouterRemote Access – Dial up clients and Internet access

from private networksBoth sides require a shared IPSec policy to

establish the security settings that will be used.IPSec can be configured to use one of two modes:

Transport mode – Use this mode when you require packet filtering and when you require end-to-end security.

Tunnel mode – Use tunnel mode for site-to-site communications that cross the Internet. Gateway-to-Gateway protection

Understanding IPSec contd.IPSec provides security using a combination

of individual protocols.Authentication Header (AH) – protocol

provides authentication, integrity, and anti-replay for the packet. This protocol does not encrypt, but protects from modification.

Encapsulating Security Payload (ESP) – provides confidentiality of the packet (encryption).

Understanding Security AssociationsSA – is the combination of security services,

protection mechanisms, and keys agreed to by communicating peers.

When traffic meets a filter that is defined in the policy, the security parameters much then be negotiated. The SA is what is agreed upon.

Internet Key Exchange (IKE) – an algorithm used to generate the secret keys agreed upon in the SA.

IPSec PoliciesPolicies are the security rules that define the

desired security levels negotiated in the SA.The policy also define which traffic is “interesting”

and whether or not to negotiate IPSec or just send the information with out modification.

Components of a Policy: Tunnel setting Network Type IP filter IP protocol Port IP filter list Filter Action Authentication method

Creating IPSec PoliciesGo to local security Policy

Use “IP security policies” for policies that must be compatible with versions of Windows older than Vista/Server 2008

Use Windows Firewall with Advanced Security for Vista/Server 2008 systems.

Breaking it all downExample on board

Configuring Network AuthenticationWhen a computer connects to a network it

must be authenticated. Typically this is done through Active Directory and Kerberos.

However, if there is no AD domain or you have older clients you may need to change the Authentication type to NTLM.

Computer Configuration->Policies->Windows Setting-> Security Settings->Security Options->Network Security:NTLM