IPsec (MCP Series)

IPsec is a suite of protocols designed to secure IP traffic. IP Sec can be activated on a computer using the local security policy, domain controller security policy, or using group policy (local computer security policy shown below in figure 1).


Figure 1: Configuring IPSec using the local computer policy.

There are three default IPSec Policies:
  • Secure Server (Requires IPSec) – Can be assigned to any 2000+ OS.
  • Server (Requests IPSec).
  • Client (Respond only).
The default policies are shown in figure 1.



There are three security methods available when using IPSec. They are (also shown in figure 2):
  • AH - Authentication Header provides data integrity protection.
  • ESP - Encapsulating Security Payload provides data integrity and encryption.
Figure 2: Security methods available when using IPSec.

There are three IPSec Authentication Methods, they are (also shown in figure 3):
  • Kerberos (Active Directory) – Most secure, use for computers in the same AD forest.
  • Certificates – Secure, use for computers not in the same forest.
  • Preshared key – plain text password stored on both computers, least secure.
Figure 3: IPSec Authentication Protocols.

Additional Information:

  • IPSec is a layer 3 protocol and can be used to secure TCP and UDP traffic. IPSec is often used for VPN connections.
  • ISAKMP (Internet Security Association and Key Management Protocol) is a protocol for establishing Security Associations (SA) - Wikipedia.
  • he Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection - Wikipedia.

Popular posts from this blog

Get local computer UUID/GUID using Windows Powershell

Use the following syntax to get the local computer's UUID/GUID using Windows Powershell: get-wmiobject Win32_ComputerSystemProduct  | Select-Object -ExpandProperty UUID Add -computername after the WMI class to find a remote computer's UUID, example: get-wmiobject Win32_ComputerSystemProduct -computername RANTPC | Select-Object -ExpandProperty UUID
Read more

gPLink and gPOptions

gPLink is a property for sites, domains and organisational units that contains a prioritised list of GPOs linked to the node. gPOptions is a property that contains all Block Policy Inheritance settings for the node. To manage GPO links on a node, you must have read and write access to the gPLink and gPOptions properties.
Read more

PSLoggedOn Getting Started on Windows Server 2008 R2

Image
PSLoggedOn is a tool I downloaded to allow me to find out which computers a user is currently logged on to. Getting it up and running wasn’t exactly easy. I’m running a Windows Server 2008 R2 test environment. The first error I encountered was: Error browing network: The list of servers for this workgroup is not currently available. Note: I kept the spelling mistake from the error message to make it easier to find via search engines. To get past this error, you have to enable and start the “Computer Browser” service. Then I started getting the error telling me that the Administrator is not logged on. That’s simply not true because I am logged onto another server (Name: ELARA): I turned the firewall OFF OFF OFF (It is a test network after all). I enabled Network Discovery and to do that I went on a service starting frenzy: DNS Client, Function Discovery Resource Publication, SSDP Discovery, and UPnP Device Host, Computer Browser After all that, I ran the script against the se
Read more