Jump to content
bogdi19

Internet Protocol Security part 4

By bogdi19, in Tutoriale in engleza

Recommended Posts

bogdi19 Newbie

bogdi19

Posted
Posted

You will learn how to assign the IPSec policy you have created last lesson to the domain controller.

Remember, you can assign only one IPSec policy at a time.

To assign an IPSec policy, right click the policy and select "Assign" from the context menu. This action will assign "Secure Telnet" IPSec policy you have created and make it active.

assign-ipsec-policy.JPG

Once the policy is assigned, you can see a green dot at the policy icon and "Policy Assigned" status will be "Yes".

ipsec-policy-assigned.JPG

Remember to assign the Client (Respond Only) IPSec policy on SERV04.omnisecu.com, to allow it to communicate using IPSec.

Once the policy is active, Telnet traffic from all other servers will be blocked and secure communication using IPSec only will be allowed between Serv03.omnisecu.com and SERV04.omnisecu.com. Remember to update group policy using gpupdate command.

In this lesson you have learned how to assign an Internet Protocol Security (IPSec) policy

This lesson explains how to configure Internet Protocol Security (IPSec) Integrity and Encryption algorithms in Windows 2003.

If you select "Negotiate Security", you can specify you require Authetication Header (AH), Encapsulating Security Payload (ESP) or both. You can also specify the encryption algorithm (DES or 3DES) and the integrity algorithm (MD5 or SHA1).

Click "Add" in the "Edit Rule Properties" dialog box.

ipsec-negotiate-edit-rule.JPG

Selct "Negotiate Security" in the "New Filter Action" dialog box and Click "Add".

ipsec-negotiate-new-filter-action.JPG

You can select either Authetication Header (AH), Encapsulating Security Payload (ESP) or both here. "Integrity and encryption" will enable ESP with data integrity and confidentiality. "Integrity only" will enable ESP with only data integrity. You can select "Custom" to customize your IPSec protocols and algorithms. Select "Custom" radio button and click "Settings".

ipsec-negotiate-security-method.JPG

You can select IPSec protocols Authentication Header (AH), Encapsulating Security Payload (ESP) or both in this dialog box. If you select Authentication header, you need to select an Integrity Algorithm also (MD5 or SHA1). If you select Encapsulating Security Payload, you need to select both Integrty Algorithm(MD5 or SHA1) and encryption algorithm (DES or 3DES).

ipsec-negotiate-custom-configuration.JPG

In the "Session key settings", you can specify an intervel to generate a new session key. Reducing this value will increase your security, but decrease the performance. The interval can be specified in data size (Kilobytes) or seconds. Session key generation process will be started whichever come first.

In this lesson, you have learned how to configure Internet Protocol Security (IPSec) Integrity and Encryption algorithms in Windows 2003.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...