Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Module Overview
Designing Windows Firewall Implementation Overview of IPSec
Windows Firewall can block incoming and outgoing network traffic on a host.
Reasons for implementing Windows Firewall are: Protect servers from internal threats Prevent malware from propagating
You can configure Windows Firewall by using: Basic Firewall configuration in Control Panel Windows Firewall with Advanced Security Group Policy
Benefits of IPSec
Benefits of IPSec are: Authentication of communication Ensuring that data is not modified in transit Encrypting to secure communication
Integrating with Windows Firewall rules as part of Network Access Protection (NAP)
Protecting communication between two hosts or two networks
Description
Restricts connections based on criteria such
Tunnel
Authentication exemption
Custom
IPSec Authentication
Authentication requirements specify when authentication is performed. Request for inbound and outbound Require for inbound and request for outbound Require for inbound and outbound
Authentication method specifies how authentication is performed. Kerberos V5 (user, computer, or both) NTLMv2 (computer) Computer certificate Preshared key
Description
Is suitable for configuring a small number
consec context
Group Policy
number of computers easily Reduces the chance of data entry errors during configuration Requires all computers to be a member of a domain
Is suitable for scripting Accesses network settings through WMI
Windows PowerShell
objects
Authentication method
Kerberos V5 security protocol
Use
Users and computers running Windows
2000 (and later versions) that are part of an Active Directory domain Internet access Remote access to corporate resources External business partners On computers that do not run the Kerberos V5 security protocol configure IPSec
IPSec policies are still required for earlier versions of Windows operating systems
IPSec policies can be used by Windows Vista and Windows Server 2008
IPSec policies and connection security rules can be applied at the same time
Authentication by IPSec provides the user or computer identity to Windows Firewall rules
Windows Firewall rules can require a secure connection for NAP
Deploy with Group Policy Avoid combining IPSec policies and connection security rules Test thoroughly before implementation Use only when appropriate in your security plan
Logon information