Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

6421 b Module-09

Download as PPTX, PDF
Bibekananada Jena
Bibekananada Jena

Module 9: Increasing Security for Network Communication Internet Protocol security (IPsec) is a framework of open standards for protecting communications over IP networks through cryptographic security services. IPsec supports network-level peer authentication, data-origin authentication, data integrity, data confidentiality (encryption), and replay protection. The Microsoft IPsec implementation is based on standards that the Internet Engineering Task Force (IETF) IPsec working group developed. In this module, you will learn how to implement, configure, and troubleshoot IPsec. Lessons Overview of IPsec Configuring Connection Security Rules Configuring NAP with IPsec Enforcement Monitoring and Troubleshooting IPsec Lab : Increasing Security for Network Communication Selecting a Network Security Configuration Configuring IPsec to Authenticate Computers Testing IPsec Authentication After completing this module, students will be able to: Describe when and how to use IPsec. Configure Connection Security rules. Configure IPsec with NAP Enforcement. Describe how to monitor and troubleshoot IPsec.

1 of 26
Module 9 Increasing Security for Network Communication
Module Overview • Configuring IPsec • Configuring Connection Security Rules • Configuring NAP with IPsec Enforcement • Monitoring and Troubleshooting IPsec
Lesson 1: Overview of IPsec • Benefits of IPsec • Ways to Use IPsec • How Domain Isolation Works • Tools Used to Configure IPsec • Demonstration: How to Configure IPsec Settings
Benefits of IPsec IPsec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network • IPsec has two goals: to protect IP packets and to defend against network attacks • Configuring IPsec on sending and receiving computers enables the two computers to send secured data to each other • IPsec secures network traffic by using encryption and data signing • An IPsec policy defines the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated
Ways to Use IPsec Recommended uses of IPsec include: • Packet filtering • Authenticating and encrypting host-to-host traffic • Authenticating and encrypting traffic to servers • L2TP/IPsec for VPN connections • Site-to-site tunneling • Enforcing logical networks
How Domain Isolation Works To isolate a domain, configure the following components: • An AD DS domain • Member computers • Group Policy settings • Active IPsec policy settings To deploy domain isolation, configure GPO to require that all incoming connection requests and subsequent data be authenticated and protected by using IPsec
Tools Used to Configure IPsec To configure IPsec, you can use: • Windows Firewall with Advanced Security MMC (used for Windows Server 2008 R2 and Windows 7) • IP Security Policy MMC (Used for mixed environments and to configure policies that apply to all Windows versions) • Netsh command-line tool
Demonstration: How to Configure IPsec Settings In this demonstration, you will see how to: • View existing IPsec policies in Group Policy • Create a custom IPsec policy • Create a security rule • Create a new IP filter • Completing the Security Rule Wizard • Completing the IP Security Rule Wizard
Lesson 2: Configuring Connection Security Rules • What Are Connection Security Rules? • What Are Tunnel and Transport Modes? • Choosing Authentication Requirements • Authentication Methods • Demonstration: How to Configure a Connection Security Rule
What Are Connection Security Rules? Connection security rules involve: • Authenticating two computers before they begin communications • Securing information being sent between two computers • Using key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: • Firewall rules allow traffic through, but do not secure that traffic • Connection security rules can secure the traffic, but creating a connection security rule does not allow traffic through the firewall
What Are Tunnel and Transport Modes? Encrypted IP Packet ESP TRLR ESP Auth ESP HDR New IP HDR IP HDR Data ESP Tunnel Mode ESP Transport Mode Encrypted Data ESP TRLR ESP Auth ESP HDRIP HDR IP HDR Data
Choosing Authentication Requirements Option Description Request Authentication for inbound and outbound connections Ask that all inbound/outbound traffic be authenticated, but allow the connection if authentication fails Require authentication for inbound connections and request authentication for outbound connections • Require inbound be authenticated or it will be blocked • Outbound can be authenticated but will be allowed if authentication fails Require authentication for inbound and outbound connections Require that all inbound/outbound traffic be authenticated or the traffic will be blocked
Choosing an Authentication Method Method Key Points Default Use the authentication method configured on the IPsec Settings tab Computer and User (Kerberos V5) You can request or require both the user and computer authenticate before communications can continue; domain membership required Computer (Kerberos V5) Request or require the computer to authenticate using Kerberos V5 Domain membership required User (Kerberos V5) Request or require the user to authenticate using Kerberos V5; domain membership required Computer certificate • Request or require a valid computer certificate, requires at least one CA • Only accept health certificates: Request or require a valid health certificate to authenticate, requires IPsec NAP Advanced Configure any available method; you can specify methods for First and Second Authentication
Demonstration: How to Configure a Connection Security Rule In this demonstration, you will see how to: • Enable ICMP traffic on NYC-SVR1 • Create a server to server rule on NYC-SVR1 • Create a server to server rule on NYC-CL1 • Test the rule
Lesson 3: Configuring IPsec NAP Enforcement • IPsec Enforcement for Logical Networks • How IPsec NAP Enforcement Works • Deploying NAP with IPsec Enforcement
IPsec Enforcement for Logical Networks SHAs NAP agent NAP ECs Restricted Network Boundary Network Secure Network Non-NAP capable client Non-compliant NAP client NAP enforcement servers Remediation servers Compliant NAP client Secure servers NPS servers HRA VPN 802.1X DHCP NPS proxy SHAs NAP agent NAP ECs NAP administration server Network policies NAP health policies Connection request policies SHVs Certificate services E-mail servers NAP policy servers
IPsec NAP Enforcement includes: • Policy validation • NAP enforcement • Network restriction • Remediation • Ongoing monitoring of compliance How IPsec NAP Enforcement Works Intranet Remediation Servers Internet NAP Health Policy Server DHCP Server Health Registration Authority IEEE 802.1X Devices Active Directory VPN Server Restricted Network NAP Client with limited access Perimeter Network
Deploying NAP with IPsec Enforcement To deploy NAP with IPsec and HRA, you must: Configure relevant NPS policies Enable the NAP IPsec client-enforcement agent Install health registration authority Install and configure AD CS Configure Group Policy settings 1 2 3 4 5 Configure WSHVs6
Lesson 4: Monitoring and Troubleshooting IPsec • Monitoring IPsec by Using Windows Firewall with Advanced Security • Monitoring IPsec by Using IP Security Monitor • Troubleshooting IPsec
Monitoring IPsec by Using Windows Firewall with Advanced Security • Use the Connection Security Rules and Security Associations nodes to monitor IPsec connections • Security Associations that can be monitored include: • Main Mode • Quick Mode The Windows Firewall in Windows 7 and Windows Server 2008 R2 incorporates IPsec
Monitoring IPsec by Using IP Security Monitor Options for using the IP Security Monitor: • Modify IPsec data refresh interval to update information in the console at a set interval • Allow DNS name resolution for IP addresses to provide additional information about computers connecting with IPsec • Computers can monitored remotely: • To enable remote management editing, the HKLMsystemcurrentcontrolsetservicespolicyagent key must have a value of 1 • To Discover the Active security policy on a computer, examine the Active Policy Node in the IP Security Monitoring MMC • Main Mode Monitoring monitors initial IKE and SA: • Information about the Internet Key Exchange • Quick Mode Monitoring monitors subsequent key exchanges related to IPsec: • Information about the IPsec driver
Troubleshooting IPsec Stop the IPsec Policy Agent and use the ping command to verify communications Verify firewall settings Start the IPsec Policy Agent and use IP Security Monitor to determine if a security association exists Verify that the policies are assigned Review the policies and ensure they are compatible 1 2 3 4 5 Use IP Security Monitor to ensure that any changes are applied6
Lab: Increasing Security for Network Communication • Exercise 1: Selecting a network security configuration • Exercise 2: Configuring IPsec to Authenticate Computers • Exercise 3: Testing IPsec Authentication Estimated time: 45 minutes Logon information Virtual machines 6421B-NYC-DC1 6421B-NYC-SVR1 6421B-NYC-CL1 User name ContosoAdministrator Password Pa$$w0rd
Lab Scenario Contoso Ltd. has implemented a new web-based Research application that contains confidential information such as product information. The application is secured by authenticating users by using a username and password. To enhance security, the director of Research would like the application to be accessible only from computers in the Research department. To meet the requirements specified by the director of Research, you will create a connection security rule that authenticates the computers in the Research department. Then you will create a firewall rule that ensures only authenticated computers from the Research department can access the application.
Lab Review • In the lab, you created an OU-specific policy for a specific application. If Contoso wanted to create a domain isolation rule, how would you go about it? • What method of authentication would you select?
Module Review and Takeaways • Review Questions • Tools

More Related Content

What's hot

802.11i
802.11i802.11i
802.11i
akruthi k
 
802 11 3
802 11 3802 11 3
802 11 3
rphelps
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
Content Rules, Inc.
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
Greater Noida Institute Of Technology
 
Vp ns
Vp nsVp ns
Vp ns
Ayano Midakso
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
Mostafa El Lathy
 
WPA2
WPA2WPA2
WPA2
Mshari Alabdulkarim
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
Tushar Anand
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installation
networkershome
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
Amy Gerrie
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
Robb Boyd
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
akruthi k
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
Lancope, Inc.
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
bhanu4ugood1
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
mark scott
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
Ravi Ranjan
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
VadimDavydov3
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
Fotios Lindiakos
 

What's hot (20)

802.11i
802.11i802.11i
802.11i
 
802 11 3
802 11 3802 11 3
802 11 3
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Vp ns
Vp nsVp ns
Vp ns
 
Palo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El LathyPalo alto outline course | Mostafa El Lathy
Palo alto outline course | Mostafa El Lathy
 
WPA2
WPA2WPA2
WPA2
 
Wireless security using wpa2
Wireless security using wpa2Wireless security using wpa2
Wireless security using wpa2
 
Mastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installationMastering checkpoint-1-basic-installation
Mastering checkpoint-1-basic-installation
 
FireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slidesFireSIGHT Management Center (FMC) slides
FireSIGHT Management Center (FMC) slides
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
 
What's New in StealthWatch v6.5
What's New in StealthWatch v6.5 What's New in StealthWatch v6.5
What's New in StealthWatch v6.5
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Wi fi protected-access
Wi fi protected-accessWi fi protected-access
Wi fi protected-access
 
Wireless security837
Wireless security837Wireless security837
Wireless security837
 
Iuwne10 S04 L05
Iuwne10 S04 L05Iuwne10 S04 L05
Iuwne10 S04 L05
 
KRACK attack
KRACK attackKRACK attack
KRACK attack
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
 

Viewers also liked

Commissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCommissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial Networks
Creekside Marketing Group, LLC
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication security
Dianoesis
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
amiable_indian
 
THE NETWORK Communication Group credentials jan 2014
THE NETWORK Communication Group credentials jan 2014 THE NETWORK Communication Group credentials jan 2014
THE NETWORK Communication Group credentials jan 2014
Saad El Zein
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
Creekside Marketing Group, LLC
 
Mba i-ifm-u-4-data communication and network
Mba i-ifm-u-4-data communication and networkMba i-ifm-u-4-data communication and network
Mba i-ifm-u-4-data communication and network
Rai University
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communication
Mohd Arif
 
Top 10 PC Maintenance Tasks That You Need To Remember
Top 10 PC Maintenance Tasks That You Need To RememberTop 10 PC Maintenance Tasks That You Need To Remember
Top 10 PC Maintenance Tasks That You Need To Remember
sherireid89
 
Security in Near Field Communication
Security in Near Field CommunicationSecurity in Near Field Communication
Security in Near Field Communication
Vinit Varghese
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
Zubair Nabi
 
Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...
sidhota
 
Protocols for internet of things
Protocols for internet of thingsProtocols for internet of things
Protocols for internet of things
Charles Gibbons
 
Computer Network | BBA First Semester
Computer Network | BBA First SemesterComputer Network | BBA First Semester
Computer Network | BBA First Semester
Hem Pokhrel
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNA
Matteo Masi
 
communication and network concepts
communication and network concepts communication and network concepts
communication and network concepts
Gunjan Mathur
 
Computer Networking : Principles, Protocols and Practice - lesson 1
Computer Networking : Principles, Protocols and Practice - lesson 1Computer Networking : Principles, Protocols and Practice - lesson 1
Computer Networking : Principles, Protocols and Practice - lesson 1
Olivier Bonaventure
 
Communication & network devices
Communication & network devicesCommunication & network devices
Communication & network devices
Harman Grewal
 
Realtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and othersRealtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and others
Olle E Johansson
 
Physical Layer Security in Wireless Communication Systems
Physical Layer Security in Wireless Communication SystemsPhysical Layer Security in Wireless Communication Systems
Physical Layer Security in Wireless Communication Systems
Ali Rahmanpour
 
Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013
Shane Turner
 

Viewers also liked (20)

Commissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCommissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial Networks
 
Internet transaction and communication security
Internet transaction and communication securityInternet transaction and communication security
Internet transaction and communication security
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
THE NETWORK Communication Group credentials jan 2014
THE NETWORK Communication Group credentials jan 2014 THE NETWORK Communication Group credentials jan 2014
THE NETWORK Communication Group credentials jan 2014
 
Smart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of ThingsSmart Networks for the Industrial Internet of Things
Smart Networks for the Industrial Internet of Things
 
Mba i-ifm-u-4-data communication and network
Mba i-ifm-u-4-data communication and networkMba i-ifm-u-4-data communication and network
Mba i-ifm-u-4-data communication and network
 
Data security in data communication
Data security in data communicationData security in data communication
Data security in data communication
 
Top 10 PC Maintenance Tasks That You Need To Remember
Top 10 PC Maintenance Tasks That You Need To RememberTop 10 PC Maintenance Tasks That You Need To Remember
Top 10 PC Maintenance Tasks That You Need To Remember
 
Security in Near Field Communication
Security in Near Field CommunicationSecurity in Near Field Communication
Security in Near Field Communication
 
AOS Lab 12: Network Communication
AOS Lab 12: Network CommunicationAOS Lab 12: Network Communication
AOS Lab 12: Network Communication
 
Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...Cyber security of smart grid communication: Risk analysis and experimental te...
Cyber security of smart grid communication: Risk analysis and experimental te...
 
Protocols for internet of things
Protocols for internet of thingsProtocols for internet of things
Protocols for internet of things
 
Computer Network | BBA First Semester
Computer Network | BBA First SemesterComputer Network | BBA First Semester
Computer Network | BBA First Semester
 
Cisco Security DNA
Cisco Security DNACisco Security DNA
Cisco Security DNA
 
communication and network concepts
communication and network concepts communication and network concepts
communication and network concepts
 
Computer Networking : Principles, Protocols and Practice - lesson 1
Computer Networking : Principles, Protocols and Practice - lesson 1Computer Networking : Principles, Protocols and Practice - lesson 1
Computer Networking : Principles, Protocols and Practice - lesson 1
 
Communication & network devices
Communication & network devicesCommunication & network devices
Communication & network devices
 
Realtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and othersRealtime communication security - SIP, XMPP and others
Realtime communication security - SIP, XMPP and others
 
Physical Layer Security in Wireless Communication Systems
Physical Layer Security in Wireless Communication SystemsPhysical Layer Security in Wireless Communication Systems
Physical Layer Security in Wireless Communication Systems
 
Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013Nfc security shane_turner_spring2013
Nfc security shane_turner_spring2013
 

Similar to 6421 b Module-09

Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
6421 b Module-05
6421 b Module-056421 b Module-05
6421 b Module-05
Bibekananada Jena
 
6421 b Module-07
6421 b Module-076421 b Module-07
6421 b Module-07
Bibekananada Jena
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
AliMohamed855266
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
Mohamed Shishtawy
 
Vp ns
Vp nsVp ns
Vp ns
Swarup Kumar Mall
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPN
mohannadalhanahnah
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
Desmond Devendran
 
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_201304090314557256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
ytrui
 
IPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information securityIPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information security
uselessacclmaoo
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
ThousandEyes
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
Wajahat Rajab
 
Balancing performance accuracy and precision for secure cloud transactions
Balancing performance accuracy and precision for secure cloud transactionsBalancing performance accuracy and precision for secure cloud transactions
Balancing performance accuracy and precision for secure cloud transactions
Papitha Velumani
 
NetBeez - Integration with Cisco DNA Center
NetBeez - Integration with Cisco DNA CenterNetBeez - Integration with Cisco DNA Center
NetBeez - Integration with Cisco DNA Center
NetBeez, Inc.
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
Waqas Ahmed Nawaz
 
Banking and ATM networking reports
Banking and ATM networking reportsBanking and ATM networking reports
Banking and ATM networking reports
Shakib Ansaar
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
AliAlwesabi
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptx
Angel Garcia
 
17 - Building small network.pdf
17 - Building small network.pdf17 - Building small network.pdf
17 - Building small network.pdf
PhiliphaHaldline
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
 

Similar to 6421 b Module-09 (20)

Chapter08
Chapter08Chapter08
Chapter08
 
6421 b Module-05
6421 b Module-056421 b Module-05
6421 b Module-05
 
6421 b Module-07
6421 b Module-076421 b Module-07
6421 b Module-07
 
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptxModule 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Vp ns
Vp nsVp ns
Vp ns
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPN
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_201304090314557256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
7256 ccna security_chapter_8_vpn_dl3_oz_20130409031455
 
IPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information securityIPS CONFIGURATion of devices. Information security
IPS CONFIGURATion of devices. Information security
 
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
Cisco Live Announcements: New ThousandEyes Release Highlights - July 2024
 
Telecommunications and Network Security Presentation
Telecommunications and Network Security PresentationTelecommunications and Network Security Presentation
Telecommunications and Network Security Presentation
 
Balancing performance accuracy and precision for secure cloud transactions
Balancing performance accuracy and precision for secure cloud transactionsBalancing performance accuracy and precision for secure cloud transactions
Balancing performance accuracy and precision for secure cloud transactions
 
NetBeez - Integration with Cisco DNA Center
NetBeez - Integration with Cisco DNA CenterNetBeez - Integration with Cisco DNA Center
NetBeez - Integration with Cisco DNA Center
 
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
CCNA (R & S) Module 02 - Connecting Networks - Chapter 7
 
Banking and ATM networking reports
Banking and ATM networking reportsBanking and ATM networking reports
Banking and ATM networking reports
 
VPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasuresVPN Guide to Network Defense and countermeasures
VPN Guide to Network Defense and countermeasures
 
M1-C17-Armando una red.pptx
M1-C17-Armando una red.pptxM1-C17-Armando una red.pptx
M1-C17-Armando una red.pptx
 
17 - Building small network.pdf
17 - Building small network.pdf17 - Building small network.pdf
17 - Building small network.pdf
 
IP security and VPN presentation
IP security and VPN presentation IP security and VPN presentation
IP security and VPN presentation
 

More from Bibekananada Jena

6421 b Module-14
6421 b Module-146421 b Module-14
6421 b Module-14
Bibekananada Jena
 
6421 b Module-13
6421 b Module-136421 b Module-13
6421 b Module-13
Bibekananada Jena
 
6421 b Module-12
6421 b Module-126421 b Module-12
6421 b Module-12
Bibekananada Jena
 
6421 b Module-11
6421 b Module-116421 b Module-11
6421 b Module-11
Bibekananada Jena
 
6421 b Module-10
6421 b Module-106421 b Module-10
6421 b Module-10
Bibekananada Jena
 
6421 b Module-08
6421 b Module-086421 b Module-08
6421 b Module-08
Bibekananada Jena
 
6421 b Module-06
6421 b Module-066421 b Module-06
6421 b Module-06
Bibekananada Jena
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04
Bibekananada Jena
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03
Bibekananada Jena
 
6421 b Module-02
6421 b Module-026421 b Module-02
6421 b Module-02
Bibekananada Jena
 
Course 6421B introduction
Course 6421B introduction Course 6421B introduction
Course 6421B introduction
Bibekananada Jena
 
6421 b Module-01 Planning and Configuring IPv4
6421 b Module-01 Planning and Configuring IPv46421 b Module-01 Planning and Configuring IPv4
6421 b Module-01 Planning and Configuring IPv4
Bibekananada Jena
 

More from Bibekananada Jena (12)

6421 b Module-14
6421 b Module-146421 b Module-14
6421 b Module-14
 
6421 b Module-13
6421 b Module-136421 b Module-13
6421 b Module-13
 
6421 b Module-12
6421 b Module-126421 b Module-12
6421 b Module-12
 
6421 b Module-11
6421 b Module-116421 b Module-11
6421 b Module-11
 
6421 b Module-10
6421 b Module-106421 b Module-10
6421 b Module-10
 
6421 b Module-08
6421 b Module-086421 b Module-08
6421 b Module-08
 
6421 b Module-06
6421 b Module-066421 b Module-06
6421 b Module-06
 
6421 b Module-04
6421 b Module-046421 b Module-04
6421 b Module-04
 
6421 b Module-03
6421 b Module-036421 b Module-03
6421 b Module-03
 
6421 b Module-02
6421 b Module-026421 b Module-02
6421 b Module-02
 
Course 6421B introduction
Course 6421B introduction Course 6421B introduction
Course 6421B introduction
 
6421 b Module-01 Planning and Configuring IPv4
6421 b Module-01 Planning and Configuring IPv46421 b Module-01 Planning and Configuring IPv4
6421 b Module-01 Planning and Configuring IPv4
 

Recently uploaded

Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...
Neny Isharyanti
 
ENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUM
ENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUMENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUM
ENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUM
HappieMontevirgenCas
 
Ardra Nakshatra (आर्द्रा): Understanding its Effects and Remedies
Ardra Nakshatra (आर्द्रा): Understanding its Effects and RemediesArdra Nakshatra (आर्द्रा): Understanding its Effects and Remedies
Ardra Nakshatra (आर्द्रा): Understanding its Effects and Remedies
Astro Pathshala
 
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdf
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdfThe Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdf
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdf
JackieSparrow3
 
Book Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docxBook Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docx
drtech3715
 
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptxBRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
kambal1234567890
 
Conducting exciting academic research in Computer Science
Conducting exciting academic research in Computer ScienceConducting exciting academic research in Computer Science
Conducting exciting academic research in Computer Science
Abhik Roychoudhury
 
(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening
MJDuyan
 
How to Install Theme in the Odoo 17 ERP
How to Install Theme in the Odoo 17 ERPHow to Install Theme in the Odoo 17 ERP
How to Install Theme in the Odoo 17 ERP
Celine George
 
Principles of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptxPrinciples of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptx
ibtesaam huma
 
Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17
Celine George
 
Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024
Elizabeth Walsh
 
Views in Odoo - Advanced Views - Pivot View in Odoo 17
Views in Odoo - Advanced Views - Pivot View in Odoo 17Views in Odoo - Advanced Views - Pivot View in Odoo 17
Views in Odoo - Advanced Views - Pivot View in Odoo 17
Celine George
 
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...
anjaliinfosec
 
The membership Module in the Odoo 17 ERP
The membership Module in the Odoo 17 ERPThe membership Module in the Odoo 17 ERP
The membership Module in the Odoo 17 ERP
Celine George
 
How to Show Sample Data in Tree and Kanban View in Odoo 17
How to Show Sample Data in Tree and Kanban View in Odoo 17How to Show Sample Data in Tree and Kanban View in Odoo 17
How to Show Sample Data in Tree and Kanban View in Odoo 17
Celine George
 
No, it's not a robot: prompt writing for investigative journalism
No, it's not a robot: prompt writing for investigative journalismNo, it's not a robot: prompt writing for investigative journalism
No, it's not a robot: prompt writing for investigative journalism
Paul Bradshaw
 
Delegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use CasesDelegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use Cases
Celine George
 
NLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptxNLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptx
MichelleDeLaCruz93
 

Recently uploaded (20)

Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...
 
ENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUM
ENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUMENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUM
ENGLISH-7-CURRICULUM MAP- MATATAG CURRICULUM
 
Ardra Nakshatra (आर्द्रा): Understanding its Effects and Remedies
Ardra Nakshatra (आर्द्रा): Understanding its Effects and RemediesArdra Nakshatra (आर्द्रा): Understanding its Effects and Remedies
Ardra Nakshatra (आर्द्रा): Understanding its Effects and Remedies
 
“A NOSSA CA(U)SA”. .
“A NOSSA CA(U)SA”. .“A NOSSA CA(U)SA”. .
“A NOSSA CA(U)SA”. .
 
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdf
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdfThe Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdf
The Jewish Trinity : Sabbath,Shekinah and Sanctuary 4.pdf
 
Book Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docxBook Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docx
 
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptxBRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
 
Conducting exciting academic research in Computer Science
Conducting exciting academic research in Computer ScienceConducting exciting academic research in Computer Science
Conducting exciting academic research in Computer Science
 
(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening
 
How to Install Theme in the Odoo 17 ERP
How to Install Theme in the Odoo 17 ERPHow to Install Theme in the Odoo 17 ERP
How to Install Theme in the Odoo 17 ERP
 
Principles of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptxPrinciples of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptx
 
Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17
 
Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024
 
Views in Odoo - Advanced Views - Pivot View in Odoo 17
Views in Odoo - Advanced Views - Pivot View in Odoo 17Views in Odoo - Advanced Views - Pivot View in Odoo 17
Views in Odoo - Advanced Views - Pivot View in Odoo 17
 
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...
Beginner's Guide to Bypassing Falco Container Runtime Security in Kubernetes ...
 
The membership Module in the Odoo 17 ERP
The membership Module in the Odoo 17 ERPThe membership Module in the Odoo 17 ERP
The membership Module in the Odoo 17 ERP
 
How to Show Sample Data in Tree and Kanban View in Odoo 17
How to Show Sample Data in Tree and Kanban View in Odoo 17How to Show Sample Data in Tree and Kanban View in Odoo 17
How to Show Sample Data in Tree and Kanban View in Odoo 17
 
No, it's not a robot: prompt writing for investigative journalism
No, it's not a robot: prompt writing for investigative journalismNo, it's not a robot: prompt writing for investigative journalism
No, it's not a robot: prompt writing for investigative journalism
 
Delegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use CasesDelegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use Cases
 
NLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptxNLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptx
 

6421 b Module-09

  • 1. Module 9 Increasing Security for Network Communication
  • 2. Module Overview • Configuring IPsec • Configuring Connection Security Rules • Configuring NAP with IPsec Enforcement • Monitoring and Troubleshooting IPsec
  • 3. Lesson 1: Overview of IPsec • Benefits of IPsec • Ways to Use IPsec • How Domain Isolation Works • Tools Used to Configure IPsec • Demonstration: How to Configure IPsec Settings
  • 4. Benefits of IPsec IPsec is a suite of protocols that allows secure, encrypted communication between two computers over an unsecured network • IPsec has two goals: to protect IP packets and to defend against network attacks • Configuring IPsec on sending and receiving computers enables the two computers to send secured data to each other • IPsec secures network traffic by using encryption and data signing • An IPsec policy defines the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated
  • 5. Ways to Use IPsec Recommended uses of IPsec include: • Packet filtering • Authenticating and encrypting host-to-host traffic • Authenticating and encrypting traffic to servers • L2TP/IPsec for VPN connections • Site-to-site tunneling • Enforcing logical networks
  • 6. How Domain Isolation Works To isolate a domain, configure the following components: • An AD DS domain • Member computers • Group Policy settings • Active IPsec policy settings To deploy domain isolation, configure GPO to require that all incoming connection requests and subsequent data be authenticated and protected by using IPsec
  • 7. Tools Used to Configure IPsec To configure IPsec, you can use: • Windows Firewall with Advanced Security MMC (used for Windows Server 2008 R2 and Windows 7) • IP Security Policy MMC (Used for mixed environments and to configure policies that apply to all Windows versions) • Netsh command-line tool
  • 8. Demonstration: How to Configure IPsec Settings In this demonstration, you will see how to: • View existing IPsec policies in Group Policy • Create a custom IPsec policy • Create a security rule • Create a new IP filter • Completing the Security Rule Wizard • Completing the IP Security Rule Wizard
  • 9. Lesson 2: Configuring Connection Security Rules • What Are Connection Security Rules? • What Are Tunnel and Transport Modes? • Choosing Authentication Requirements • Authentication Methods • Demonstration: How to Configure a Connection Security Rule
  • 10. What Are Connection Security Rules? Connection security rules involve: • Authenticating two computers before they begin communications • Securing information being sent between two computers • Using key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: • Firewall rules allow traffic through, but do not secure that traffic • Connection security rules can secure the traffic, but creating a connection security rule does not allow traffic through the firewall
  • 11. What Are Tunnel and Transport Modes? Encrypted IP Packet ESP TRLR ESP Auth ESP HDR New IP HDR IP HDR Data ESP Tunnel Mode ESP Transport Mode Encrypted Data ESP TRLR ESP Auth ESP HDRIP HDR IP HDR Data
  • 12. Choosing Authentication Requirements Option Description Request Authentication for inbound and outbound connections Ask that all inbound/outbound traffic be authenticated, but allow the connection if authentication fails Require authentication for inbound connections and request authentication for outbound connections • Require inbound be authenticated or it will be blocked • Outbound can be authenticated but will be allowed if authentication fails Require authentication for inbound and outbound connections Require that all inbound/outbound traffic be authenticated or the traffic will be blocked
  • 13. Choosing an Authentication Method Method Key Points Default Use the authentication method configured on the IPsec Settings tab Computer and User (Kerberos V5) You can request or require both the user and computer authenticate before communications can continue; domain membership required Computer (Kerberos V5) Request or require the computer to authenticate using Kerberos V5 Domain membership required User (Kerberos V5) Request or require the user to authenticate using Kerberos V5; domain membership required Computer certificate • Request or require a valid computer certificate, requires at least one CA • Only accept health certificates: Request or require a valid health certificate to authenticate, requires IPsec NAP Advanced Configure any available method; you can specify methods for First and Second Authentication
  • 14. Demonstration: How to Configure a Connection Security Rule In this demonstration, you will see how to: • Enable ICMP traffic on NYC-SVR1 • Create a server to server rule on NYC-SVR1 • Create a server to server rule on NYC-CL1 • Test the rule
  • 15. Lesson 3: Configuring IPsec NAP Enforcement • IPsec Enforcement for Logical Networks • How IPsec NAP Enforcement Works • Deploying NAP with IPsec Enforcement
  • 16. IPsec Enforcement for Logical Networks SHAs NAP agent NAP ECs Restricted Network Boundary Network Secure Network Non-NAP capable client Non-compliant NAP client NAP enforcement servers Remediation servers Compliant NAP client Secure servers NPS servers HRA VPN 802.1X DHCP NPS proxy SHAs NAP agent NAP ECs NAP administration server Network policies NAP health policies Connection request policies SHVs Certificate services E-mail servers NAP policy servers
  • 17. IPsec NAP Enforcement includes: • Policy validation • NAP enforcement • Network restriction • Remediation • Ongoing monitoring of compliance How IPsec NAP Enforcement Works Intranet Remediation Servers Internet NAP Health Policy Server DHCP Server Health Registration Authority IEEE 802.1X Devices Active Directory VPN Server Restricted Network NAP Client with limited access Perimeter Network
  • 18. Deploying NAP with IPsec Enforcement To deploy NAP with IPsec and HRA, you must: Configure relevant NPS policies Enable the NAP IPsec client-enforcement agent Install health registration authority Install and configure AD CS Configure Group Policy settings 1 2 3 4 5 Configure WSHVs6
  • 19. Lesson 4: Monitoring and Troubleshooting IPsec • Monitoring IPsec by Using Windows Firewall with Advanced Security • Monitoring IPsec by Using IP Security Monitor • Troubleshooting IPsec
  • 20. Monitoring IPsec by Using Windows Firewall with Advanced Security • Use the Connection Security Rules and Security Associations nodes to monitor IPsec connections • Security Associations that can be monitored include: • Main Mode • Quick Mode The Windows Firewall in Windows 7 and Windows Server 2008 R2 incorporates IPsec
  • 21. Monitoring IPsec by Using IP Security Monitor Options for using the IP Security Monitor: • Modify IPsec data refresh interval to update information in the console at a set interval • Allow DNS name resolution for IP addresses to provide additional information about computers connecting with IPsec • Computers can monitored remotely: • To enable remote management editing, the HKLMsystemcurrentcontrolsetservicespolicyagent key must have a value of 1 • To Discover the Active security policy on a computer, examine the Active Policy Node in the IP Security Monitoring MMC • Main Mode Monitoring monitors initial IKE and SA: • Information about the Internet Key Exchange • Quick Mode Monitoring monitors subsequent key exchanges related to IPsec: • Information about the IPsec driver
  • 22. Troubleshooting IPsec Stop the IPsec Policy Agent and use the ping command to verify communications Verify firewall settings Start the IPsec Policy Agent and use IP Security Monitor to determine if a security association exists Verify that the policies are assigned Review the policies and ensure they are compatible 1 2 3 4 5 Use IP Security Monitor to ensure that any changes are applied6
  • 23. Lab: Increasing Security for Network Communication • Exercise 1: Selecting a network security configuration • Exercise 2: Configuring IPsec to Authenticate Computers • Exercise 3: Testing IPsec Authentication Estimated time: 45 minutes Logon information Virtual machines 6421B-NYC-DC1 6421B-NYC-SVR1 6421B-NYC-CL1 User name ContosoAdministrator Password Pa$$w0rd
  • 24. Lab Scenario Contoso Ltd. has implemented a new web-based Research application that contains confidential information such as product information. The application is secured by authenticating users by using a username and password. To enhance security, the director of Research would like the application to be accessible only from computers in the Research department. To meet the requirements specified by the director of Research, you will create a connection security rule that authenticates the computers in the Research department. Then you will create a firewall rule that ensures only authenticated computers from the Research department can access the application.
  • 25. Lab Review • In the lab, you created an OU-specific policy for a specific application. If Contoso wanted to create a domain isolation rule, how would you go about it? • What method of authentication would you select?
  • 26. Module Review and Takeaways • Review Questions • Tools