Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 5: Designing Security for Internal Networks.

Published byMervyn Sherman Modified over 8 years ago

Similar presentations

Presentation on theme: "Module 5: Designing Security for Internal Networks."— Presentation transcript:

1 Module 5: Designing Security for Internal Networks

2 Module Overview Designing Windows Firewall Implementation Overview of IPSec Designing IPSec Implementation

3 Methods for Configuring Windows Firewall You can configure Windows Firewall by using: Basic Firewall configuration in Control Panel Windows Firewall with Advanced Security Group Policy

4 Benefits of IPSec Benefits of IPSec are: Authentication of communication Ensuring that data is not modified in transit Encrypting to secure communication Integrating with Windows Firewall rules as part of Network Access Protection (NAP) Protecting communication between two hosts or two networks

5 Connection Security Rules Connection security rules: Are new in Windows Server 2008 and Windows Vista Replace IPSec policies from previous versions of Windows Determine which network traffic is affected by IPSec Must exist on both hosts to be effective Apply to all traffic between hosts Can be applied to specific profiles

6 Types of Connection Security Rules Rule typeDescription Isolation Restricts connections based on criteria such as user, computer, or certificates Server-to-server Authenticates communication based on individual computer IP addresses or subnets Tunnel Secures communication between two computers that are acting as routers between two networks Authentication exemption Prevents specific computers or IP addresses from the requirement to authenticate Custom Allows access to options not available in the Wizard for creating other options

7 IPSec Authentication Authentication requirements specify when authentication is performed.  Request for inbound and outbound  Require for inbound and request for outbound  Require for inbound and outbound Authentication method specifies how authentication is performed.  Kerberos V5 (user, computer, or both)  NTLMv2 (computer)  Computer certificate  Preshared key

8 Deployment Methods for Connection Security Rules MethodDescription Windows Firewall with Advanced Security Is suitable for configuring a small number of hosts Is prone to errors during creation Netsh Is suitable for scripting Is configured in the “netsh advfirewall consec” context Group Policy Allows rules to be deployed to a large number of computers easily Reduces the chance of data entry errors during configuration Requires all computers to be a member of a domain Windows PowerShell Is suitable for scripting Accesses network settings through WMI objects

9 Determining the Authentication Method Authentication method Use Kerberos V5 security protocol Users and computers running Windows 2000 (and later versions) that are part of an Active Directory domain Public key certificate Internet access Remote access to corporate resources External business partners On computers that do not run the Kerberos V5 security protocol Preshared secret key When both computers must manually configure IPSec

10 Co-existence with IPSec Policies IPSec policies are still required for earlier versions of Windows operating systems IPSec policies can be used by Windows Vista and Windows Server 2008 IPSec policies and connection security rules can be applied at the same time

11 Integration with Windows Firewall Rules Windows Firewall rules can apply to specific users and computers Authentication by IPSec provides the user or computer identity to Windows Firewall rules Windows Firewall rules can require a secure connection for NAP

12 Guidelines for Designing IPSec Implementation Deploy with Group Policy Avoid combining IPSec policies and connection security rules Test thoroughly before implementation Use only when appropriate in your security plan

Download ppt "Module 5: Designing Security for Internal Networks."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.

Chapter 10 Securing Windows Server 2008 MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Module 3 Windows Server 2008 Branch Office Scenario.

Module 3 Windows Server 2008 Branch Office Scenario.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Similar presentations

Ads by Google