Planning A Microsoft Windows Server 2003 Network Chapter 10

Planning A Microsoft Windows Server 2003 Network Chapter 10...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 NetworkChapter 10: Planning and Managing IPSecurity70-293: MCSE Guide to Planning a Microsoft Win2Objectives•Describe IP Security issues and how the IPSec protocol addresses them•Choose the appropriate IPSec mode for a given situation•Implement authentication for IPSec•Enable IPSec•Create IPSec policies•Monitor and troubleshoot IPSec70-293: MCSE Guide to Planning a Microsoft Win3Why IPSec Is Important•IPSec provides security for IP-based networks•Authenticate both computers engaged in a conversation•Use digital signatures to verify that data has not been tampered with while in transit•Encrypt data while in transit70-293: MCSE Guide to Planning a Microsoft Win4How Hackers Work•IPv4 has no built-in security mechanisms to protect the communication between two hosts•Hackers can corrupt or eavesdrop on communications•Packet sniffing•Data replay•Data modification•Address spoofing70-293: MCSE Guide to Planning a Microsoft Win5Authentication, Encryption, and Digital Signatures•IPSec authenticates the endpoints of any IP-based conversation using IPSec•Each participant must be known and trusted•Encryption can be used by IPSec to hide the contents of data packets •Digital signatures on each packet in a conversation ensure that a packet has not been modified70-293: MCSE Guide to Planning a Microsoft Win6Advantages of IPSec•IPSec exists at the network layer of the TCP/IP architecture so most applications are unaware of it•IPSec is a valuable addition to a network when data integrity or confidentiality are required•IPSec is widely used by many vendors •It is a standards protocol70-293: MCSE Guide to Planning a Microsoft Win7Disadvantages of IPSec•Pre-Windows 2000 operating systems from Microsoft do not support the IPSec•IPSec can significantly slow network communication•Only latest versions of IPSec can be routed through NAT, which is a serious limitation for remote users•IPSec adds complexity to a network70-293: MCSE Guide to Planning a Microsoft Win8Disadvantages of IPSec (continued)70-293: MCSE Guide to Planning a Microsoft Win9IPSec Modes •The modes of operation define whether communication is secured between two hosts or two networks, and which IPSec services are used•When implementing IPSec, you must choose tunnel mode or transport mode•Must choose AH mode or ESP mode 70-293: MCSE Guide to Planning a Microsoft Win10AH Mode•Use AH mode when you are concerned about packets being captured with a packet sniffer and replayed•Authentication Headers (AH) mode enforces authentication of the two IPSec clients and includes a digital signature on each packet•Authenticates the two endpoints and adds a checksum•Checksum guarantees that the packet is not modified in transit, including the IP headers•AH mode does not provide data confidentiality, however; the payload of the packet is unencrypted 70-293: MCSE Guide to Planning a Microsoft Win...
View Full Document

{[ snackBarMessage ]}

Page1 / 51

Planning A Microsoft Windows Server 2003 Network Chapter 10...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online