Planning A Microsoft Windows Server 2003 Network Chapter 10

Planning A Microsoft Windows Server 2003 Network Chapter 10...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 NetworkChapter 10: Planning and Managing IPSecurity70-293: MCSE Guide to Planning a Microsoft Win2ObjectivesDescribe IP Security issues and how the IPSec protocol addresses themChoose the appropriate IPSec mode for a given situationImplement authentication for IPSecEnable IPSecCreate IPSec policiesMonitor and troubleshoot IPSec70-293: MCSE Guide to Planning a Microsoft Win3Why IPSec Is ImportantIPSec provides security for IP-based networksAuthenticate both computers engaged in a conversationUse digital signatures to verify that data has not been tampered with while in transitEncrypt data while in transit70-293: MCSE Guide to Planning a Microsoft Win4How Hackers WorkIPv4 has no built-in security mechanisms to protect the communication between two hostsHackers can corrupt or eavesdrop on communicationsPacket sniffingData replayData modificationAddress spoofing70-293: MCSE Guide to Planning a Microsoft Win5Authentication, Encryption, and Digital SignaturesIPSec authenticates the endpoints of any IP-based conversation using IPSecEach participant must be known and trustedEncryption can be used by IPSec to hide the contents of data packets Digital signatures on each packet in a conversation ensure that a packet has not been modified70-293: MCSE Guide to Planning a Microsoft Win6Advantages of IPSecIPSec exists at the network layer of the TCP/IP architecture so most applications are unaware of itIPSec is a valuable addition to a network when data integrity or confidentiality are requiredIPSec is widely used by many vendors It is a standards protocol70-293: MCSE Guide to Planning a Microsoft Win7Disadvantages of IPSecPre-Windows 2000 operating systems from Microsoft do not support the IPSecIPSec can significantly slow network communicationOnly latest versions of IPSec can be routed through NAT, which is a serious limitation for remote usersIPSec adds complexity to a network70-293: MCSE Guide to Planning a Microsoft Win8Disadvantages of IPSec (continued)70-293: MCSE Guide to Planning a Microsoft Win9IPSec Modes The modes of operation define whether communication is secured between two hosts or two networks, and which IPSec services are usedWhen implementing IPSec, you must choose tunnel mode or transport modeMust choose AH mode or ESP mode 70-293: MCSE Guide to Planning a Microsoft Win10AH ModeUse AH mode when you are concerned about packets being captured with a packet sniffer and replayedAuthentication Headers (AH) mode enforces authentication of the two IPSec clients and includes a digital signature on each packetAuthenticates the two endpoints and adds a checksumChecksum guarantees that the packet is not modified in transit, including the IP headersAH mode does not provide data confidentiality, however; the payload of the packet is unencrypted 70-293: MCSE Guide to Planning a Microsoft Win...
View Full Document

Page1 / 51

Planning A Microsoft Windows Server 2003 Network Chapter 10...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online