IP Security Policy in Windows 2000 by Don Kiely Setting up

	Sign In Sign-Up

IPSec in Windows 2000 is a rather complicated process, but the benefits of implementing security at the transport level result in a far more secure network than was ever possible under Windows NT. Windows 2000 implements IPSec through the IP security policy, which controls how IPSec works in Windows 2000. The IP security policy consists of an IP filter list, filter action, authentication methods, tunnel setting, and a connection type. This week we'll examine each of these. The IP filter list can contain one or more IP filters, each specifying allowable IP source and destination addresses, protocol, and source and destination port numbers. Allowable addresses include the address of a computer receiving the security policy, a specific DNS name, a specific address, or a specific subnet. An IP filter also can filter any protocol, such as TCP, UDP, Internet Control Message Protocol (ICMP), and Raw IP. A security policy can contain multiple IP filters, but two communicating computers take further action only when both contain a matching filter. IPSec uses ISAKMP/Oakley -- discussed last week -- to negotiate the Security Association for communication between two computers. You must define security methods to specify how one computer talks to another, defined by choosing algorithms depending on your security requirements. You can define several security methods and put them in an ordered list according to your preference. The negotiation protocol moves down the list and chooses the first security method appearing on the negotiation policies of each of two communicating computers. The Windows 2000 implementation of IPSec uses one of three authentication methods: Kerberos, certificate, and pre-shared key. Not surprisingly, two communicating machines must use the same authentication method to validate each other. A Kerberos server maintains all NT/2000 computers' secret keys and users in its domain. When one machine needs to authenticate another machine in the domain, the first machine uses the Kerberos server for validation. Two machines in separate domains or networks will trust each other if a mutually trusted Certificate Authority (CA) signs their certificates. Shared keys must transfer from one party to another over a secure channel. If the channel isn't secure, an intruder can steal a shared key. You might need to place an IPSec tunnel server between two machines, and then use the tunnel server as a tunnel endpoint in the negotiation policy. You can also create a security policy specifying that remote computers traverse the tunnel server from the remote computers' public Internet address to the corporate network address. The IPSec tunnel setting in a negotiation policy contains a tunnel server's IP address or DNS name. The Windows 2000 implementation of IPSec supports two network connection types: LAN and remote access. A machine with a LAN-based security policy can talk to another machine only through a LAN adapter -- not through a dial-up modem. By adopting a LAN-based connection type, you can prevent users on remote computers from dialing up your network without using the appropriate remote access policy. Resources Study: MS Word documents can be tracked on Web Application's 'Web bug' can trail readers http://www2.itworld.com/cma/ett_article_frame/0,2848,1_2354,00.html Simplify PKI with Hybrid Auth, XAuth http://www2.itworld.com/cma/ett_article_frame/0,2848,1_2323,00.html VPN Consortium offers security seal of approval http://www2.itworld.com/cma/ett_article_frame/0,2848,1_1744,00.html ************************************************************************ STAY CONNECTED Linux Security Newsletter Rick Johnson explores Linux's strengths and weaknesses, and details the best offensive and defensive measures to fight security threats in this weekly newsletter. http://www.itworld.com/cgi-bin/w3-msql/newsletters/subcontent12.html