Transcript Chapter 10 PowerPoint

1
Chapter 10
SECURING
NETWORK
COMMUNICATIONS
Chapter 10: SECURING NETWORK COMMUNICATIONS
2
OVERVIEW
 Describe the function and utility of packet filtering.
 List the well-known port numbers used by common
applications and services.
 List the criteria you can use to filter network traffic.
 Describe the packet filtering functionality included
in Microsoft Windows Server 2003.
 List the major threats to network communications.
 Describe the functions of IPSec.
Chapter 10: SECURING NETWORK COMMUNICATIONS
OVERVIEW (continued)
 Understand the functions and architecture of the
IPSec protocols.
 List the components of a Windows Server 2003
IPSec implementation.
 List the default IPSec policies included with
Windows Server 2003 and their applications.
 Understand the functions of an IPSec policy’s
components.
 Use the IP Security Policies snap-in to manage
IPSec policies.
3
Chapter 10: SECURING NETWORK COMMUNICATIONS
4
SECURING COMMUNICATIONS WITH
PACKET FILTERS
 Packet filtering can protect computers from
destructive network traffic by selectively blocking
packets with particular characteristics.
 Firewalls commonly implement packet filtering to
allow legitimate network traffic while blocking
unauthorized traffic.
 Packet filtering can provide protection against data
compromise, viruses, and other hacker attacks.
Chapter 10: SECURING NETWORK COMMUNICATIONS
UNDERSTANDING PORTS AND PROTOCOLS
 The IP address defines which system should
receive the packet.
 The Protocol field in the IP packet specifies the
transport-layer protocol that should receive
the packet.
 Each transport-layer protocol has a Port field that
specifies the application that should be the final
recipient of the data in the packet.
5
Chapter 10: SECURING NETWORK COMMUNICATIONS
6
INTRODUCING PACKET FILTERING
 Packet filtering allows you to control network traffic
based on criteria such as IP addresses, protocols,
and port numbers.
 Packet filtering is most commonly used on routers
that provide access to the Internet.
 These routers can be hardware- or software-based.
Hardware routers typically offer better performance.
Chapter 10: SECURING NETWORK COMMUNICATIONS
PACKET FILTERING CRITERIA
7
Chapter 10: SECURING NETWORK COMMUNICATIONS
8
WINDOWS SERVER 2003 PACKET FILTERING
 TCP/IP Packet Filtering
 Routing and Remote Access Service (RRAS) packet
filtering
Chapter 10: SECURING NETWORK COMMUNICATIONS
USING TCP/IP PACKET FILTERING
9
Chapter 10: SECURING NETWORK COMMUNICATIONS
USING ROUTING AND REMOTE ACCESS
SERVICE PACKET FILTERING
10
Chapter 10: SECURING NETWORK COMMUNICATIONS
SECURING NETWORK TRANSMISSIONS
 Confidential data must be protected while it is in
transit over the network.
 Windows Server 2003 supports IPSec, which can
be used to protect data while in transit.
11
Chapter 10: SECURING NETWORK COMMUNICATIONS
EVALUATING THREATS
12
Chapter 10: SECURING NETWORK COMMUNICATIONS
INTRODUCING IPSec
 IP Security (IPSec) extensions offer security
to IP-based network traffic.
 IPSec protects data by digitally signing and
encrypting it before transmission.
 IPSec is a network-layer protocol, and can be
transmitted over any medium or device that
supports IP.
13
Chapter 10: SECURING NETWORK COMMUNICATIONS
14
IPSec FUNCTIONS
 IPSec encryption uses the Data Encryption Standard
(DES) or the Triple Data Encryption Standard (3DES).
 IPSec performs a number of security functions
including key generation, cryptographic checksums,
mutual authentication, replay prevention, and IP
packet filtering.
 Using IPSec prevents viewing, changing, or deleting
data in a packet. It also prevents IP address
spoofing.
Chapter 10: SECURING NETWORK COMMUNICATIONS
15
IPSec STANDARDS
 IPSec is based on standards that are being ratified
by the Internet Engineering Task Force (IETF).
 RFC 2411, “IP Security Document Roadmap,”
explains how the standards work together.
Chapter 10: SECURING NETWORK COMMUNICATIONS
IPSec PROTOCOLS
 The IPSec standards define two protocols:
 IP Authentication Header (AH)
 IP Encapsulating Security Payload (ESP)
16
Chapter 10: SECURING NETWORK COMMUNICATIONS
IP AUTHENTICATION HEADERS
17
Chapter 10: SECURING NETWORK COMMUNICATIONS
IP ENCAPSULATING SECURITY PAYLOAD
18
Chapter 10: SECURING NETWORK COMMUNICATIONS
TRANSPORT MODE AND TUNNEL MODE
 IPSec can operate in two modes: transport mode
and tunnel mode.
 Transport mode is used between IPSec-enabled
computer systems.
 Tunnel mode is used between IPSec-enabled
routers.
19
Chapter 10: SECURING NETWORK COMMUNICATIONS
TUNNEL MODE PACKET STRUCTURE
20
Chapter 10: SECURING NETWORK COMMUNICATIONS
L2TP TUNNELING
21
Chapter 10: SECURING NETWORK COMMUNICATIONS
22
DEPLOYING IPSec
 All versions of Windows since Windows 2000
support IPSec.
 IPSec policies define when and how systems should
use IPSec.
 IPSec implementations on Windows Server 2003
should be compatible with IPSec implementations
on other operating systems that conform to IETF
standards.
Chapter 10: SECURING NETWORK COMMUNICATIONS
IPSec COMPONENTS
 IPSec in Windows Server 2003 consists of the
following components:
 IPSec policy agent
 Internet Key Exchange (IKE)
 IPSec driver
23
Chapter 10: SECURING NETWORK COMMUNICATIONS
24
PLANNING AN IPSec DEPLOYMENT
 Using IPSec creates additional network traffic, and
increases processor overhead associated with
network communications.
 IPSec implementations can be configured for each
network environment using packet filtering.
 Backwards compatibility must be considered
because operating systems before Windows 2000
do not support IPSec.
Chapter 10: SECURING NETWORK COMMUNICATIONS
25
WORKING WITH IPSec POLICIES
 IPSec policies are administered through the IP
Security Policies MMC snap-in.
 IPSec policies define what traffic must be secured
and what actions are performed on traffic that does
or does not meet criteria.
 Three IPSec policies are created by default. More
can be created as required.
Chapter 10: SECURING NETWORK COMMUNICATIONS
USING THE DEFAULT IPSec POLICIES
26
Chapter 10: SECURING NETWORK COMMUNICATIONS
CREATING AN IPSec POLICY
 IPSec policies consist of three elements:
 Rules
 IP filter lists
 Filter actions
27
Chapter 10: SECURING NETWORK COMMUNICATIONS
CREATING A RULE
28
Chapter 10: SECURING NETWORK COMMUNICATIONS
CREATING A FILTER LIST
29
Chapter 10: SECURING NETWORK COMMUNICATIONS
30
CREATING A FILTER ACTION
 Filter actions allow you to determine what happens
to traffic conforming to the selected filter list.
 Three filter actions are available:
 Permit
 Request Security (Optional)
 Require Security
Chapter 10: SECURING NETWORK COMMUNICATIONS
31
CHAPTER SUMMARY
 Packet filtering is a method for regulating the
TCP/IP traffic based on criteria such as IP and
hardware addresses, protocols, and port numbers.
 Service-dependent filtering using port numbers
enables you to restrict traffic based on the
application that generated it or is destined to
receive it.
 Windows Server 2003 includes two packet-filtering
implementations: one in the TCP/IP client and one
in RRAS.
Chapter 10: SECURING NETWORK COMMUNICATIONS
32
CHAPTER SUMMARY (continued)
 IPSec is a set of extensions to the Internet Protocol
that provides protection for data as it is transmitted
over the network.
 The IP Authentication Header protocol provides
authentication, anti-replay, and data integrity
services, but it does not encrypt data.
Chapter 10: SECURING NETWORK COMMUNICATIONS
33
CHAPTER SUMMARY (continued)
 The IP Encapsulating Security Payload protocol
encrypts the information in IP datagrams, and
provides authentication, anti-replay, and data
integrity services.
 IPSec can operate in one of two modes: transport
mode secures communications between end users,
and tunnel mode secures WAN communications
between routers.
 The IPSec implementation in Windows Server 2003
consists of IPSec policy agent, Internet Key
Exchange (IKE), and the IPSec driver.
Chapter 10: SECURING NETWORK COMMUNICATIONS
CHAPTER SUMMARY (continued)
 Windows Server 2003 IPSec has three default
policies: Client (Respond Only), Secure Server
(Require Security), and Server (Request Security).
 IPSec policies consist of rules, IP filter lists, and
filter actions. A rule is a combination of IP filter
actions and filter lists.
34