Windows 7

1. Microsoft Windows 7 tutorials 2. Module 1- Installation, Upgrading, and Migrating to Windows 7 tutorials 3. Editions of Windows 7 tutorials 4. Hardware Requirements for Installing Windows 7 tutorials 5. You can install Windows 7 in following different ways, including: 6. Consideration for Upgrading v/s Migrating tutorials 7. What is Migration tutorials 8. Migrating User Data and Settings tutorials 9. Performing an Image-Based Installation of Windows 7 tutorials 10.Configuring Disks and Device Drivers tutorials 11. Partitioning Disks in Windows 7 tutorials 12.GUID - GPT Disk tutorials 13.Disk Management tools tutorials 14. Simple Volume tutorials 15. Spanned and Striped Volumes tutorials 16. Maintaining Disks, Partitions, and Volumes tutorials 17. Disk Quota tutorials 18.Working with VHD Virtual Hard Disk tutorials 19. Device Driver in Windows 7 tutorials 20.System Restore tutorials 21.LAST KNOWN GOOD CONFIGURATION tutorials 22.Configure and Trouble shoot Network Connections tutorials 23.What is an IPv4 Address tutorials 24. Note - IPV4 25. IPv4 address classes tutorials 26.Default Gateway tutorials 27.Public and Private IPv4 Address tutorials 28.IPv6 Network Connectivity tutorials 29.IPv6 UNICAST ADDRESSES tutorials 30. IPv4 Address can be assigned by following types tutorials 31.Implementing Name Resolution tutorials 32. Trouble Shooting Network Connectivity tutorials 33. Implementing Wireless Security tutorials 34.Wireless network Technologies tutorials 35.What is Wireless Broadband tutorials 36.IEEE 802.11 tutorials 37.Wireless Network Configuration tutorials 38. Security Types tutorials 39. Implementing Network Security tutorials 40.Configuring Windows Firewall tutorials 41.Ports and Application tutorials 42.Important Application, Protocol and Port Number tutorials 43.Configure Inbound and Outbound Rules tutorials 44. Securing Network traffic tutorials

Securing Network traffic tutorials

  • Now let us understand how we can secure network Traffic, so it's time to understand

  • What is IPSec.

  • Benefit of IPsec.

  • Tools and configuring IPsec.

  • Authentication Method

  • Monitoring IPsec.

 

What is IPsec.

  • IPsec is a mature, state-of-the-art, IETF (Internet Engineering Task Force) designed security protocol that provides defence-in-depth against network based attacks from untrusted computers.

  • IPsec (Internet Protocol Security) is a protocol suite for securing Internet Protocol communications by authenticating and encrypting each IP packet of communication between two computers.

  • IPSec is designed to provide the following security features when transferring packets across networks:

  • Authentication: Verifies that the packet received is actually from the claimed sender.

  • Integrity: Ensures that the contents of the packet did not change in transit.

  • Confidentiality: Conceals the message content through encryption.

 

IPsec has two Modes.

  • ESP (Encapsulating Security Payload) - it will encrypt data through one of several available algorithms.

  • ESP can make use of DES (Data Encryption Standard), 3DES (Tripal Data Encryption Standard), AES (Advance Encryption Standard) or DES encryption algorithms in Windows Server 2008 R2.

  • Out of above algorithms, AES and 3DES are stronger encryption then DES and thatís why try to avoid DES.

  • AH (Authentication Header) - this will Signs traffic but does not encrypt it.

  • ESP and AH verify the integrity of all IP traffic. If a packet has been modified, the digital signature will not match and IPsec discards the packet.

  • IPsec provides protection from replay attacks. Both ESP and AH use sequence numbers. Therefore, if a malicious users captures packets for later replay are using numbers out of sequence. Using sequenced numbers IPsec ensures that an attacker cannot reuse or replay captured data.

 

Network environment ideal for IPsec

  • Packet Filtering - IPsec provides limited firewall capabilities. You can use IPsec with NAT (Network Address Translation) of Routing and Remote Access service to permit or block inbound or outbound traffic.

  • IPsec/L2TP - You can use IPsec and L2TP (Layer Two Tunneling Protocol) for all VPN connections.

  • Securing Traffic to Servers - IPsec can be used to secure all client computers connection that access with Servers.

  • Secure Server-to-Server or Subnet Traffic. IPsec can provide secure traffic between Server-to-Server or subnet. This can be used to provide secure traffic between Domain Controllers and Sites, Web Servers and Database Server etc.

  • Enforce Server/Domain Isolation - you can isolate Server, Domain and other resources to limit access to authentication. You can isolate network that must provide authentication to establish connectivity. This isolation prevents unauthorized users from accessing resources.

 

Network environment issue with IPsec

  • IPsec depends upon IP addresses for secure connection. Environment where dynamic IP addresses are used, will lead to complexity of IPsec policy.

  • IPsec leads to increase in network bandwidth, this leads to reduce performance.

  • Use of IPsec may leads to application compatibility issue.

  • IPsec cannot negotiate security for multicast and broadcast traffic.

  • IPsec tunnel mode policies are not optimized for mobile clients with dynamic IP addresses.

  • We do not recommend IPsec for providing security for 802.11 wireless local area network. Instead we recommend you to use WPA (Wi-Fi Protected Access) or WPA2 encryption.

 

Firewall rules and IPsec Connection Security Rules

  • Firewall rules allow traffic through the firewall, but firewall does not secure traffic.

  • To secure traffic we need IPsec - Connection Security Rule.

  • However when you create Connection Security Rule, it does not allow traffic through the Firewall, you therefor must create firewall rule to do this if traffic is not allowed by Firewall default rules.

  • Connection Security Rules do not apply to programs and Services, it apply between two or specified computers.

 

Connection Security rules

  • Connection security rules involve the authentication of two computers before they begin communications and the securing of information sent between two computers.

  • Connection Security Rules uses IPsec (Internet Protocol security) to secure traffic while it crosses the network.

  • IPsec achieve connection security by using key exchange, authentication, data integrity and data encryption.

 

You can create following connection security rule types.

Isolation

  • An isolation rule restricts connections based on authentication criteria that you specify. For example, you can use Isolation rule type isolate computers in your domain from computers outside your domain. It request / require authentication for inbound and outbound connections.

 

Authentication exemption

  • You can use this rule to exempt specify computer, group or computers from IP address range from being required to authenticate themselves regardless of other connections security rules.

 

Server-to-Server

  • This rule protects connection between specific computers, between two group of computers or between two subnet.

  • You might use this rule to authenticate the traffic between a database server and other computers, or between infrastructure computer and other servers.

 

Tunnel

  • Use this rule type to secure communication traveling between two peer computers through tunnel endpoints, such as VPN (Virtual Private Networking) or L2TP (Layer Two Tunnel Protocol).

 

Custom Rules

  • You can specify custom rule for connection based on condition between two endpoints for authentication Firewall rules do not cover.

  • You need to specify IP address, authentication type, Authentication method Protocol Type and so on.

  • The connection Security Rule wizard at one point need you to set up Authentication Method to configure.

Following are Authentication method.

  • Default - this will default authentication method that is configured on IPsec settings tab of Windows Firewall with Advance Security Properties dialog box.

  • Computer and User (Kerberos V5) - you can use this method only when computers and users are domain member. This method uses both computer and user authentication, which means that you can request or require both computer and user authenticate before communication begins.

  • Computer (Kerberos V5) - you can use this method only when both the Computers are domain members. This method request or require the computer authentication using Kerberos V5 protocol.

  • User (Kerberos V5) - you can use this method only when user is a domain member. This method request or require the user authentication using Kerberos V5 protocol.

  • Computer Certificate - you can use this method when Computers are not part of same AD DS domain. This method request or require a valid computer certificate to authentication and you have at least one CA (Certificate Authority) to validate certificate.

  • Only Accept Health Certificates - these certificates are distributed by NAP (Network Access Protections) health policy server. This method request or require valid health certificate to authenticate that a computer has met system health requirement.

  • Advance - this method helps you to specify First Authentication and Second Authentication method. First Authentication method includes Computer (Kerberos V5), Computer (NTLMv2), Computer Certificate, and a pre-shared key (not recommended). Second Authentication method includes User Kerberos, User NTLM, User certificates, Computer Health Certificate.

  • Second Authentication method is available only for Computer running Windows Vista, Windows 7, Windows 8, Windows Server 2008 and R2 and Windows Server 2012

border