CCIS2400: Security Essentials

Lab 7.4 --- IPSec (Windows P!

"b#ecti$e At the end of this lab students will be able to configure, assign, and test a Windows XP IP Security Policy. IP Security Policies in Windows P Internet Protocol Security (IPSec) is a framework of o en standards for ensuring ri!ate, secure communications o!er Internet Protocol (IP) networks, through the use of cry togra hic security ser!ices. IPSec su orts network"le!el eer authentication, data origin authentication, data integrity, data confidentiality (encry tion), and re lay rotection. #he $icrosoft im lementation of IPSec is based on standards de!elo ed by the Internet %ngineering #ask &orce (I%#&) IPSec working grou . #he strong, cry togra hic"based authentication and encry tion that IPSec ro!ides is es ecially useful for securing traffic that must tra!erse untrusted network aths, such as on a large cor orate intranet or the Internet. IPSec is also es ecially useful for securing traffic that uses rotocols and a lications that do not ro!ide sufficient security for communications. Warnin% An IP Security Policy can com letely block all network communications. 'e sure to un"assign and remo!e all IP Security olicies created in this lab. &o So'tware &eeded #here is no software to be downloaded and(or installed to com lete this lab.

Copyright Center for Systems Security and Information Assurance

Information Assurance ) I

*ab $anual (+,.-)

.eleased/ 0(-0

Page 1.2.3 -

(-

)est IP connecti$ity 3. 4 en a 54S"Prom t window. .ecord these IP address/ $y IP address/ 6666 . 6666 . 6666 . 6666 $y 5efault 7W/ 6666 . 6666 . 6666 . 6666 Partner8s address/ 6666 . 6666 . 6666 . 6666 ,. 9an you successfully ing your default gateway: 6666666 9an you successfully ing your artner8s P9: 6666666 9an you successfully browse the Web: 6666666 5o not roceed further in this lab until the answer to all ; <uestions in =, is *ES.

Load Local Security Policy +ana%e,ent Sna--In 'or t.e ++C 1. *aunch the $icrosoft $anagement 9onsole/ Start /un ,,c 0"12 2. Add the IP Security Policy $anagement sna "in to $$9. 3ile 4dd5/e,o$e Sna--in IP Security Policy 4dd 3inis. 3. 9lose the Add(.emo!e Sna "In dialog bo>. Close "1 2. 5ouble click IP Security Policies on Local Co,-uter in the left side of the $$9. In the right side, right click and delete all security olicies. 0. In the right side of the $$9, right"click in the o en s ace, and select 4ll )as6s, and /estore 7e'ault Policies. #his will clear any changes that may ha!e been re!iously made to your olicies.

Copyright Center for Systems Security and Information Assurance

Information Assurance ) I

*ab $anual (+,.-)

.eleased/ 0(-0

Page 1.2.3 -

2-

Con'i%ure an IP Security Policy 3. In order to encry t(decry t correctly, you and your artner (classmate) ha!e to configure the same ?key@ ( ass hrase) for both P9s. .ecord the ass hrase you8re going to use here/

,. .ight click on Secure Ser$er (/e8uire Security! and click ro erties. .emo!e the 4ll IC+P )ra''ic rule. ;. Select the 4ll IP )ra''ic rule, and click the Edit button. Switch to the 4ut.entication +et.ods tab. 2. Select 1erberos and the Edit button. Select the 9se t.is strin% (-res.ared 6ey) radio button, and enter the ass hrase you and your artner agreed to use in =3. 0. 9lick 0"12 three times to return to the main $$9 window. A. Wait for your artner to com lete these ste s before roceeding.

4ssi%n and )est t.e IP Security Policy 3. .ight 9lick the Secure Ser$er (/e8uire Security! olicy and click 4ssi%n. 4nce the olicy is assigned, there will be a green circle on to of the icon, and it will show u as Bes on the Policy assigned column. ,. 9an you successfully ing your default gateway: 6666666 9an you successfully ing your artner8s P9: 6666666 9an you successfully browse the Web: 6666666 ;. Cn"assign the Secure Ser$er (/e8uire Security! olicy from one of the two com uters. 2. 9an you successfully ing your default gateway: 6666666 9an you successfully ing your artner8s P9: 6666666 9an you successfully browse the Web: 6666666
Copyright Center for Systems Security and Information Assurance

Information Assurance ) I

*ab $anual (+,.-)

.eleased/ 0(-0

Page 1.2.3 -

:-

+odi'yin% t.e Policy 3. .e"assign the Secure Ser$er (/e8uire Security! olicy. ,. 9hange the re"shared key on both P9s"""this time, do not use the same ass hrase. ;. 9an you successfully ing your default gateway: 6666666 9an you successfully ing your artner8s P9: 6666666 9an you successfully browse the Web: 6666666 4. .estored the IPSec olices to their default settings/ /t-clic6 4ll )as6s /estore 7e'ault Policies

4nalysis 3) &or which a lications are IP Security Policies best suited:

,) After working with Windows IP Security Policies, what about IPSec do you feel you should study further: Why:

;) Why should you use IPSec in a ublic network en!ironment:

4--endi; #he 4S en!ironment for this lab was Windows XP Professional, +ersion ,--,, Ser!ice Pack , (D(-2).

Copyright Center for Systems Security and Information Assurance

Information Assurance ) I

*ab $anual (+,.-)

.eleased/ 0(-0

Page 1.2.3 -

4-