Virtual private networks (VPNs) are generally considered to have very strong protection for data communications. Several different approaches to VPN security,Your privacy and security are important to us. Connection logs are erased every 24 hours and no VPN server traffic logs are stored
2. Table Of Contents
• Introduction
• Protocols
• Advantages/Disadvantages
• Why IPSEC?
• IPSEC Header Information
• Configuration
3. INTRODUCTION
• IPsec (Internet Protocol Security) is a framework for a set
of protocols for security at the network or packet
processing layer of network communication
5. Advantages/Disadvantages
Advantages Disadvantages
IPsec is that security arrangements can be handled
without requiring changes to individual user
computers.
IPSec is not limited to specific applications. There is
no way to predict what applications will traverse a
network However, it is guaranteed that they will be
routed with IP, making them IPSec compatible
Small Packets - When transmitting small packets,
the encryption process of IPSec generates a large
overhead. This diminishes the performance of the
network.
Through IP, IPSec can be applied in networks of all
sizes including LAN's to global networks.
Complexity - Because IPSec has a great number
of features and options, it is very complex.
Complexity increases the probability of the
presence of a weakness or hole. For example,
IPSec is weak against replay attacks
IPSec functions at a low network level, factors such as
users, applications, lower level data carrying
protocols, and transport technology will not affect the
performance of it.
Firewall - The implementation of IPSec defeats
the purpose of a firewall. This is because
firewalls are based on preconfigured rules, which
IPSec encrypts. This problem, however, can be
avoided if the firewall is used along with the
IPSec gateway, which is a decryption method.
6. WHY IP SECURITY
• The Internet Protocol (IP) has enormous advantages in the use of
packets. Each packet contains data that is small, easily handled and
maintained. However with these advantages of IP come the
disadvantages. The routing of these packets through the Internet as
well as other large networks makes them open to security risks such
as:
• Spoofing: a machine on the network acts as another
• Sniffing: another person is listening in on another's activity
• Session Hijacking: an attacker completely takes over another users
activities
• Current Internet protocols do not protect data sufficiently enough
during transfer. In order to ensure the integrity and security of the
data, a set of standard security Internet Protocols knows as IP Security
(IPSec) have been developed.
8. CONFIGURATION OF IPSEC IN
WINDOWS SERVER 2003
• Creating IP Sec Policy
• Click Start RUN > Secpol.msc to Start IP Security Policy Management
• Right Click on IP Security Local Policies on Computer, Click Create IP Security Policy
• Click Next , And then Enter Name of your policy “ Microsoft IPSec Policy”
• Building a Filter List from Host A to Host B
• In the new policy properties Click “Add to Create a New Rule”
• Click IP Filter List tab, then Lick Next
• Type an Appropriate name for the Filter list, and then click Next
• In the Source Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet Mask”
• In the destination Address Box, Click A Specific IP Subnet And Then Type the “IP Address and the Subnet
Mask”.
Cont….
9. BUILDING A FILTER LIST FROM HOST B – HOST A
• Click the IP Filter List tab, and then Click Add
• Type a Name for Filter List, Click to Clear the Use Add Wizard Check
Box,And then Click Add.
• In the Source Address box, Click A Specific IP Subnet, and then type the IP
Address and the Subnet Mask for HOST B .
• In the Destination Box, Click A Specific IP Subnet , and then IP Address and
the subnet Mask for HOST A.
• Click to Clear Mirrored Check Box
• Click Ok
10. BUILDING A FILTER LIST FROM HOST B – HOST A
• Click the IP Filter List tab, and then Click Add
• Type a Name for Filter List, Click to Clear the Use Add Wizard Check
Box,And then Click Add.
• In the Source Address box, Click A Specific IP Subnet, and then type the IP
Address and the Subnet Mask for HOST B .
• In the Destination Box, Click A Specific IP Subnet , and then IP Address and
the subnet Mask for HOST A.
• Click to Clear Mirrored Check Box
• Click Ok