Pokrewne
- Strona Główna
- Gayle Wald Crossing the Line, Racial Passing in Twentieth Century U.S. Literature and Culture (2000)
- Paul McDonald The Star System, Hollywood's Production of Popular Identities (2000)
- ABC systemu Windows XP
- Microsoft Windows XP Bible
- Windows XP dla ekspertów
- Griffin Laura Tracers 02 Nie do opisania
- Przez bezmiar nocy Veronica Rossi (2)
- Cook Robin Toksyna (4)
- Ziemkiewicz Rafal A Pieprzony los kataryniarza (3)
- Terry Pratchett 12 Wyprawa Cz
- zanotowane.pl
- doc.pisz.pl
- pdf.pisz.pl
- euro2008.keep.pl
[ Pobierz całość w formacie PDF ]
.The Allow unsecured communication with non IPSec-aware computeroption allows unsecured communications to or from another computer.This is appropriate if the computerslisted in the IP filter lists are not IPSec-enabled.However, if negotiations for security fail, this will disableIPSec for all communications to which this rule applies.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-07.html (1 of 4) [8/3/2000 6:54:39 AM] Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 ServerPerhaps the most important of these options is the session key Perfect Forward Secrecy.When you select thisoption you ensure that session keys or keying material are not reused, and new Diffie-Hellman exchangeswill take place after the session key lifetimes have expired.Click cancel to return to the Edit Rule Properties dialog box.Click the Authentication Methods tab.Here youcan select your preferred authentication method.Kerberos is the default authentication method.You caninclude other methods in the list, and each will be processed in descending order.You can click Add toinclude additional authentication methods, as shown in Figure 7.11.Figure 7.11 This is the Authentication Method configuration tab.Click the Tunnel Setting tab if the endpoint for the filter is a tunnel endpoint.Click the Connection Type tabto apply the rule to All network connections, Local area network (LAN), or Remote access, as shown inFigure 7.12.Figure 7.12 This is the Connection Type setting dialog box.You cannot delete the built-in policies, but you can edit them.However, it is recommended that you leave thebuilt-in policies as they are, and create new policies for custom requirements.Flexible Negotiation PoliciesSecurity method negotiation is required to establish an IPSec connection.You can use the default securitypolicies, or you can create your own custom policies.You can do so by using a wizard-based approach.Toadd a new filter action, which will be used to create a new security policy, click Add after selecting the FilterAction tab.When the wizard has completed, you can edit the security negotiation method.When you double-click on the Request Security (Optional) filter action, you will see the Request Security(Optional) Properties dialog box.If you select the Negotiate security option, and then click Add, you can adda new security method, as shown in Figure 7.13.Figure 7.13 This is the New Security Method dialog box for security negotiation.You may fine-tune your security negotiation method by selecting the Custom option, and then clickingSettings.After doing so, you will see the Custom Security Method Settings dialog box, as shown in Figure7.14.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-07.html (2 of 4) [8/3/2000 6:54:39 AM] Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 ServerFigure 7.14 This is the Custom Security Method Settings dialog box.Here you can configure whether you want to use AH, ESP, or both.For each option, you can select either theintegrity algorithm, encryption algorithm, or both.All algorithms supported in Windows 2000 are included.Session key lifetimes can be customized by entering new key generation intervals by amount of datatransferred or time span.FiltersRules are applied to source and destination computers or networks, based on their IP addresses.To create anew filter, you can avail yourself of the new filter wizard.To do this, return to the Edit Rule Propertiesdialog box, click on the IP Filter List tab, and then click Add.This brings up the IP Filter List dialog box,where you enter in the Name of the new filter and a description of the filter.Click Add to start the wizard.When the wizard starts, you see the Welcome dialog box.Click the next button.As shown in Figure 7.15,you choose the source address of the wizard.Your options appear after you click the down arrow on the listbox.Note that you can identify the source by individual IP address, all IP addresses, DNS name, or subnet.Click Next to continue.Figure 7.15 This is the way to specify a source IP address for a new filter.The next dialog box asks for the destination IP address.You are afforded the same options as when youdesignated the source.Click Next to continue through the wizard.At this point, you can select whichprotocols will be included in the filter.All protocols are included by default, but you can select from a list ofprotocols or define your own by selecting Other and entering a protocol number.The IP protocol selectiondialog box is shown in Figure 7.16.Figure 7.16 Select the protocol included in the new filter.Click Next, and then click Finish.Your new filter will appear in the IP filter lists included in the IP FilterList tab of the Edit Rule Properties dialog box.Creating a Security PolicyYou are the administrator of the network for a large hospital.The network is subdivided into multiplesubnets.The medical records department contains a large amount of data that must be kept secure.Thehospital would suffer a large amount of liability if security were breached.Computers within the medicalrecords department are closely monitored, and therefore the overhead of confidentiality is not required, butauthentication and integrity should be applied to intradepartmental communications.The medical records department must regularly send information to the hospital floor.The networkinfrastructure is more open to attack between the well-guarded medical records department and the lesssecure, open hospital environment.All computers within the medical records department are located innetwork ID 192.168.1.0, and all floor computers that access medical records database information are locatedon network ID 192.168.2.The default Class C subnet mask is used.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-07 [ Pobierz całość w formacie PDF ]
zanotowane.pl doc.pisz.pl pdf.pisz.pl agnieszka90.opx.pl
.The Allow unsecured communication with non IPSec-aware computeroption allows unsecured communications to or from another computer.This is appropriate if the computerslisted in the IP filter lists are not IPSec-enabled.However, if negotiations for security fail, this will disableIPSec for all communications to which this rule applies.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-07.html (1 of 4) [8/3/2000 6:54:39 AM] Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 ServerPerhaps the most important of these options is the session key Perfect Forward Secrecy.When you select thisoption you ensure that session keys or keying material are not reused, and new Diffie-Hellman exchangeswill take place after the session key lifetimes have expired.Click cancel to return to the Edit Rule Properties dialog box.Click the Authentication Methods tab.Here youcan select your preferred authentication method.Kerberos is the default authentication method.You caninclude other methods in the list, and each will be processed in descending order.You can click Add toinclude additional authentication methods, as shown in Figure 7.11.Figure 7.11 This is the Authentication Method configuration tab.Click the Tunnel Setting tab if the endpoint for the filter is a tunnel endpoint.Click the Connection Type tabto apply the rule to All network connections, Local area network (LAN), or Remote access, as shown inFigure 7.12.Figure 7.12 This is the Connection Type setting dialog box.You cannot delete the built-in policies, but you can edit them.However, it is recommended that you leave thebuilt-in policies as they are, and create new policies for custom requirements.Flexible Negotiation PoliciesSecurity method negotiation is required to establish an IPSec connection.You can use the default securitypolicies, or you can create your own custom policies.You can do so by using a wizard-based approach.Toadd a new filter action, which will be used to create a new security policy, click Add after selecting the FilterAction tab.When the wizard has completed, you can edit the security negotiation method.When you double-click on the Request Security (Optional) filter action, you will see the Request Security(Optional) Properties dialog box.If you select the Negotiate security option, and then click Add, you can adda new security method, as shown in Figure 7.13.Figure 7.13 This is the New Security Method dialog box for security negotiation.You may fine-tune your security negotiation method by selecting the Custom option, and then clickingSettings.After doing so, you will see the Custom Security Method Settings dialog box, as shown in Figure7.14.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-07.html (2 of 4) [8/3/2000 6:54:39 AM] Configuring Windows 2000 Server Security:IP Security for Microsoft Windows 2000 ServerFigure 7.14 This is the Custom Security Method Settings dialog box.Here you can configure whether you want to use AH, ESP, or both.For each option, you can select either theintegrity algorithm, encryption algorithm, or both.All algorithms supported in Windows 2000 are included.Session key lifetimes can be customized by entering new key generation intervals by amount of datatransferred or time span.FiltersRules are applied to source and destination computers or networks, based on their IP addresses.To create anew filter, you can avail yourself of the new filter wizard.To do this, return to the Edit Rule Propertiesdialog box, click on the IP Filter List tab, and then click Add.This brings up the IP Filter List dialog box,where you enter in the Name of the new filter and a description of the filter.Click Add to start the wizard.When the wizard starts, you see the Welcome dialog box.Click the next button.As shown in Figure 7.15,you choose the source address of the wizard.Your options appear after you click the down arrow on the listbox.Note that you can identify the source by individual IP address, all IP addresses, DNS name, or subnet.Click Next to continue.Figure 7.15 This is the way to specify a source IP address for a new filter.The next dialog box asks for the destination IP address.You are afforded the same options as when youdesignated the source.Click Next to continue through the wizard.At this point, you can select whichprotocols will be included in the filter.All protocols are included by default, but you can select from a list ofprotocols or define your own by selecting Other and entering a protocol number.The IP protocol selectiondialog box is shown in Figure 7.16.Figure 7.16 Select the protocol included in the new filter.Click Next, and then click Finish.Your new filter will appear in the IP filter lists included in the IP FilterList tab of the Edit Rule Properties dialog box.Creating a Security PolicyYou are the administrator of the network for a large hospital.The network is subdivided into multiplesubnets.The medical records department contains a large amount of data that must be kept secure.Thehospital would suffer a large amount of liability if security were breached.Computers within the medicalrecords department are closely monitored, and therefore the overhead of confidentiality is not required, butauthentication and integrity should be applied to intradepartmental communications.The medical records department must regularly send information to the hospital floor.The networkinfrastructure is more open to attack between the well-guarded medical records department and the lesssecure, open hospital environment.All computers within the medical records department are located innetwork ID 192.168.1.0, and all floor computers that access medical records database information are locatedon network ID 192.168.2.The default Class C subnet mask is used.http://corpitk.earthweb.com/reference/pro/1928994024/ch07/07-07 [ Pobierz całość w formacie PDF ]