Windows Security
  Home arrow Windows Security arrow Page 5 - Hardening Communications
ASP Free Forums 
.NET  
ASP  
ASP Code  
ASP.NET  
ASP.NET Code  
BrainDump  
C#  
Code Examples  
Database  
Database Code  
IIS  
Microsoft Access  
MS SQL Server  
Visual Basic.NET  
Windows Scripting  
Windows Security  
XML  
ASP Web Hosting  
ASP.NET Web Hosting 
Dedicated Servers 
Actuate Whitepapers 
Moblin 
JMSL Numerical Library 
Windows Web Hosting
 
IBM® developerWorks 
Sun Developer Network 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WINDOWS SECURITY

Hardening Communications
By: McGraw-Hill/Osborne
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 4 stars4 stars4 stars4 stars4 stars / 4
    2004-10-06

    Table of Contents:
  • Hardening Communications
  • Use IPSec Policies
  • Use IPSec for Confidentiality
  • Use IPSec to Manage Connections
  • Protect IPSec-Protected Computers During Startup
  • Protect WAN Communications
  • Harden NT 4.0 Remote Access Server Configuration
  • Harden Client Access
  • Use L2TP/IPSec VPNs
  • Harden Remote Access Clients
  • Secure Wireless Access
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Ajax Application Generator Generate database and reporting .NET Web apps in minutes. Quickly create visually stunning, feature-rich apps that are easy to customize and ready to deploy. Download Now!

    Hardening Communications - Protect IPSec-Protected Computers During Startup
    (Page 5 of 11 )

    When IPSec is used to protect communications, there is a brief period of time during computer startup when network connections are possible and yet IPSec is not enforced. This is the point after which the TCP/IP driver and the IPSec driver have started, but the IPSec Policy Agent service has not yet started and applied the local- or domain-configured IPSec policy. To protect computers during this critical time, you can set the computer startup mode to block and set a persistent IPSec policy. Persistent policies are in effect whether or not IPSec policies managed by the IPSec Policy Agent are.

    Set Computer Startup State: To set the computer startup state to block, use the following netsh command:

    netsh ipsec dynamic set config bootexemptions value=tcp:0:3389:inbound

    In some cases, you may want to be able to manage the computer (for recovery, for example) by using the Remote Desktop for Administration. You can set this capability by using this command. You must then create a persistent policy that will negotiate the connection between the computer and the administration station.

    Set Persistent Policy: To set a persistent policy, you must use the netsh command. It is not possible to do so using the GUI. A persistent policy is in effect as soon as the IPSec driver starts. You can use such a policy to block all communications, then, in your IPSec policy, Allow the communications required for the specific computer. Creating a persistent policy consists of two steps. First, create an IPSec policy using netsh and assign it. Next, set the policy to be persistent.

    A full discussion and tutorial on using netsh to create IPSec policies is beyond the scope of this book. Commands for assigning and making the policy persistent follow.

    NOTE Information on using the netsh ipsec command can be found in “Netsh Commands for Internet Protocol Security” at www.microsoft.com/resources/documentation/WindowsServ/2003/standard
    /proddocs/en-us/Default.asp?url=/resources/documentation/
    WindowsServ/2003/standard/proddocs/en-us/netsh_ipsec.asp    .

    To assign a policy named blockall:

    set policy name=blockall assign=yes

    Make the policy persistent:

    set store location=persistent

    This is from Hardening Windows Systems, by Roberta Bragg, (McGraw-Hill/Osborne, ISBN: 0072253541). Check it out at your favorite bookstore today. Buy this book now.

    Next: Protect WAN Communications >>
     

    More Windows Security Articles
    More By McGraw-Hill/Osborne


     
    >>> Be the FIRST to comment on this article!

    WINDOWS SECURITY ARTICLES

    - Advanced Data Protection in Windows
    - Basic Data Protection in Windows
    - Windows XP Security
    - Lucky You, Microsoft has Sent You an Email! ...
    - Implementing a PKI, Part III: Managing Micro...
    - Windows 2000 Security
    - A Security Roadmap
    - Implementing a Public Key Infrastructure (PK...
    - Hardening Communications
    - Windows Host Security: Network Security Hacks
    - Hardening Wireless LAN Connections, Part 2
    - Hardening Wireless LAN Connections Part 1
    - Windows Reverse Engineering
    - Microsoft's Latest Security Updates -- The G...
    - Cross Site Scripting (XSS): An Overview
    Find More Windows Security Articles
    Iron Speed




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway