IPSEC.pdf

8/14/2019 IPSEC.pdf

http://slidepdf.com/reader/full/ipsecpdf 1/16

Windows 2000/XP/2003 machines have a built-in IP security mechanism called IPSec(IP Security). IPSec is a protocol that’s designed to protect individual TCP/IP packetstraveling across your network by using public key encryption. In a nut shell, thesource PC encapsulates the normal IP packet inside of an encrypted IPSec packet.This packet then remains encrypted until it arrives at the destination PC.

This is not the place for a more detailed intro to the IPSec features, but know that

besides encryption, IPSec will also let you protect and configure yourserver/workstation with a firewall-like mechanism.

How can you block specific users from surfing the Internet with IPSec? Simply bycreating a policy element that will tell the computer to block all the specific IP trafficthat is configured by those rules. Internet traffic uses HTTP and HTTPS, which useTCP ports 80 and 443 respectively as their destination ports. By blocking this specifictraffic you will be able to stop a specific computer from browsing the Internet.

BTW, you can also Block Web Browsing but Allow Intranet Traffic with IPSec if you

want.

To block all Internet traffic to and from a computer you need to create an IPSecpolicy that will block all HTTP traffic. You can configure this policy specifically for onecomputer by manipulating that computers' IPSec policy, or, even better, you canconfigure the policy as a Group Policy Object (GPO) on a specific Site, Domain orOrganization Unit (OU). In order to configure a GPO you must have Active Directoryin place.

Block a single computer from surfing on the Internet

To configure a single computer follow these steps:

Configuring IP Filter Lists and Filter actions

. Open an MMC window (Start > Run > MMC).

2. Add the IP Security and Policy Management Snap-In.

8/14/2019 IPSEC.pdf


. In the Select which computer this policy will manage window select the local computer (or any other policy

depending upon your needs). Click Close then click Ok.

8/14/2019 IPSEC.pdf


4. Right-click IP Security Policies in the left pane of the MMC console. Select Manage IP Filter Lists and Filter

Actions.

. In the Manage IP Filter Lists and Filter actions click Add.

8/14/2019 IPSEC.pdf


6. In the IP Filter List window type a descriptive name (such as HTTP, HTTPS) and click Add to add the new filters.

7. In the Welcome window click Next.

8. In the description box type a description if you want and click Next.

8/14/2019 IPSEC.pdf


9. In the IP Traffic Source window leave My IP Address selected and click Next.

0. In the IP Traffic Destination window leave Any IP Address selected and click Next.

8/14/2019 IPSEC.pdf


1. In the IP Protocol Type scroll to TCP and press Next.

2. In the IP Protocol Port type 80 (for HTTP) in the To This Post box, and click Next.

8/14/2019 IPSEC.pdf


3. In the IP Filter List window notice how a new IP Filter has been added. Now, if you want, add HTTPS (Any IP to

Any IP, Protocol TCP, Destination Port 443) in the same manner.

4. Now that you have both filters set up, click Ok.

8/14/2019 IPSEC.pdf


Note: A quick reminder - You can also Block Web Browsing but Allow Intranet Traffic

with IPSec.

5. Back in the Manage IP Filter Lists and Filter actions review your filters and if all are set, click on the Manage

Filter Actions tab. Now we need to add a filter action that will block our designated traffic, so click Add.

6. In the Welcome screen click Next.

8/14/2019 IPSEC.pdf


Keep the Cash - Publish an App Get up to $2000 ... Microsoft App Builder

7. In the Filter Action Name type Block and click Next.

8. In the Filter Action General Options click Block then click on Next.

8/14/2019 IPSEC.pdf


9. Back in the Manage IP Filter Lists and Filter actions review your filters and if all are set, click on the Close

button. You can add Filters and Filter Actions at any time.

Next step is to configure the IPSec Policy and to assign it.

Configuring the IPSec Policy

. In the same MMC console right-click IP Security Policies on Local Computer and select Create IP Security Policy.

8/14/2019 IPSEC.pdf


2. In the Welcome screen click Next

. In the IP Security Policy Name enter a descriptive name, such as "Block HTTP, HTTPS". Click Next.

4. In the Request for Secure Communication window click to clear the Active the Default Response Rule check-box

Click Next.

8/14/2019 IPSEC.pdf


. In the Completing IP Security Policy Wizard window, click Finish.

6. We now need to add the various IP Filters and Filter Actions to the new IPSec Policy. In the new IPSec Policy

window click Add to begin adding the IP Filters and Filter Actions.

8/14/2019 IPSEC.pdf


7. In the Welcome window click Next.

8. In the Tunnel Endpoint make sure the default setting is selected and click Next.

9. In the Network Type windows select All Network Connections and click Next.

8/14/2019 IPSEC.pdf


0. In the IP Filter List window select one of the previously configured IP Filters, for example "HTTP, HTTPS"

(configured in step #6 at the beginning of this article). If, for some reason, you did not previously configure the

right IP Filter, then you can press Add and begin adding it now. When done, click Next.

1. In the Filter Action window select one of the previously configured Filter Actions, for example "Block"

(configured in step #15 at the beginning of this article). Again, if you did not previously configure the right

Filter Action, you can now press Add and begin adding it now. When done, click Next.

8/14/2019 IPSEC.pdf


2. Notice how the IP Filter has been added.

Again, you can add any combination of IP Filters and Filter Actions you like.

Notice that you cannot change their order like in other full-featured firewalls. Evenso, this configuration works perfectly as you will soon discover.

The next phase is to assign the IPSec Policy.

8/14/2019 IPSEC.pdf


Assigning the IPSec Policy

. In the same MMC console, right-click the new IPSec Policy and select Assign.

Done, you can now test the configuration by trying to surf to restricted andunrestricted websites.

Documents

IPSEC.pdf