Scribd Logo
Upload

Welcome to Scribd!

  • Ipsec

    Uploaded by

    Hoang Son
    13 views18 pages

    Original Title

    ipsec

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views18 pages

    Ipsec

    Uploaded by

    Hoang Son

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    Cc computer Windows 2000/XP/2003 c phng tin bo mt IP c tch hp c gi l IPSec (IP Security).

    IPSec l mt giao thc c thit k bo v cc TCP/IP packets truyn qua mng bng cch dng m ha kha cng -public key encryption. C th hnh dung n gin nh sau: Cc gi IP packet thng thng c bao bc bi gi Ipsec m ha -encrypted IPSec packet. V packet ny sau vn gi thuc tnh m ha cho n khi packet c nhn Computer u bn kia. IPsec mc nh c 3 ch : 1.Client (Respond Only): Giao tip bnh thng khng m ha. S dng quy tc mc nh giao tip vi cc server yu cu bo mt. Ch yu cu giao thc v cng giao thng vi ci server m ha. 2.Secure Server (Require Security): p dng cho tt c cc giao thng IP. Lun lun yu cu m ha, c m ha th giao tip cn khng c m ha th drop packet lun. 3.Server (Request Security): p dng cho tt c cc giao thng IP. C m ha th s giao tip bo mt, cn nu khng m ha th vn giao tip bnh thng (ko bo mt). Chng ti khng cp qu chi tit v cc tnh nng IPSec y, nhng cc bn ghi nh rng bn cnh kh nng m ha cc gi IP, th IPSec cn gip bn bo v server/workstation thng qua vic cu hnh mt s chc nng tng t firewall. Vy th lm sao bn c th bo v Computer mnh vi IPSec? Ch n gin bng cch thc hin mt policy ra lnh cho Computer hy ngn chnblock tt c cc lu thng IP c ch nh trong cc quy tc s thit lp -rules. Chn PING trn mt computer thc hin vic chn PING ti v t mt computer , bn cn to mt IPSec policy cho php block tt c ICMP traffic (Internet Control Message protocol, giao thc m Ping traffic s dng). Hnh di l cu trc ca ICMP packet m Ping s dng

    PING n mt Server v nhn phn hi:

    cu hnh trn mt computer tin hnh cc bc sau: Cu hnh cc IP Filter Lists v Filter actions (danh sch cc Ip filter v cc hnh ng a ra trn mi Ip filter ) 1.M MMC: Start > Run > nh lnh MMC.

    2.Chn File, Add/Remove Snap-in, chn tip Add v chn IP Security and Policy Management.

    3.Trong Select which computer this policy will manage (chn my tnh chnh sch ny s qun l) chn local computer. Click Close v click Ok.

    4.Right-click IP Security Policies trong khung tri ca MMC console. Chn Manage IP Filter Lists and Filter Actions.

    5.Bn khng cn phi cu hnh mt IP Filter ring cho ICMP (protocol c s dng cho lnh PING) bi v mt filter mc nh c sn tn ca n l All ICMP Traffic.

    Tuy nhinnu bn mun c th chng ta s mun cu hnh nhiu hn mt IP Filter cho ICMP. V d nh, bn mun ngn chn mt server tr li tt c cc PINGS, ngoi tr cc PINGs c th xc nh c gi t mt computer thuc phng h tr k thut ca cty- Help Desk department. Trong trng hp ny, bn nn thm vo mt IP Filter mi xc nh r IP address ngun (help desk), IP Addresses ch (server ca bn) , v giao thc ICMP c nhn s phn hi. Sau y l v d to cc IP Filters. 6.Trong Manage IP Filter Lists v Filter actions xem li cc filters cu bn xc lp v , click vo Manage Filter Actions tab. By gi bn cn a ra quyt nh c th (filter action) tin hnh ngn chn cc traffic mong mun, click Add.

    7.Trong Welcome screen, click Next. 8.Trong Filter Action Name , in vo Block v click Next.

    9.Trong Filter Action General Options , click Block , click Next.

    10.Quay tr li Manage IP Filter Lists v Filter actions, xem li cc filters ca bn, click Close. Bn c th add Filters v Filter Actions ti bt c thi im no .

    Bc k tip l cu hnh IPSec Policy v p t. Cu hnh chnh sch IPSec Policy 1.Trong MMC console, right-click IP Security Policies on Local Computer , chn Create IP Security Policy.

    2.Trong Welcome screen , click Next 3.Trong IP Security Policy Name , in vo tn m t policy, chng hn nh "Block PING". Click Next

    4.Trong Request for Secure Communication window, click xa Active the Default Response Rule trong check-box. Click Next

    5.Trong Completing IP Security Policy Wizard window, click Finish.

    6.By gi chng ta cn thm vo cc IP Filters v Filter Actions khc nhau cho IPSec Policy. Trong IPSec Policy window mi ny, click Add bt u thm vo cc IP Filters v Filter Actions.

    7.Trong Welcome window, click Next. 8.Trong Tunnel Endpoint , m bo rng xc lp mc nh -default setting, c chn v click Next.

    9.Trong Network Type windows, chn All Network Connections v click Next.

    10.Trong IP Filter List window chn "All ICMP Traffic" (hoc bt c IP Filter no config bc #5). V mt l do no , nu bn cha config IP Filter trc , gi y c th nhn Add v bt u khi to. Khi thc hin, click Next.

    11.Trong Filter Action window chn "Block". (nu trc bn chacu hnh Filter Action ng c th thc hin li y, bng cch nhn Add v khi ta. Khi thc hin, click Next.

    12.Nhn thy IP Filter c to.

    Ngoi nhng cu hnh thc hin, bn c th to tip bt k s kt hp no gia IP Filters v Filter Actions m bn mun. Bn c nhn thy rng bn khng th thay i trnh t sp xp ca chng nh trn cc firewalls thc th ?. Bt chp iu ny, cu hnh chng ta va thc hin s lm vic hon ho ... Giai on k tip l p t IPSec Policy. p t IPSec Policy 1.Ti cng MMC console, right-click vo IPSec Policy mi v chn Assign.

    Cui cng bn cn update ci policy va to ra bng cu lnh; Start => Run => cmd => gpupdate /force. By gi bn kim tra li lnh Ping xem kt qu phn hi th no ri t rt ra kt qu nh.

    You might also like