Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
Authentication
|
There are three authentication methods
- Kerberos - Certificate - Preshared Key |
|
|
AH
|
Authentication Header
Specified as an IP Protocol 51 and defined in RFC 2402, AH provides data authentication, integrity, and anti-replay for the entire packet (including both the IP header and the data contained within the packet). Although it protects data from modification, AH does not provide data confidentiality (in other words, it does not encrypt the payload). Some information within the header is allowed to change in transit because of a need for modification as they are transmitted between routers. (Poulton, 2012 p.192) |
|
|
Connection Security Rule
|
By default, this branch does not contain any rules, Right-click it and choose New Rule to create riles that are used to determine limits applies to connections with remote computers.
(Poulton, 2012 p.174) |
|
|
Domain Isolation Policy
|
As you have seen, Windows Firewall with Advanced Security enables you to create connection security rules that specify the use of IPSec for securing network traffic. You can also use IPsec authentication to require each computer that is in AD DS domain member to positively identify the other computer to which it connects; this feature is known as domain isolation, because it effectively isolates these computers from any computer that do not belong
(Poulton, 2012 p.201) |
|
|
ESP
|
Encapsulating Security Payload
Specified as IP protocol 50 and defined in RFC 2406, ESP provide data confidentiality, authentication, integrity, and anti-replay for payload contained within each packet, but not the entire packet. Header information is allowed to change in transit. (Poulton, 2012 p.192) |
|
|
Filter Action
|
Click Add to specify a filter action that determines whether this rule will permit or block any traffic, or negotiate security. Several additional filter actions properties are available, as shown Figure 4-26.
-Permit or Block: -Negotiate Security ~ integrity and encryption ~ Accept unsecured communication, but always respond using IPSec ~Allow fallback to unsecured communication if a secure connection cannot be established ~Use session key perfect forward security (PFS) (Poulton, 2012 p.196) |
|
|
Firewall
|
Windows Firewall is a stateful host-based firewall that you can configure to allow or block specific, network traffic. It includes a packet filter that uses an access control list (ACL) specifying parameters (such as IP address, port number and protocol) that are allowed to pass through. When a user communicates with an external computer, the stateful firewall remembers this conversation and allows the appropriate reply packets to reach the user. Packets from an outside computer that attempts to communicate with a computer on which a stateful firewall is running are dropped nless the ACL contains rules permitting them.
(Poulton, 2012 p.165) |
|
|
Firewall Profile
|
Windows Firewall enables you to specify multiple profiles, each of which is a series of firewall settings customized according to the environment in which the computer is located.
- Domain Profile - Profile Profile - Public Profile (Poulton, 2012 p.166) |
|
|
Firewall Rule
|
The Windows Firewall with Advanced Security snap-in enables you to create inbound, outbound, and connection security rules, as described earlier in this section.
(Poulton, 2012 p.176) |
|
|
IPSec
|
IP Security
IPSec is a set of protocols that defines standards for securing communications across IP networks using cryptographic methods to protect data while in transit. The Internet Engineering Task Force (IETF) has developed standards for data integrity, authenication, encryption, and anti-replay as defined in RFCs 2401-2409. Note that these standards not only apply to Windows networks, but no networks involving all computer operating systems currently in use. All Windows Operating Systems from Windows 2000 onward support IPSec. You can use the Windows Firewall with Advanced Security Snap-In as well as Group Policy to configure the use of IPSec on Windows Server 2008-based networks. (Poulton, 2012 p.191) |
|
|
Server Isolation Policy
|
You can isolate specific domain member serversnto accept only authenticated and secured communication from other computers within the domain. This feature is known as server isolation, because it isolates the specified server and domain member client computers from other excluded machines. Furhtermore, you can extend the server isolation policy to limit communications to domain member computers that are members of specified security groups configured in AD DS.
(Poulton, 2012 p.201) |
|
|
Stateful Firewall
|
STATE: Enables you to turn firewall on or off for the selected profile and block or allow inbound and outbound connections. For inbound connections, you can either block connections with the configured exceptions or block all connections you want Windows firewall to help protect.
(Poulton, 2012 p.175) |
|
|
Transport Mode
|
Enables you to secure transmissions within a single network, such as server-to-server or client-to-server
(Poulton, 2012 p.191) |
|
|
Tunnel Mode
|
Enables you to secure communicationss between two computers by means of IPSec tunnel mode. We discuss IPSec modes later in this chapter. This encapsulated network paclets that are routed between the tunnel endpoints. You would typically use the rule type to secure connections across the Internet between security gateways. You can choose from several types of tunnels, as shown later in Figure 4-13; you can also exempt IPSec-protected computers from the defined tunnel.
(Poulton, 2012 p.181) |
|
|
Windows Firewall with Advanced Security
|
Advanced Encryption Standard (AES): Uses a symmetric block cipher that encrypts data in 128-bit blocks using a 128-bit, 192-bit, or 256-bit encryption key. This provides even greater security but with the need for greater processor utilization. Cipher block chaining is used to hide patterns of identical data blocks within each packet. AES is supported only on computers running windows server 2008/R2 and Windows Vista/7.
(Poulton, 2012 p.192) |
