ipmanagement guide from security 365 vn

8/6/2019 IPManagement Guide From Security 365 VN

1/11

Qun L IP Security

Cc Bi Thc Hnh Trong Chng Ny Gm C:

Exercise 2.1: Enable IPSec trn Local Computer Exercise 2.2: Enabling IPSec cho tan Domain

Exercise 2.3: Cu hnh Policy cho IPSec Tunnel Mode Exercise 2.4: Sdng IP Security Monitor

Case Study.

Exercise 2.1: Enable IPSec Trn Local Computer

1. Click Start -> Run, nhp vo lnh MMC, v click OKm giao din console qun lcc snap-in.

2. Chn File -> Add/Remove Snap-In. Khi hp thai Add/Remove Snap-In xut hin, click

Add button.3. In Add Standalone Snap-In dialog box, chn IP Security Policy Management v click

Add button.


2/11

4. Hp thai Select Computer Or Domain xut hin. Chn Local Computer (default) radio

button v click Finish button.

5. Click Close button trn Add Standalone Snap-In.

6. Click OK button trn Add/Remove Snap-In.

7. Chn IP Security Policies On Local Computer node trn MMC.

8. Right-click Server (Request Security) policy v chn Assign.

9. Lc ny chng ta thy ct Policy Assigned ca Server (Request Security) policy chuynsang Yes.


3/11

chn IP Security Policies On Local Computer node in MMC. In right-hv pane of MMC,right-click Server (Request Security) policy v choose Properties. The Server (RequestSecurity) Properties xut hin.

7. The All IP Traffic rule is chned by default. Click Edit button. The Edit Rule Propertiesxut hin.

8. Switch to Filter Action tab. chn Request Security (Optional) filter action v n click Editbutton. The filter actions Properties xut hin.

9. Click Add button. When New Security Method xut hin, click Custom radio button v nclick Thit Lps button.

10. In Custom Security Method Thit Lps dialog box, check Data And Address IntegrityWithout Encryption (AH) checkbox, v in drop-down list, chn SHA1. Check DataIntegrity v Encryption (ESP) checkbox. Using drop-down lists under (ESP), set Integrityto SHA1 v Encryption to 3DES.

11. First check Generate A New Key Every checkbox v set key generation interval to

24,000 Kbytes. (Kbytes must be in range 20,4802,147,483,647Kb.) Then click nextGenerate A New Key Every checkbox v specify a key generation interval of 1800seconds.

12. Click OK button in Custom Security Method Thit Lps dialog box v n click OK in NewSecurity Method dialog box.

13. When Request Security (Optional) Properties xut hin, use Move Up button to movecustom filter you just defined to top of list.

14. Click OK button in Request Security (Optional) Properties dialog box.

15. Click Close button in Edit Rule Properties dialog box v n click OK button inServer (Request Security) Properties dialog box. Leave window open for next lab

Exercise 2.2: Enabling IPSec Cho Tan Domain

Trong bi lab ny, chng ta s enable ipsec tt c cc my tnh trong domain.

1. Click Start -> Run, nhp vo lnh MMC, v click OKm giao din qun l snap-in.

2. Chn File Add/Remove Snap-In. Khi hp thai Add/Remove Snap-In xut hin, clickAdd button.

3. Trn ca sAdd Standalone Snap-In, chn Group Policy Object Editor v click Addbutton.

4. Select Group Policy Object xut hin. Chn Browse button m ca sBrowse For AGroup Policy Object.

5. Chn Default Domain Policy v click OK button.


4/11

6. Click Finish button in chn Group Policy Object dialog box.

7. Click Close trn Add Standalone Snap-In v sau click OK button trn ca sAdd/Remove Snap-In.

8. M Default Domain Policy -> Computer Configuration -> Windows Settings-> SecuritySettings -> IP Security Policies on Default Domain Name.

9. Bn khung phi ca giao din qun l Domain Policy ta thy ba predefined policie.

10. Right-click Server (Request Security) policy v chn Assign bt chc nng IPSec chotan domain, lc ny chng ta thy ct Policy Assigned ca Server (Request Policy) hinth Yes.


5/11

Exercise 2.3: Cu hnh Policy Tunnel Mode policy

1. Trn giao din qun l IP Security Policies On Local Computer chn Create IP SecurityPolicy. Khi ca sIP Security Policy Wizard xut hin hy click Next.

2. t tn policy l Tunnel To B v click Next button.


6/11

3. Trn trang Requests For Secure Communication, turn off Activate Default ResponseRule checkbox v click Next button.

4. Click Finish trn trang tm tt cc thong tin v policy mi to v click Add trn khungthuc tnh ca Tunnel To B Properties m Welcome To The Create IP Security RuleWizard, sau click Next.


7/11

5. Trn ca sTunnel Endpoint chn The Tunnel Endpoint Is Specified By TheFollowing IP Address sau nhp vo a ch IP ca my B (172.16.1.11) v clickNext.

6. Trong trang Network Type hy chn Local Area Network (LAN) v click Next.


8/11

7. Chn All IP Traffic radio button v click Next.

8. Chn Request Security (Optional) radio button on Filter Action page v click Next.


9/11


10/11

Lc ny trn giao din chnh ta thy xut hin mt custom ipsec policy tn l Tunnel To B

Exercise 2.4: Adding IP Security Monitor

1. Quay tr li giao din qun l chnh v chn Add/Remove Snap-In trn menu File v clickAdd button.

2. chn IP Security Monitor in list of snap-ins v click Add button sau click Close vclick OK.


11/11

4. Lu li trng thi ca MMC bng cch chn File -> Save v t tn MMC l Security365

SCNP IPSec v click Save .

ipmanagement guide from security 365 vn

Documents