-
November 27th, 2007, 06:54 PM
#1
The use of IPSec in Windows XP
I've been investigating the use of IPSec to limit internet connectivity and access to ports. The OS that I have is XP Pro SP2 and I have free ZoneAlarm. I've managed to set it up to do what I set out to do (as an academic exercise!). Having reviewed some of the articles available, it strikes me that IPSec is almost exclusively used within Windows 2000 or either Windows 2000 server or 2003. I've found little which mentions XP explicitly.
I realise that Windows 2000 and Windows XP are derivatives of the same basic OS so I suspect that much of what's written about IPSec relating to Windows 2000 will apply to Windows XP, but is that supposition correct? I get the impression that IPSec is being phased out (or has been already) but is that true? If so, what's taken over in XP? I know that there's Windows Firewall but, having played around with it, it doens't seem as flexible as IPSec to block traffic or ports. Maybe I'm not using it correctly!
I realise that some of the command line utilities are specific to the various Windows operating systems that I've mentioned. The use of IPSec seems a really useful technique and I can hardly believe what I'm perceiving about it being less used within XP than Windows 2000. Is my perception correct?
Thanks for your time (and patience!).
-
November 28th, 2007, 03:20 AM
#2
IPsec is still around. Actually (IIRC) it is a set of open protocols so it isn't particularly platform dependent.
It is supported by Windows 2000, XP, 2003, Vista, and the up and coming Server 2008.
Article here:
http://technet.microsoft.com/en-us/n.../bb531150.aspx
-
November 28th, 2007, 08:24 AM
#3
IPsec is basically encrypted IP over IP and is mainly used for VPNs.
And I'm not sure what you mean by using it to limit Internet connectivity and access to ports. That's not what it's there for.
http://en.wikipedia.org/wiki/IPsec
Last edited by SirDice; November 28th, 2007 at 08:27 AM.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 28th, 2007, 11:56 AM
#4
Thanks for the feedback. I realise that it's main use is in relation to VPNs but I've seen threads (elsewhere) about methods of preventing internet access. Some of these included adding a fake proxy, changing the routing table (<route add ....>) and the use of IPSec came up (hxxp://www.petri.co.il/block_web_browsing_with_ipsec.htm). This example links to another which details blocking internet but allowing intranet access.
As a follow on, I've seen in one of the IPSec wizards the possibility of specifying the "to" and "from" IP addresses, along with an encryption key. If I set this up on a peer to peer network, configuring two PCs to use IPSec and the same key, is it possible for me to demonstrate (for my own education) that traffic is, indeed, encrypted? I figured that I could set up the XP FTP server on one PC and access it from the other, sniffing traffic via a hub and Wireshark. The reason that I mention FTP is because I know that the traffic isn't encrypted. In other words, "if I set up an IPSec tunnel between two peers, is it guaranteed that all traffic passing between them will go through the tunnel or would I have to configure anything else?". Before someone mentions SSH for securing such traffic, I'm aware of it. I'd just like to become familiar with IPSec.
-
November 28th, 2007, 01:32 PM
#5
Originally Posted by Ignatius
In other words, "if I set up an IPSec tunnel between two peers, is it guaranteed that all traffic passing between them will go through the tunnel or would I have to configure anything else?".
Yes, make sure all the traffic gets routed through the tunnel and not around it. This means setting up the routing tables correctly.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
November 28th, 2007, 06:49 PM
#6
That's great news - thank you.
As I mentioned, I'll be setting it up in a peer to peer network so I shouldn't have to deal with a default gateway but I'll try to set up the routes from PC A to B and from PC B to A. I have no doubt that I'll post back if I run into problems doing this!
Similar Threads
-
By mohaughn in forum Microsoft Security Discussions
Replies: 9
Last Post: May 13th, 2006, 10:17 PM
-
By gore in forum Other Tutorials Forum
Replies: 10
Last Post: March 28th, 2005, 08:38 AM
-
By gore in forum Operating Systems
Replies: 11
Last Post: August 8th, 2004, 05:21 AM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 3
Last Post: October 4th, 2003, 11:54 PM
-
By Remote_Access_ in forum Security Archives
Replies: 9
Last Post: January 12th, 2002, 03:02 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|