Moszi NET - Authentication and encryption with IPSec

you are here: home > blog

Authentication and encryption with IPSec

These days I was so excited about IPSec that I really had to find out how the encryption and authentication works :) ... Actually this is a very usefull feature as it prevents anybody who is not authenticated to access a service on your server - and this is done on the level of the IP protocol. That is the hacker won't be allowed to run a brute force attack on your RDP protocoll because he won't actually be able to communicate with the RDP server unless he is previously authenticated. So let me explain how this works...

As I said IPSec enables authentication and encryption. The first step - the authentication can be done in 3 different ways: using a certificate issued by a trusted certification authority, using active directory or using a passphrase. I've decided to choose the certificate-based-authentication as i don't have active directory and the passphrase seems to easy for me to crack with an network sniffer :) ...
Let me show you the way this certificate based authentication works:

First of all the server is configured to trust only clients that have a special certificate issued by a certificate authority - this means that the server does trusts a range of computers not only one, but actually every computer that has a certificate issued by the configured Certificate Authority ( probably not everybody will by certificates from verisign, comodo or godaddy :) so be aware that if you issue your own certificates that you have to explicitely trust the certificate authority both on the client and the server ).

That said, just be sure that:
1. the special type of IPSec ceritifacte is requested from the certification authority
2. the certificate authority is trusted on each machine

What we have to understand is that on every client that participates on secure IP communication an IPSec policy has to be created and activated. It's not enough just to get the certificate on the client machine - we need to create an IPSec policy on the client as well and we have to activate this policy otherwise IPSec won't be used...

Now on the other hand we can enable encryption on the authenticated traffic. If we have a telnet server which is well known by it's unsafe way of sending clear text username & password over the network - we can encrypt this traffic and nobody will ever be able to see your sensitive information ...

So here are 2 screenshots of the relevant IPSec configuration windows, check them out, and there is an MSDN article as well which explains in detail how to configure IPSec with a certificate: http://support.microsoft.com/kb/253498

add linkThe last comments:moszinet says:amugy: bluetooth, wifi van, irda nincs. 13.3 inches trubright kepernyo, 1 SD kartyaolvaso, taska nincs, eger normalis usb (ize .. csunya fekete ...), dvd iro van, floppy nincs. 150e ft -ot kerek erte. toshiba U30011V - novemberben vettem, nemzetkX says:mi van még rajta? bluetooth, irda, wifi? milyen a képernyő? kártyaolvasók; hány darab mit lehet beledugni? táska; egér; milyen színű? ugye van rajta dvd író? floppy? mennyit kérsz értgaba says:tök jó tipp, köszi, ez még jól jöehet! meken annyival egyszerűbb, hogy az address bookban eleve vannak csoportok, és azzal szinkronizálmoszinet says:eaposztrof: szerintem nem érdemes flash-re alapozni - sem java-ra. Ha megnézed a mobil alkalmazások zöme native. Standard UI, megszokott kezelhetőség. Nekem legalábbis ezek számítanak.Sanyi.NET says:You are now being upgraded from TRAITOR to ARCHITRAITOR. Congratulations! +10 skill points to SNOBBERY and +5 skill point to MAC_ADDICT. :))eaposztrof says:nem kell.. ime egy post ahonnan tovabb informalodhatsz a temaban: http://blog.meetup.hu/2008/10/23/novemberi-videok/ minden iphone kepes flasht futtatni, erre erdemes alapozni..Sanyi.NET says:nem csak áruló, hanem bűnöző is! telefonokat feltörtni - bűncselekmény!!! amugy tök jó teló :)))))))))

Sofisto, egypt, egipt, egyiptom, moszi, Molnar Szilveszter, Moszi, pagina personala, weboldal, aswan, cairo, piramide, pyramid, piramis, piramisok, auto, masina, opel corsa, sfantu gheorghe, sepsiszentgyorgy, st george, saint george, timisoara, romania, ungaria, Kefren, temesvar, magyarorszag, hungary, Chefren, Cheops, Keops, SMS, HURGHADA, Kartago Tours, photo, digital,