How to Cheat at Securing Windows 2000 TCP/IP How to Cheat at Securing Windows 2000 TCP/IP Copyright 2003 by Syngress Publishing, all rights reserved How to Cheat at Being a Windows 2000 System Administrator __ Error! Bookmark not defined. TOPIC 1: A TCP/IP Primer ______________________________________________ 5 IP Address Classes and Subnets ________________________________________ 5 Subnets and Routing__________________________________________________ 5 TOPIC 2: The OSI Model ________________________________________________ 7 Seven Layers of the Networking World __________________________________ 7 TOPIC 3: The TCP/IP Protocol Suite_______________________________________ 8 TCP/IP Core Protocols ________________________________________________ 9 TCP ______________________________________________________________ 9 UDP______________________________________________________________ 9 IP__________________________________________________________________ 9 The Three-Way Handshake___________________________________________ 10 ARP_____________________________________________________________ 10 ICMP____________________________________________________________ 11 IGMP____________________________________________________________ 11 TCP/IP Applications_________________________________________________ 11 TOPIC 4: Windows 2000 TCP/IP Stack Enhancements _____________________ 13 NetBT and WINS ___________________________________________________ 13 DHCP ___________________________________________________________ 14 DNS_____________________________________________________________ 14 SNMP ___________________________________________________________ 14 TOPIC 5: Using TCP/IP Utilities _________________________________________ 15 ARP ______________________________________________________________ 15 Hostname __________________________________________________________ 15 Ipconfig ___________________________________________________________ 15 Nbtstat ____________________________________________________________ 16 Netstat ____________________________________________________________ 16 Nslookup __________________________________________________________ 17 Copyright 2003 by Syngress Publishing, All rights reserved 1 How to Cheat at Securing Windows 2000 TCP/IP Ping_______________________________________________________________ 17 Route _____________________________________________________________ 18 Tracert ____________________________________________________________ 18 Pathping___________________________________________________________ 19 Netdiag ____________________________________________________________ 20 SNMP _____________________________________________________________ 21 How Does SNMP Work? ____________________________________________ 21 Installing the Agent_________________________________________________ 22 TOPIC 6: Using Windows 2000 Monitoring Tools ___________________________ 24 Basic Monitoring Guidelines __________________________________________ 24 Performance Logs and Alerts _________________________________________ 24 Counters___________________________________________________________ 25 Log File Format_____________________________________________________ 25 Alerts _____________________________________________________________ 25 Network Monitor ___________________________________________________ 26 Filtering__________________________________________________________ 26 Security Issues ____________________________________________________ 26 Using Network Monitor _____________________________________________ 26 Capture Window Panes______________________________________________ 26 Buffer ___________________________________________________________ 27 Collecting Data ____________________________________________________ 27 Filtered Captures___________________________________________________ 28 Filtering by Address Pairs____________________________________________ 28 Display Filters_____________________________________________________ 29 TOPIC 7: Secure Sockets Layer __________________________________________ 30 How a Secure SSL Channel Is Established_______________________________ 30 Symmetric and Asymmetric Encryption ________________________________ 31 Symmetric Encryption ______________________________________________ 31 Asymmetric Encryption _____________________________________________ 32 Hash Algorithms ___________________________________________________ 33 Digital Certificates _________________________________________________ 33 Certificate Authorities_______________________________________________ 33 SSL Implementation ________________________________________________ 34 TOPIC 8: Secure Communications over Virtual Private Networks ______________ 35 Tunneling Basics ____________________________________________________ 35 VPN Definitions and Terminology _____________________________________ 35 How Tunneling Works _______________________________________________ 35 IP Addressing _____________________________________________________ 36 Copyright 2003 by Syngress Publishing, All rights reserved 2 How to Cheat at Securing Windows 2000 TCP/IP Security Issues Pertaining to VPNs _____________________________________ 36 Encapsulation _____________________________________________________ 36 User Authentication ________________________________________________ 36 Data Security _______________________________________________________ 36 Windows 2000 Security Options _______________________________________ 37 Common VPN Implementations _______________________________________ 38 Remote User Access Over the Internet __________________________________ 38 Connecting Networks Over the Internet_________________________________ 38 Sharing a Remote Access VPN Connection ______________________________ 38 Using a Router-to-Router Connection __________________________________ 39 Tunneling Protocols and the Basic Tunneling Requirements ____________ 39 Windows 2000 Tunneling Protocols ____________________________________ 39 Point to Point Tunneling Protocol (PPTP) _______________________________ 39 Layer 2 Tunneling Protocol (L2TP) ____________________________________ 39 Using PPTP with Windows 2000 ______________________________________ 39 How to Configure a PPTP Device _____________________________________ 40 Using L2TP with Windows 2000 ______________________________________ 40 How to Configure L2TP _____________________________________________ 40 How L2TP Security Differs from PPTP _________________________________ 41 Interoperability with Non-Microsoft VPN Clients ________________________ 41 TOPIC 9: IPSec for Windows 2000 _______________________________________ 42 Overview of IPSec Cryptographic Services ______________________________ 42 Message Integrity __________________________________________________ 42 Hashing Messages__________________________________________________ 43 Message Authentication ______________________________________________ 43 Preshared Key Authentication ________________________________________ 43 Kerberos Authentication _____________________________________________ 44 Public Key Certificate-Based Digital Signatures __________________________ 44 Confidentiality______________________________________________________ 44 IPSec Security Services_______________________________________________ 44 Authentication Header (AH)__________________________________________ 44 Encapsulating Security Payload (ESP) __________________________________ 45 TOPIC 10: Security Associations and IPSec Key Management Procedures _______ 46 IPSec Key Management ______________________________________________ 46 Phase 1: Establishing the ISAKMP SA _________________________________ 46 Phase 2: Establishing the IPSec SA ____________________________________ 47 TOPIC 11: Deploying IPSec _____________________________________________ 48 Building Security Policies with Customized IPSec Consoles ________________ 48 Building an IPSec MMC Console _____________________________________ 48 Copyright 2003 by Syngress Publishing, All rights reserved 3 How to Cheat at Securing Windows 2000 TCP/IP Flexible Security Policies _____________________________________________ 48 Rules______________________________________________________________ 49 Filter Actions _____________________________________________________ 49 Flexible Negotiation Policies __________________________________________ 50 Filters _____________________________________________________________ 50 Creating a Security Policy ____________________________________________ 51 Making the Rule ____________________________________________________ 51 Copyright 2003 by Syngress Publishing, All rights reserved 4 How to Cheat at Securing Windows 2000 TCP/IP neophytes are often baffled when two machines cannot “see” each other, even though they are on the same physical wire. The point they should remember is that the combination of IP address and subnet mask can segregate the physical network into logically separate networks. Multiple routes can be configured between networks, providing TCP/IP with a measure of fault tolerance. Computers can act as routers if they are running software to perform that function. Routers are, in fact, computers designed for the specific purpose of routing network traffic. Windows NT and Windows 2000 Server can also perform the functions of routers with the Routing and Remote Access Service. Copyright 2003 by Syngress Publishing, All rights reserved 6 . How to Cheat at Securing Windows 2000 TCP/IP How to Cheat at Securing Windows 2000 TCP/IP Copyright 2003 by Syngress Publishing, all rights reserved How to Cheat at Being a Windows 2000. ____________________________________________________________ 16 Nslookup __________________________________________________________ 17 Copyright 2003 by Syngress Publishing, All rights reserved 1 How to Cheat at Securing Windows 2000 TCP/IP Ping_______________________________________________________________. IGMP____________________________________________________________ 11 TCP/IP Applications_________________________________________________ 11 TOPIC 4: Windows 2000 TCP/IP Stack Enhancements _____________________ 13 NetBT and WINS ___________________________________________________