Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Trong khung bên phải, kích chuột phải vào Server (Request Security) và chọn Properties. 2. Trong hộp thoại Chính sách, chọn quy tắc IPSec và nhấp vào Chỉnh sửa . 3. Chọn tab Authentication. 4. Nhấp vào Chỉnh sửa . 5. Chọn Sử dụng chuỗi này (khóa chia sẻ trước) và nhập cùng một cụm từ mật khẩu mà bạn đã định nghĩa ở bước 5 của chính sách khách hàng, | 188 Part IV Windows Security Tools Figure 12-2. Configuring preshared key authentication 1. In the right-hand pane right-click Server Request Security and select Properties. 2. In the Policy Properties dialog box select the Dynamic IPSec rule and click Edit. 3. Select the Authentication tab. 4. Click Edit. 5. Select Use this string preshared key and enter the same passphrase you defined in Step 5 of the client policy as shown in Figure 12-2. 6. Repeat Steps 2-5 for the All IP Traffic IPSec rule. When you re done the Policy Properties should appear. 7. Click OK then click Close to exit the policy editor. 8. Back in the Local Security Settings console right-click Server Request Security then select Assign. That s it. Check the clock about five minutes Verify the connectivity by making a connection from the client to the server to ensure that Chapter 12 IP Security Policies 189 everything works as expected if not you can flip ahead to the Troubleshooting Notes section at the end of this chapter . Now the cynic in you is probably asking how you can tell if it s truly encrypted. Remember way back in Chapter 4 when we talked about sniffers The packet capture library we discussed WinPCap captures packets at a low enough level that we can see the effect of our IPSec policies. First let s see the first few packets of a telnet connection when the Server Request Security policy is unassigned no IPSec C Snort bin snort -v -q host 192.168.100.105 04 30-22 31 22.180670 192.168.100.4 4835 - 192.168.100.105 23 TCP TTL 128 TOS 0x0 ID 14103 IpLen 20 DgmLen 48 DF S Seq 0x9B07971C Ack 0x0 Win 0xFAF0 TcpLen 28 TCP Options 4 MSS 1460 NOP NOP SackOK 04 30-22 31 22.181113 192.168.100.105 23 - 192.168.100.4 4835 TCP TTL 128 TOS 0x0 ID 1389 IpLen 20 DgmLen 48 DF A S Seq 0x64814865 Ack 0x9B07971D Win 0x4470 TcpLen 28 TCP Options 4 MSS 1460 NOP NOP SackOK 04 30-22 31 22.181143 192.168.100.4 4835 - 192.168.100.105 23 TCP TTL 128 TOS 0x0 ID 14104 IpLen 20 DgmLen 40 DF A Seq 0x9B07971D Ack .
