Re: IPSec Filter

---

• From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Thu, 31 Aug 2006 22:56:38 -0500

---

I also forgot to add that creating ipsec filters can be problematic. You can
not for instance specify port ranges or IP ranges in a single filter entry..

Steve


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%2382TLoXzGHA.4220@xxxxxxxxxxxxxxxxxxxxxxx

Ipsec was primarily designed to secure network traffic via encryption and
insure integrity. It can certainly be used only with filter actions for
block and allow to use as a basic non stateful firewall which means that
the response ports also need to be defined usually via mirroring a filter
entry. So it really can not be like hardware firewall / iptables on linux
because it is not stateful meaning it can not recognize an established
session. Ipsec also has very limited logging abilities. Having said that
it is a lot better than no firewall if for some reason there are no other
options and part of ipsec strength is that it is free, built into the OS,
uses limited resources, and can be configured via Group Policy. Also by
default ipsec has some standard exemptions that can be managed via the
registry and they vary depending on the operating system. The links below
may be helpful.

Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;811832
http://www.securityfocus.com/infocus/1559 -- example of creating an
ipsec filtering policy


"beachboy" <jpsteambun@xxxxxxxxxxxx> wrote in message
news:OQUI1ZXzGHA.4844@xxxxxxxxxxxxxxxxxxxxxxx

Can we use IPsec filter as Windows firewall to block the untrust access
as
similar as hardware firewall / iptables on linux??

Thanks.

.

---

• References:
  • IPSec Filter
    • From: beachboy
  • Re: IPSec Filter
    • From: Steven L Umbach

• Prev by Date: Re: Multiple 538 and 540 ID's in 2003 server Security Events Log?
• Next by Date: recover encrypted file in windows XP after change password
• Previous by thread: Re: IPSec Filter
• Next by thread: recover encrypted file in windows XP after change password
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: IPSec Filter ... response ports also need to be defined usually via mirroring a filter entry. ... So it really can not be like hardware firewall / iptables on linux because ... Ipsec also has very limited logging abilities. ... and can be configured via Group Policy. ... (microsoft.public.windows.server.security) Re: Problem with IPSEC ... It is not unusual not to be able to access a website by entering the IP ... troubleshooting ipsec rules. ... protocol:TCP, and filter action permit. ... I have tried other web sites too and couldn't connect with the IPSEC ... (microsoft.public.windows.server.security) Re: Problem with IPSEC ... Group Policy of course makes it easy to deploy ipsec to domain ... Consequently it cannot filter the external traffic. ... rules like this work on an internal subnet. ... addresses or even a subnet on the internet it doesn't work. ... (microsoft.public.windows.server.security) Re: Problem with IPSEC ... I have not used that many filter lists for subnets in an ipsec rule to see ... rules like this work on an internal subnet. ... addresses or even a subnet on the internet it doesn't work. ... (microsoft.public.windows.server.security) Re: IPSEC not blocking specific IP address per Ethereal ... > However, when I try to block a specific IP address by using IPSEC, the ... I have added a very specific filter ... > against those IPs but ethereal still shows their packets getting in past ... I am blocking specific ports rather than ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2006-09