Overview

Introduction

Welcome to the IPsec Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Manage Connection Security Rule
  • Exercise 2 - Verify Connection Security Rules

After completing this lab, you will be able to:

  • Configure IPsec on Windows devices

Exam Objectives

The following exam objectives are covered in this lab:

  • Understand network isolation - IPsec
  • Understand protocol security - IPsec

Lab Duration

It will take approximately 45 minutes to complete this lab.

Exercise 1 - Manage Connection Security Rule

Network transmission is susceptible to being monitored using an application called protocol analyzer or network sniffer. Network sniffing when done legally can be useful when testing the functionality of an application to study how it behaves under normal conditions or test a new web filter. However, intruders who perform network sniffing secretly intend to familiarize themselves with the target organization’s network and eventually attack to steal valuable information.

Internet Protocol Security or IPsec is a suite of protocols designed to protect data in transit by ensuring authentication, integrity, and encryption.

Before data is sent between two devices, IPsec authentication ensures that the identity of the devices is verified through the use certificates, authentication or passwords. IPsec signs data sent between devices to ensure that they were not modified meaning its integrity was intact while in transit. With encryption provided by IPsec, this means that the data can only be read by authorized devices in the network. Therefore, when an intruder listens to an IPsec-protected network all traffic between the hosts is protected.

Windows use connection security rules that combine IPsec and Windows Firewall with Advanced Security to simplify the rules and minimize conflicting policies and streamline the process of securing devices against unauthorized access.

In this exercise, you will learn how to configure connection security rules between Windows 10 and Windows Server 2012 R2 computer. The created connection security rule will be enforced to encrypt ICMP data frames exchanged between the two devices.

Learning Outcomes

After completing this exercise, you will be able to:

  • Configure IPsec on Windows devices

Exercise 2 - Verify Connection Security Rules

When connection security rules have been configured between two devices, you can use Security Associations to verify that the rules have been successfully applied. There are two modes available namely: Main Mode and Quick Mode.

The Main Mode indicates the successful creation of a secure channel between two computers and indicates the authentication method being used and encryption applied, while the Quick Mode indicate the establishment of a secure channel between two endpoints to protect data during transmission.

Learning Outcomes

After completing this exercise, you will be able to:

  • Configure IPsec on Windows devices

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.