This Configure IPsec IT Pro Challenge helps learners to secure LAN traffic using IPsec. It shows the learner how to capture and analyze ping traffic, use Group Policy Manager to configure IPsec, and verify that security is applied by sending another ping request and viewing the encrypted response in the packet capture.
This Configure IPsec IT Pro Challenge shows learners how to use machine IPs to ping Internet Control Message Protocol (ICMP) from client to administrator. After taking this lab, you will have an understanding of how to use the captured Encapsulating Security Payload (ESP) (one of the three main IPsec protocols) traffic to encrypt packet contents. By working with the ESP and IPSec, you will learn that ESP encrypts captured packets. As a result, ping traffic is not visible inside the captured packets.
The ability to use ping, Group Policy Manager, and examine network traffic in the packet capture (in Wireshark) is essential to the career of a system administrator.
For this virtual lab, the scenario is that your company uses servers running Microsoft Windows Server 2016. As the system administrator, your task is to encrypt all network traffic using Internet Protocol Security (IPSec). To accomplish this task, you will use the Wireshark network protocol to capture ping traffic between two Windows hosts, configure IPSec for the hosts, and then capture ping traffic again so that you can see how the traffic is now encrypted because of IPsec.
For this hands-on lab, you will use a virtual machine running Windows Server 2016, which is configured as a domain controller for an Active Directory domain. You will then use a second virtual machine that is joined to the Active Directory domain and is running Microsoft Windows 10. As part of the lab, you will connect these two virtual machines.
By going through this lab, the learner will understand how to ping packets to a machine IP and capture them using Wireshark. The learner will then see how the capture packets can be used to analyze the components of the packet. They will see how ICMP traffic can be filtered and how to review the results of the echo requests. Additionally, you will gain an understanding of Group Policy, and good usage of the Kerberos default authentication mechanism.
Capture and analyze ping traffic
The purpose of the first step of this virtual lab is for the learner to understand how to capture ping traffic between two Windows hosts (referred to as Host1 and Host2) and then analyze that traffic. It’s also important to understand when and why a ping echo request returns responses.
In this case, Host1 is pinging Host2. Because you haven’t yet set IP security, the target is visible, so the ping request returns four responses (ping sends four echo requests by default), and you can see this in the packet capture in Wireshark.
Configure IPsec in Group Policy
Next, you will learn how to use Group Policy Manager to configure IPsec for Internet Control Message Protocol (ICMP), which is often used by routers. It is an error-reporting protocol (not a transport protocol) that is useful to system administrators for troubleshooting internet connections.
Once the learner enables security and refreshes the Group Policy on both Host2 and Host1, the target (Host2) is no longer visible to Host1.
Capture and view ping traffic after enabling IPsec
In the final step of this virtual lab, the learner is basically repeating the same process as in the first step as a proof of concept by having Host1 ping Host2. Now that the learner has enabled IPsec, Host1 should no longer be able to see Host2. Learners can verify this by looking at the Encapsulating Security Payload (ESP) in the Wireshark packet capture and noting that the traffic is encrypted.
By taking this virtual lab, you will learn how to do the following:
- Capture and analyze standard network ping traffic
- Assign a security policy in Group Policy Manager
- Refresh Group Policy
- Capture ping network traffic and see that it was encrypted by using ESP
You will learn how to use the ping command and how to use and analyze the captured ESP traffic to encrypt packets. By working with ESP and IPsec, you will see how ping traffic can’t be seen in capture packets when it’s encrypted.