Welcome to weblogs.com.pk Sign in | Join | Help

Windows :: IPSec

Windows 2000 onwards has the IPSec stack available that can be used to implement IP firewall rules. Windows 2003 is shipped with command NETSH that can be used to access these features. Here is how I recently configured a Slammer protection on one such machine.

 

C:\>netsh

netsh>ipsec

netsh ipsec>static

netsh ipsec static>add filter filterlist="SQL Discovery" srcaddr=any dstadd=me description="The mechanism SQL uses to discover TCP ports of SQL instances" protocol=udp dstport=1434

 

netsh ipsec static>add filteraction name="Block" description="Blocks Traffic" action=block

 

netsh ipsec static>add policy name="Slammer Protection" description="Policy to protect the machine from Slammer worm" assign=no

 

netsh ipsec static>add rule name="UDP 1434 Inbound" policy="Slammer Protection" filterlist="SQL Discovery" kerberos=yes filteraction="Block"

 

netsh ipsec static>bye

 

  • There can be multiple filters (each filter helps us select certain communication packet) under one filter list.
  • We can define actions, like demand security, block, allow etc
  • Above, I have not yet assigned the policy. Details are coming about how to assign it (activate it)
  • The rule needs a policy, filter list and the action we have defined. The benefit of policy is that we can dynamically (or statically) assign/un-assign them.

To assign the policy, open up “Local Security Settings”, in IP Security Policies, select the policy and assign in by right clicking it.

Published Monday, January 31, 2005 3:17 PM by khurram

Comments

# re: Windows :: IPSec

Wednesday, February 2, 2005 7:38 PM by self
What does ipsec have to do with firewalls?!

# re: Use command line to set IP address information on a client's NIC

Wednesday, April 6, 2005 10:03 AM by TrackBack

# re: Windows :: IPSec

Wednesday, April 6, 2005 10:39 AM by Masood Ahmad
Ipsec is a suit of protocols which can be used data protection either packet header or whole packet including data.
Although IPSec is nothing to do with firewall but that can be part of firewall for data protection and authentication as well.
New Comments to this post are disabled