|
Posted by Steven L Umbach on August 31, 2006, 11:56 pm
Please log in for more thread options I also forgot to add that creating ipsec filters can be problematic. You can
not for instance specify port ranges or IP ranges in a single filter entry..
Steve
> Ipsec was primarily designed to secure network traffic via encryption and
> insure integrity. It can certainly be used only with filter actions for
> block and allow to use as a basic non stateful firewall which means that
> the response ports also need to be defined usually via mirroring a filter
> entry. So it really can not be like hardware firewall / iptables on linux
> because it is not stateful meaning it can not recognize an established
> session. Ipsec also has very limited logging abilities. Having said that
> it is a lot better than no firewall if for some reason there are no other
> options and part of ipsec strength is that it is free, built into the OS,
> uses limited resources, and can be configured via Group Policy. Also by
> default ipsec has some standard exemptions that can be managed via the
> registry and they vary depending on the operating system. The links below
> may be helpful.
>
> Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;811832
> http://www.securityfocus.com/infocus/1559 -- example of creating an
> ipsec filtering policy
>
>
>> Can we use IPsec filter as Windows firewall to block the untrust access
>> as
>> similar as hardware firewall / iptables on linux??
>>
>> Thanks.
>>
>>
>
>
| 
XML Sitemap