+ Post New Thread
Results 1 to 6 of 6
Wireless Networks Thread, IPSec in Technical; I was reading some whitepapers the other day of Microsoft’s web site about IPSec and wondered if it would be ...
  1. #1
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    358
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    24

    IPSec

    I was reading some whitepapers the other day of Microsoft’s web site about IPSec and wondered if it would be a good way to stop LAN side attacks / unwanted student laptops gaining access to vulnerable services by just jacking in to a RJ45 point. Now we haven’t had any issues yet but I don’t want it to happen on my watch so to say, and just wondered if anyone had implemented this before, what the pitfalls are.
    For ref we have 5 W2k3 servers all R2 and all clients are XP or W2K. Oh yeah and a couple of HP PDAs running Windows Mobile 2003

  2. #2
    meastaugh1's Avatar
    Join Date
    Jul 2006
    Location
    London/Hertfordshire
    Posts
    890
    Thank Post
    69
    Thanked 85 Times in 70 Posts
    Rep Power
    32

    Re: IPSec

    I looked at this before, but it seems that Microsoft's implementation of IPSec doesn't seem to support DC-DC or DC-Client communication.

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    Re: IPSec

    By definition IPsec works at layer3. In addition to this, security on the switches should be enabled - each port associated with a MAC address would prevent unknown laptops from connecting to the network.

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,807
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: IPSec

    Have a look at 802.1X authentication if you want to prevent people connecting random devices to your LAN. It works the same way as WPA with wireless access points using Radius (IAS in windows speak). Your switches need to support radius authentication however.

  5. #5

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    740
    Thank Post
    17
    Thanked 106 Times in 66 Posts
    Rep Power
    37

    Re: IPSec

    Hi,

    I agree with Geoff, 802.1x is ideal for this and i think its developed for situations like this.

    Ashok.

  6. #6
    k-strider's Avatar
    Join Date
    Oct 2006
    Location
    Gloucester
    Posts
    358
    Thank Post
    7
    Thanked 40 Times in 30 Posts
    Rep Power
    24

    Re: IPSec

    Thanks Guys I’ll have a look at 802.1x I just upgraded my switches last summer to Netgear Layer2 Managed switches... so I hope they support it... otherwise its a non starter cause I’m not replacing them this year

SHARE:
+ Post New Thread

Similar Threads

  1. L2TP/IPSEC based VPN using ISA Server
    By Norphy in forum Wireless Networks
    Replies: 2
    Last Post: 22nd June 2007, 02:13 PM
  2. VPN showdown: IPSec vs SSL vs client-less SSL
    By ITWombat in forum Wireless Networks
    Replies: 9
    Last Post: 25th September 2006, 09:35 PM
  3. ipsec
    By browolf in forum Wireless Networks
    Replies: 6
    Last Post: 16th December 2005, 03:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •