Securing Data Transmission and
Authentication
Task 1:
Configure the Windows Firewall to allow ping.
a. Log onto SEA-SVR1 with administration privileges.
b. Click Start-Administrative Tools-Windows Firewall with
Advanced Security.
c. Click Inbound Rules. Right-click Inbound Rules, and
click New Rule.
d. In the Rule Type screen select Custom. Click Next.
e. In the Program screen select All programs. Click Next.
f. In the Protocol and Ports screen in the drop-down box,
click ACMPv4. Click Next.
g. Accept default. Click Next.
h. Click Next.
i. Click Next.
j. In the Name Screen type Lab 9 Allow Ping. Click Finish.
k. Log on SEA-SVR2 with Administration privileges.
Click Start-Control Panel-and double-click Windows
Firewall.
l. In the upper left corner click Turn Windows Firewall on or
off.
m. Select Off.
Click OK
Log off
SEA-SVR2.
Task 2:
Configure IPSec Filters Actions on SEA-SVR1
a. Click Start, type gpedit.msc, and press Enter. Drill
down to Computer Configuration-Windows SettingsSecurity Settings-IP Security Policies on Local
Computer.
b. Right-click IP Security Policies on Local Computer,
and click Manage IP filter lists and filter actions.
e. Click Add on the Manage IP filter lists in the Filter
Action screen.
f. Type Lab 9 IP Filter List into the Name text
box. Click Add.
g. Click Next.
h. Type Filter traffic to and from the SEA-SVR2 computer.
Click Next.
i. In the drop-down box select A specific IP Address or
Subnet.
j. Type 10.10.0.12 into the IP Address or subnet
text box. Click Next.
k. Select My IP Address. Click Next.
l. Accept default which is Any and Click Next.
m. Click Finish.
n. Click OK.
Task 3.
Configure IPSec block and allow actions.
a. Click the Manage Filter Actions tab. Click Add.
b. Click Next.
c. Type Block-Traffic and click Next.
d. Select Block and click Next.
e. Click Finish.
f. Click the Manage Filter Actions Tab. Click Add. Click
Next.
g. Type Permit-Traffic in the box. Click Next.
h. Select Permit. Click Next. Click Finish. Click Close.
Task 4:
Create and Assign an IPSec policy.
a. Right-click IP Security Policies on Local Computer. Click
Create IP Security Policy. Click Next.
b. Type Lab 9 IPSec Policy into the text box in IP Security
Policy Name screen. Click Next twice.
c. Ensure that the Edit Properties checkbox is selected, click
Finish.
d. Select General tab when Lab 9 IPSec Policy Properties
screen appears to view how often the local
computer will check for policy updates. Select Rules Tab.
Click Add and click Next.
e. Tunnel Endpoint screen, click Next.
f. In the Network Type screen. Click Next.
g. Select Lab 9 IP Filter List ( You created earlier). Click Next
h. Select Block-Traffic IP Filter Action (you created earlier).
Click Next.
i. Click Finish. Click OK.
Task 5:
Confirm the functionality of the IPSec Policy.
a, Log on SEA-SVR2 with Admin. privileges, Open
Command Prompt and type ping 10.10.0.11 press
Enter.
b. On SEA-SVR1 Right-click Lab 9 IPSec Policy. Click
Assign. Underneath Policy Assigned will be Yes.
c. On SEA-SVR2 open Command Prompt and type ping
10.10.0.11 press Enter.
d. On SEA-SVR1 Right-click Lab 9 IPSec Policy and click
Un-assign.
e. On SEA-SVR2 for the third time ping SEA-SVR1 from
Command Prompt.
f. Close all windows and Log-off SEA-SVR1 & SEA-SVR2.
Review: Below are the 3 ping attempts to SEA-SVR1. The middle
attempt did not work because the Policy you configured was
on and working correctly.
Task 6:
Managing IPSec Authentication and Encryption Settings
a. Log onto SEA-SVR1 & SEA-SVR2 with Administrative
privileges.
b. On SEA-SVR1, Click Start, type qpedit.msc, and press
Enter.
c. Drill down to Computer Configuration-Windows
Settings-Security Settings-IP Security Policies on Local
Computer. Right-click IP Security Policies on Local
Computer, click Manage IP filter lists and filter actions.
d. Click Manage Filter Actions, click Add, and click Next.
e. Type Secure-Traffic in the name text box. Click Next.
f. Ensure Negotiate security is selected. Click Next.
g. Ensure Do not allow unsecured communication is
selected and click Next.
h. Accept the default and click Next.
i. Click Finish. Click Close.
Task 7:
Modify an IPSec Rule
On SEA-SVR1
a. Right-click Lab 9 IPSec Policy. Click Properties.
b. Click Edit. Select the Filter Action tab.
c. Click Secure-Traffic. Click OK twice.
d. Right-click Lab 9 IPSec Policy. Click Assign.
On SEA-SVR2
e. Open Command Prompt, type ping 10.10.0.11 and
press Enter.
Task 8:
Configure a pre-shared key authentication method.
a. On SEA-SVR1 right-click Lab 9 IPSec Policy, click Properties,
and click Edit.
b. Select the Authentication Methods tab. Click Add.
c. Select Use the string (preshared key). Type Lab 9 in the
text box and click OK.
d. Click Move up so the new authentication method appears
first in the list.
e. Highlight Kerberos. Click Remove. When prompted click
Yes. Click OK twice to save change s.
f. Ensure that the Lab9 IPSec Policy has a value of Yes in the
Policy Assigned column.
Task 9:
Configure a matching IPSec policy on SEA-SVR2
a. If the Local Group Policy Editor window is not already
open click Start, type gpedit.msc, and press Enter.
b. Drill down to Computer Configuration-Windows
Settings-Security Settings-IP Security Policies on Local
Computer. Right-click IP Security Policies on Local
Computer, click Create IP Security Policy, and click Next.
c. Type Lab 9 IPSec Policy in the name text box. Click Next
twice and click Finish.
d. Click Add. Click Next three times.
e. Click Add. Type Lab 9 Filter List in the text box, click Add.
f. Click Next five times, click Finish, and click OK.
g. Select Lab 9 IP Filter List and click Next on the IP Filter List
screen.
h. In Filter Action screen click Add and click Next.
i. Type Secure-Traffic in the name text box. Click Next four
times. Click Finish.
j. In the Filter Action screen select Secure-Traffic. Click Next.
k. In the Authentication Method screen click Use this string to
protect the key exchange (preshared key). Type Lab9.
l. Click Next, click Finish, and click OK.
m.Right-click Lab 9 IPSec Policy and click Assign.
n. Open Command Prompt and type ping 10.10.0.11 and
press Enter.
o. On SEA-SVR1 open Command Prompt and type ping
SEA-SVR2.
Securing Data Transmission and
Authentication
Task 1:
Configuring the Windows Firewall
a. Log onto SEA-DC1, SEA-SVR1, SEA-SVR2, and SEASVRCORE with Administrative privileges.
b. Research IP Addresses using ipconfig at Command
Prompt on each terminal.
SEA-DC1: 10.10.0.10
SEA-SVR1: 10.10.0.11
SEA-SVR2: 10.10.0.12
SEA-SVRCORE: 10.10.0.13
c. On SEA-SVR1 click Start-Control Panel. Double-click
Windows Firewall.
d. Click Change settings. Click the Advanced Tab, Click
Restore Defaults, When prompted, click Yes. Click OK.
e. Open Command Prompt. Type ping 10.10.0.12. Results.
f. On SEA-SVR2 repeat steps c an d. Open Command
Prompt on SEA-SVR2 and type ping 10.10.0.11.Results.
g. On SEA-SVR1 click Start, type in \\SEA-SVR2\c$, press
Enter. Results.
h. On SEA-SVR2 click Start, type in \\SEA-SVR1\c$, press
Enter. Results.
Task 2:
Create test file shares.
a. On SEA-SVR1 click Start-Computer. Double-click
Local Disk (C:) to open. Click File-New- New Folder
and type Lab9 to name it and press Enter.
b. Click Share and type in EVERYONE, click Add. Grant
EVERYONE Reader rights to the share.
c. When prompted click No to configure a private
network. Click Done.
.
d. On SEA-SVR2 click Start-Computer. Double-click
Local Disk (C:) to open. Click File-New- New Folder
and type Lab9 to name it and press Enter.
e. Click Share and type in EVERYONE, click Add. Grant
EVERYONE Reader rights to the share. Click Share.
f. Click Network Discovery that is flashing on the lower
tool bar. When prompted click No to configure a
private network. Click Done
Task 3:
Test Windows Server 2008 network locations.
a. On SEA-SVR1 click Start, type \\SEA-SVR2\Lab9 and
press Enter. Results.
b. On SEA-SVR2 click Start, type \\SEA-SVR1\Lab9 and
press Enter. Results.
c. Try to ping SEA-SVR2 from SEA-SVR1 Command Prompt
and visa-versa. The results are yes you can.
d. On SEA-SVR1 click Start-Control Panel. Double-click
Network and Sharing Center. Click Customize.
e. In the Location type, click Public. Click Next and click
Close.
f. On SEA-SVR2 click Start-Control Panel. Double-click
Network and Sharing Center. Click Customize.
g. In the Location type, click Public. Click Next and click
Close.
h. Try to ping SEA-SVR2 from SEA-SVR1 Command
Prompt and visa-versa. The results are no you cannot.
i. On SEA-SVR1 click Start, type \\SEA-SVR2\Lab9 and
press Enter. Results.
j. On SEA-SVR2 click Start, type \\SEA-SVR1\Lab9 and
press Enter. Results.
Task 4:
Create a Windows Firewall exception.
a. On SEA-SVR1 and SEA-SVR2, click Start-Control Panel.
Double-click Windows Firewall, click Change settings.
b. Select the Exceptions tab. Place a checkmark next to
File and Printer Sharing. Click OK.
c. On SEA-SVR1 click Start, type \\SEA-SVR2\Lab9 and
press Enter. Results. Yes it will open.
d. On SEA-SVR2 click Start, type \\SEA-SVR1\Lab9 and
press Enter. Results. Yes it will open
Task 5:
Configure a connection security rule.
a. On SEA-SVR1 and SEA-SVR2 click Start-Administrative
Tools-Windows Firewall with Advanced Security.
b. Click Connection Security Rules, right-click
Connection Security Rules, and click New Rule.
c. Ensure the Isolation is selected. Click Next.
d. Select Require authentication for inbound and
outbound connections. Click Next.
e. The Authentication Method screen appears. Select
Advanced. Click Customize.
f. Click Add in the Customize Advanced Authentication
Methods screen.
g. Click the Preshared key (not recommended). Type
Lab9 in the text box. Click OK twice. Click Next twice.
h. Type Lab 9 Connection Security Rule in the Name text
box of the Name screen. Click Finish.
i. From SEA-SVR2, ping 10.10.0.11. Yes it worked.
j. From SEA-SVR1, ping 10.10.0.12. Yes it worked.
Task 6:
Simulate an unauthenticated connection from the SEASVR2 computer.
a. On SEA-SVR2 click Start-Administrative Tools- Windows
Firewall with Advanced Security.
b. Click Connection Security Rules. Right-click Lab 9
Connection Security Rule in the middle pane. Click
Properties.
c. Click the Authentication tab. In the Method section, click
Customize.
d, In the Customize Advanced Authentication Method
screen select the Preshared key method that you
configured earlier, click Edit.
e. Delete the Lab9 text and type BadAuthentication. Click
OK three times.
f. Open Command Prompt and type ping 10.10.0.11 and
press Enter. Results. Did not work.
g. On SEA-SVR2 click Start-Administrative Tools- Windows
Firewall with Advanced Security.
h. Click Connection Security Rules. Right-click Lab 9
Connection Security Rule in the right-hand pane. Click
Properties.
i. Click the Authentication tab. In the Method section,
click Customize.
j, In the Customize Advanced Authentication Method
screen select the Preshared key method that you
configured earlier, click Edit.
k. Delete the BadAuthentication text and type Lab9. Click
OK three times.
l. Open Command Prompt and type ping 10.10.0.11 and
press Enter. Results.
Task 7:
Monitor the Windows Firewall
a. On SEA-SVR1click Start-Administrative Tools-Windows
Firewall with Advanced Security.
b. Expand Monitoring-Security Associations-Main Mode.
Results.
Configuring the Windows Firewall on Server Core
Task 1:
Create a file share to test Firewall configuration
a. To change directories to the root of C:\drive, type cd\
and press Enter.
b. To create the C:\Lab9 folder, type md Lab9 and press
Enter.
c. Type net share Lab9=C:\Lab9 /GRANT:EVERYONE,
READ and then press Enter.
d. Type netsh advfirewall firewall set rule group=“File
and Printer Sharing” new enable=No
e. Type shutdown /l and press Enter.
f. On SEA-SVR1 from Command Prompt type ping
10.10.0.13 and press Enter.
g. Click Start, type \\SEA-SVRCORE\Lab9 and press Enter.
Was unable to access.
Task 2:
Enable exceptions in the Windows Firewall.
a. Log on SEA-SVRCORE with Administrative privileges.
b. Type netsh advfirewall firewall set rule group=“File
and Printer Sharing” new enable=Yes and press
Enter.
c. Type Shutdown /l and press Enter.
d. On SEA-SVR1 from Command Prompt type ping
10.10.0.13 and press Enter.
e. Click Start, type \\SEA-SVRCORE\Lab9 and press
Enter. I was unable to access the Lab9 file.