Smith Nguyen Studio.

Ipsec
Gi i thi u Ipsec BT-1: S d ng Ipsec th c hi n y/c sau - C m xp ni chuy n v i my File nh l nh Gpedit.msc trn my xp Sau

Next:

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Next:

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Kick Add

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Ket qua

Smith Nguyen Ebooks.

Smith Nguyen Studio.

nh ngha b l c F1: ME DC (10.0.0.9) F2:ME File(10.0.0.7) Sang tab

Smith Nguyen Ebooks.

Smith Nguyen Studio.

B d u tick Use Add Wizard

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Sau sang tab c nh t tn Block

Smith Nguyen Ebooks.

Smith Nguyen Studio.

nh ngha cc tc ng b l c A1: Permit ( cho php) A2:Block(Ko cho php) - nh ngha Ipsec

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

(Cho phep may Xp noi chuyen voi DC ) OK

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

( Cam may XP noi chuyen voi may File) = Ipsec = Filters + actions Ipsec = F1+ Permit ( F1 :Me DC(10.0.0.9) F2+Block(F2:Me File 10.0.0.7)

Thuc thi Ipsec tren may XP Right click ipsec Assing Chu y Ipsec = Filters + Actions - Filters : IP_Add, subnet , Protocols - Actions : permit ( cho phep ) , block ( cam ) , Encrypt ( ma hoa ) Note : Truoc khi y/c may thuc thi ipsec thi phai turn-on dich vu ipsec CMD services.msc ipsecurity (started)

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Bi T p : Domain Computer # Worgroup computer ( c m my trong mi n ni chuy n v i my ngoi mi n ) Step 1: nh ngha cc b l c ( filters) Th c hi n t my DC (Default Domain controller Policy)

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Chng ta c n th c hi n 2 b l c F1:PCs DC (10.0.0.9)

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Ok B l c F2 Subnet <10.0.0.0/8>

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Step 2: nh ngha Actions - A1 : Permit ( v c s n ln khng c n nh ngha) - A2: Encrypt (m ha)

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Ok ok Step 3 : Xy d ng Ipsec <Ipsec = filter + action > ipsec b o v domain

= F1 + permit = F2 + mahoa

Step 4: tao GPO de y/c cac may trong domain thuc thi ipsec - tao 1 OU_PCs , sau do chuyen toan bo computer vao do - tao va ket noi GPO den ou_pcs

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Smith Nguyen Ebooks.

Smith Nguyen Studio.

Chuot phai chon Assiag Step 5: Kiem tra Xp1 , File: Gpupdate /force /target:computer Gpresult /scope:computer - Domain ( may trong mien) XP1, FILE ping DC (10.0.0.9 ) duoc nhung ko ma hoa Xp1 ping FILE ( ok , mahoa) Workgroup : XP2 ping DC ( 10.0.0.9) ( ok , ko ma hoa) Xp2 ping File , Xp1 ( not ok ) Note: tat ca cacs PC phai duoc bat Ipsec ( Secvice.msc )

Smith Nguyen Ebooks.