How to use IPsec filtering rules to filter network traffic

Windows XP comes with its own software firewall to enable you to control what information travels between your PCs and the Internet, but you can also control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.

IPsec filtering rules are implemented by creating and assigning an IPsec policy to your computer, but first you need to create and define your filtering rules, which control which protocols, ports and IP addresses are allowed or blocked. This is done by running the IP Security and Policy Management Snap-In in a Microsoft Management Console (MMC) and selecting the local computer. You can now add, edit and remove filters by right-clicking IP Security Policies in the left pane of the MMC console and selecting Manage IP Filter Lists and Filter Actions. The next step is to configure the IPsec Policy and to assign it. In the MMC console right-click IP Security Policies on Local Computer and select Create IP Security Policy in order to give the policy a name, add the various IP Filters and Filter Actions to the new Policy, and assign it to the computer.

An IPsec policy can contain several different filter rules and actions, making it very flexible. As well as controlling access to your computer, it can be used to block access to certain sites or applications, such as chat rooms. The IPsec protocol can also be used to provide data privacy, integrity and authenticity but it can't secure all types of network traffic – see the Microsoft Knowledge Base article 253169 for further details.

When using IPsec filter rules you need to have a clear understanding of the impact that blocking specific ports will have. For example, blocking port 135 to guard against the DCOM RPC vulnerability can impact the functionality of Active Directory and Microsoft Exchange, which also use port 135. It is important therefore to test your new filters to ensure that you have accomplished your intended goals. Microsoft Service Pack 2 for XP includes a command line tool IPseccmd.exe, which can be used to manage IPsec policy and filtering rules. For more information on how to use this tool see the Microsoft Knowledge Base article 813878.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This article originally appeared on SearchSecurity.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in Security across network boundaries with Secure Mobile Architecture USB storage devices: Two ways to stop the threat to network security Network security: Using unified threat management (UTM) Network security: Empower users without endangering IT Network analysis -- Enhancing security assessments VPN security: Hiding in plain sight, using network encryption Network Security Best Practices SIEM platform secures university's open network Shifting defenses and dynamic perimeters challenge network security Securing the new network architecture How to block porn with ISA-server firewalls Why implementing adequate security challenges LAN administration Securing the new network architecture: Security for distributed, dynamic networks How to set passwords on folders in Windows 2003 servers What are the best methods for handling rogue access points? How to configure Windows Server 2008 advanced firewall MMC snap-in Governance, compliance, security: How are these network problems? Remote Access VPNs Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' Can I set up a VPN on my wireless router? VPN security: Hiding in plain sight, using network encryption SonicWall acquisition could hurt Aventail users Does IPv6 support encryption in the IP stack? What equipment do I use to connect two LANs in different cities? What are the steps? Are there any architectures of IPsec VPN apart from lookaside and flow-through? NAC -- Strengthening your SSL VPN WAN optimization and acceleration appliances tackle SSL traffic Remote access keeps physicians connected Remote Access VPNs Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com) HELLO packet  (SearchNetworking.com) packet filtering  (SearchNetworking.com) rule base  (SearchNetworking.com) stateful inspection  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.