How to use IPsec filtering rules to filter network traffic

Windows XP comes with its own software firewall to enable you to control what information travels between your PCs and the Internet, but you can also control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.

IPsec filtering rules are implemented by creating and assigning an IPsec policy to your computer, but first you need to create and define your filtering rules, which control which protocols, ports and IP addresses are allowed or blocked. This is done by running the IP Security and Policy Management Snap-In in a Microsoft Management Console (MMC) and selecting the local computer. You can now add, edit and remove filters by right-clicking IP Security Policies in the left pane of the MMC console and selecting Manage IP Filter Lists and Filter Actions. The next step is to configure the IPsec Policy and to assign it. In the MMC console right-click IP Security Policies on Local Computer and select Create IP Security Policy in order to give the policy a name, add the various IP Filters and Filter Actions to the new Policy, and assign it to the computer.

An IPsec policy can contain several different filter rules and actions, making it very flexible. As well as controlling access to your computer, it can be used to block access to certain sites or applications, such as chat rooms. The IPsec protocol can also be used to provide data privacy, integrity and authenticity but it can't secure all types of network traffic – see the Microsoft Knowledge Base article 253169 for further details.

When using IPsec filter rules you need to have a clear understanding of the impact that blocking specific ports will have. For example, blocking port 135 to guard against the DCOM RPC vulnerability can impact the functionality of Active Directory and Microsoft Exchange, which also use port 135. It is important therefore to test your new filters to ensure that you have accomplished your intended goals. Microsoft Service Pack 2 for XP includes a command line tool IPseccmd.exe, which can be used to manage IPsec policy and filtering rules. For more information on how to use this tool see the Microsoft Knowledge Base article 813878.

About the author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

This article originally appeared on SearchSecurity.com.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Application-specific network intrusion detection systems emerge Anomaly-based intrusion protection configuration and installation Preventing hacker attacks with network behavior analysis IPS Rogue access points: Preventing, detecting and handling best practices The TPM chip: An unexploited resource for network security Shifting defenses and dynamic perimeters challenge network security Compliance in a virtualized world: Server virtualization and NAC security Securing the new network architecture: Security for distributed, dynamic networks How to configure Windows Server 2008 advanced firewall MMC snap-in USB storage devices: Two ways to stop the threat to network security Network Security Best Practices and Products 3Com acquisition confirms HP-Cisco battle for China Enterprises demand next-generation firewalls with IPS, app visibility Preventing hacker attacks with network behavior analysis IPS Is there a way to trace my stolen laptop computer? Integrating NAC with network security tools Should organizations separate technical from administrative security? What network equipment is needed to secure a small business LAN? Ethical hacking and countermeasures: Network penetration testing intro Are you on a domain name system (DNS) blacklist database? Rogue access points: Preventing, detecting and handling best practices RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anti-replay protocol  (SearchNetworking.com) dynamic packet filter  (SearchNetworking.com) HELLO packet  (SearchNetworking.com) packet filtering  (SearchNetworking.com) rule base  (SearchNetworking.com) stateful inspection  (SearchNetworking.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.