7.10. Hands-On Labs

The labs in this chapter are as follows:

Lab 7.1: Hash Rules in Windows Server 2003

Lab 7.2: SSL Settings in Windows Server 2003

Lab 7.3: Encrypting a File System in Linux

Lab 7.4: Look for Errors in IPSec Performance Statistics

7.10.1. Lab 7.1: Hash Rules in Windows Server 2003

This lab requires a test machine (nonproduction) running Windows Server 2003.

NOTE

On a generic 2003 Server with Active Directory, you must access the local security policy slightly differently. Launch an MMC, then choose to add the GPO Editor, and select Local Computer. Everything else will then work the same.

To create a new hash rule, follow these steps:

  1. Choose Start Administrative Tools Local Security Policy.

  2. Expand Software Restriction Policies.

  3. Right-click Additional Rules and choose New Hash Rule from the context menu.

  4. Click the Browse button and choose the file hisecws.inf from the Templates folder (this is under WinntSecurityTemplates).

  5. Notice the file hash that appears and the file information. Click OK.

  6. Notice that the new hash rule is added to the right pane along with the default path rules that appear there.

7.10.2. Lab 7.2: SSL Settings in Windows Server 2003

This lab requires a test machine (nonproduction) running Windows Server 2003. To configure the SSL port setting, follow these steps:

  1. Open the Internet Information Services Manager by choosing Start Administrative Tools Internet Information Services (IIS) Manager.

  2. Expand the left pane entries until your website becomes an option. Right-click the website and choose Properties from the context menu.

  3. Select the Web Site tab. Check whether the port number for SSL is filled in. If it isn't, enter a number here.

  4. Click OK and exit the Internet Information Services Manager.

Notice that the SSL port field is blank by default, and any port number can be entered here—this differs from the way some previous versions of IIS worked. The default SSL port is 443; if you enter a number other than that in this field, then clients must know and request that port in advance in order to connect.

7.10.3. Lab 7.3: Encrypting a File System in Linux

This lab requires access to a server running SuSE Linux Enterprise Server 9. To encrypt a filesystem, follow these steps:

  1. Log in as root and start YaST.

  2. Choose System, then Partitioner.

  3. Answer Yes to the prompt that appears. Select a filesystem and click Edit.

  4. Select the Encrypt File System check box and click OK.

7.10.4. Lab 7.4: Look for Errors in IPSec Performance Statistics

This lab requires access to a server running Windows Server 2003. To configure IPSec monitoring, follow these steps:

  1. Open the System Monitor by choosing Start Administrative Tools Performance System Monitor.

  2. Click the + icon to add counters.

  3. For an object, select IPSec v4 IKE.

  4. Choose each counter that appears in the list, and click the Explain button to learn what it is able to show you.

  5. Add the following counters: Total Authentication Failures and Total Negotiation Failures.

  6. Click Close.

You're now monitoring the failures as they occur. On a properly functioning system, this graph should show no activity. Any activity that appears is indicative of problems since IPSec was last started and should be carefully examined.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.12.146.87