
	Home > Security Tips > Web Security Advisor > IPsec Policy Tool: An alternative to MMC's IPsec snap-in

Security Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

WEB SECURITY ADVISOR

IPsec Policy Tool: An alternative to MMC's IPsec snap-in

Mike Chapple
10.14.2003
Rating: -4.33- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

Does your organization have a fairly complicated IPsec security policy? If you're using IPsec to secure your Internet Information Server (IIS) Web server, chances are that you do. You're probably currently using the Microsoft Management Console's (MMC) IPsec snap-in with its graphical user interface.

You might not be aware that there's an alternative to the MMC snap-in, Microsoft's IPsec Policy Tool (ipsecpol.exe). This tool allows you to modify IPsec policies from the command line using a scriptable syntax. There are several benefits to using this tool as opposed to the snap-in:

The tool's command-line interface allows you to create batch files that modify your IPsec policy. These scripts provide a method for easily backing up your policy, making frequently-used modifications and replicating policies to other machines.
The tool allows you to rapidly change IPsec policies, either on a permanent or temporary basis.
Some of us DOS junkies simply prefer command line tools to fancy interfaces!

You can download Ipsecpol.exe from the Microsoft Web site. When you run it, you'll be able to work in two different modes:

Dynamic mode allows you to make instant updates to the system's IPsec policies. These changes take effect immediately but are temporary. They are undone whenever the IPsec Policy Agent service is restarted (either manually or through a reboot). Dynamic mode is the tool's default state of operation.
Static mode makes changes in the same manner as the MMC snap-in. These changes are permanent and will be preserved even if the service is restarted. Static mode must be invoked manually by using the –w flag to ipsecpol.exe.

If you'd like more information on using ipsecpol.exe, you might want to consult this IPsec Policy Tool syntax reference.

About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Securing the Internet and E-Commerce
	What's your infosec IQ?
	Sensitive student data cracked at U. of Georgia
	Microsoft patches IE spoofing problem
	IE update clears up spoofing issue
	Countdown begins for Mydoom DDoS attacks
	Microsoft to disable spoofing syntax in IE
	IE flaw could fool users in illicit downloads
	Mydoom variant targets security features, Microsoft
	Hackers scanning for ports opened by Mydoom
	Dangerous, familiar application vulnerabilities top list

Web Security Advisor

DNS rebinding defenses still necessary, thanks to Web 2.0

New defenses for automated SQL injection attacks

PCI compliance and Web applications: Code review or firewalls?

Worst practices: Bad security incidents to avoid

Web scanning and reporting best practices

Social networking Web site threats manageable with good enterprise policy

Enterprise security in 2008: Building trust into the application development process

PCI DSS Section 6: A plan for tackling application security

Making the case for Web application vulnerability scanners

Preparing for uniform resource identifier (URI) exploits

IIS Security

Kaminsky: DNS flaw capable of attacks on many fronts

Trend Micro site compromised

What server considerations should be made when setting up an internal network's private applications?

IT discussion: Is malware the cause of a DNS server error?

Insider's guide to IIS Web server security

Microsoft July updates for critical Excel, Windows and .NET flaws

Finding and blocking Web application server attack vectors

What's the best way to verify client authentication across unrelated Web servers?

Microsoft to release DNS patch Tuesday

DNS worm strikes at Microsoft flaw

IIS Security Research

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy