How to use IPsec filtering rules to filter network traffic

Windows XP comes with its own software firewall to enable you to control what information travels between your PCs and the Internet, but you can also control what enters and exits your PCs by using IPsec filtering rules to filter particular protocol and port combinations for both inbound and outbound network traffic.

IPsec filtering rules are implemented by creating and assigning an IPsec policy to your computer, but first you need to create and define your filtering rules, which control which protocols, ports and IP addresses are allowed or blocked. This is done by running the IP Security and Policy Management Snap-In in a Microsoft Management Console (MMC) and selecting the local computer. You can now add, edit and remove filters by right-clicking IP Security Policies in the left pane of the MMC console and selecting Manage IP Filter Lists and Filter Actions. The next step is to configure the IPsec Policy and to assign it. In the MMC console right-click IP Security Policies on Local Computer and select Create IP Security Policy in order to give the policy a name, add the various IP Filters and Filter Actions to the new Policy, and assign it to the computer.

An IPsec policy can contain several different filter rules and actions, making it very flexible. As well as controlling access to your computer, it can be used to block access to certain sites or applications, such as chat rooms. The IPsec protocol can also be used to provide data privacy, integrity and authenticity but it can't secure all types of network traffic – see the Microsoft Knowledge Base article 253169 for further details.

More information Submit your IPsec filtering questions to Michael Cobb via our Ask the Experts feature.

When using IPsec filter rules you need to have a clear understanding of the impact that blocking specific ports will have. For example, blocking port 135 to guard against the DCOM RPC vulnerability can impact the functionality of Active Directory and Microsoft Exchange, which also use port 135. It is important therefore to test your new filters to ensure that you have accomplished your intended goals. Microsoft Service Pack 2 for XP includes a command line tool IPseccmd.exe, which can be used to manage IPsec policy and filtering rules. For more information on how to use this tool see the Microsoft Knowledge Base article 813878.

About the Author
Michael Cobb, CISSP-ISSAP is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity's Web Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Network Security Tactics,   Application and Platform Security,   Windows Security: Alerts, Updates and Best Practices,   Operating System Security,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Network Security Tactics Screencast: Find rogue wireless acess points with Vistumbler How to prepare for a secure network hardware upgrade Preventing SQL injection attacks: A network admin's perspective Screencast: How to launch an OpenVAS scan Wireless network guidelines for PCI DSS compliance Aligning network security with business priorities Scanning with N-Stalker offers basic Web application security assessment Lifecycle of a network security vulnerability Screencast: BackTrack 4 offers an arsenal of penetration testing tools Network access control technology: Over-hyped or underused? Windows Security: Alerts, Updates and Best Practices Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary BotHunter  (SearchSecurity.com) principle of least privilege (POLP)  (SearchSecurity.com) security identifier  (SearchSecurity.com) trusted computing  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.