Scribd
Upload
23 views11 pages

DNSSEC and IPsec Configuration Guide

The document outlines the configuration of DNSSEC and IPsec for enhancing network security in a corporate environment. DNSSEC is implemented to secure DNS transactions against attacks like cache poisoning, while IPsec is used to protect data integrity and confidentiality at the network layer. The implementation details, including commands used for validation, are provided, along with challenges associated with both protocols.

Uploaded by

hb6348248
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
23 views11 pages

DNSSEC and IPsec Configuration Guide

The document outlines the configuration of DNSSEC and IPsec for enhancing network security in a corporate environment. DNSSEC is implemented to secure DNS transactions against attacks like cache poisoning, while IPsec is used to protect data integrity and confidentiality at the network layer. The implementation details, including commands used for validation, are provided, along with challenges associated with both protocols.

Uploaded by

hb6348248
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 11

Benchmark - Applying Advanced Protocols

By Ononay Das

Professor Timothy Montgomery

ITT-430-O500-Security Driven Systems Administration

GRAND CANYON UNIVERSITY

29 September 2024
DNSSEC Configuration

In the DC server go to server manager and then go to DNS and open the DNS Manager.

In DNS Manager, expand the server name and click on Forward Lookup Zones. Right Click on

the CORP.ITT430NT.COM and select the DNSSEC and Then Sign the zone.
An Wizard will appear click on next and choose default settings to sign the zone. And the click

on next.

After this finish the and wizard will close. Now DNSSEC successfully configured.
Then I have open the powershell and run this command

Get-DnsServerDnsSecZoneSetting -ZoneName "CORP.ITT430NT.COM"

To validate the DNSSEC configuration.


Here you can see the KeyMasterStatus shows "Online,".
IPSEC configuration

Now go to the Window Defender firewall with advance security.

right-click on Connection Security Rules and select New Rule.


Now choose isolation and click on next.

Select Require Authentication for inbound and outbound connections.


Now click on Computer (Kerberos V5) and click on next

Now write the Name IPSEC and click on finish.


After this IPSEC has been successfully configured.

Then I have use this command Get-NetIPsecRule to check the IPsec configuration.

Here you can see that the Enabled is true.


Part 2: DNSSEC and IPsec Implementation Summary

As the structure of contemporary corporations develops, network security becomes one of the

main priorities to ensure the confidentiality and reliability of information exchange. Two

essential procedures employed for the purpose of security are DNSSEC (Domain Name System

Security Extensions) and IPsec (Internet Protocol Security). These protocols serve as another set

of security measures that are used in conjunction to each other DNSSEC is used specifically for

DNS transactions while IPsec is used for confidentiality, integrity and authentication at the IP

layer.

It was introduced as a protection from DNS cache poisoning and spoofing, as it provides the

authenticity of DNS responses. In my setup I generated and signed the zone

“CORP.ITT430NT.COM” using the default parameters for the KSK and ZSK. It helped to

guarantee that any DNS queries for the domain would be signed cryptographically and as such

were not likely to be tampered with. Finally, I updated the DNSSEC configuration as shown

below and using the Get-DnsServerDnsSecZoneSetting PowerShell command which confirmed

that the KeyMasterStatus was Online thus confirmed that the DNSSEC settings were properly

deployed. This implementation makes responses from DNS accurate and secure to avoid any

attacks that target DNS weakness.

While, IPsec was set to protect communication between servers at the network layer. In order to

authenticate and encrypt traffic that was coming in and going out of the network, I created IPsec

rules. The IPsec rule I created employed the Transport mode through which the communication

was protected without encapsulation. I used the settings with Kerberos V5 for authentication so

that only the authorized systems could communicate. The configuration was further checked

using the Get-NetIPsecRule PowerShell command to ensure that IPsec was on and running well.
This setup ensures that data exchanged between servers is protected from eavesdropping and

tampering, providing confidentiality and integrity.

However, both DNSSEC and IPsec provide a security solution that enables protection the

infrastructure in question. DNSSEC helps protect DNS lookups from redirection attacks and

IPsec ensures that the data transported over the network is safe. These protocols are needed for

the preservation of the confidentiality, integrity and availability otherwise known as the CIA

triad.

However, the implementation of these security measures has some difficulties. DNSSEC is not

always easy to implement especially when dealing with cryptographic keys, there is always a

problem of zone signing and hence the need to do key rollovers frequently. Downtime is a result

of misconfigurations if DNS responses do not validate, and this may affect services. The IPsec

brings in the overhead to deal with the encryption and authentication thus making the network

slow at times.

You might also like