Windows 2000/XP/2003 memiliki built-in IP security (ipsec), yaitu sebuat protocol yang dibuat untuk memproteksi paket TCP/IP yang lewat pada suatu jaringan.
Dengan membuat policy yang memblokir semua IP traffic yang menggunakan HTTP dan HTTPS (TCP port 80 dan 443), maka komputer tsb tidak akan bisa melakukan browsing internet lagi.
Berikut adalah langkah konfigurasi-nya :
01. Open an MMC Window (Start > Run > MMC).
02. Add the IP Security and Policy Management Snap-In.
03. In the selection which computer this policy will manage, select the local computer, click Close then click OK.
04. Right-click IP Security Policies in the left pane of the MMC console, select Manage IP Filter Lists and Filter Actions.
05. In the Manage IP Filter Lists and Filter Actions, click Add.
06. In the IP Filter List window type a descriptive name (such HTTP) and click Add.
07. In the Welcome window click Next.
08. In the description box type a description as you want and click Next.
09. In the IP Traffic Source window leave My IP Address selected dan click Next.
10. In the IP Traffic Destination window leave Any IP Address selected and click Next.
11. In the IP Protocol Type scroll to TCP and click Next.
12. In the IP Protocol Port type 80 (for HTTP) in the To This Post box and click Next.
13. In the IP Filter List window notice how a new IP Filter has been added. Now if you want to add HTTPS (Any IP to Any IP, Protocol TCP, Destination Port 443) use the same step 5 to 12.
14. Now that you have both filter set up, click OK.
15. Back in the Manage IP Filter Lists and Filter Actions. Now we add a new filter for INTRANET web traffic, click Add.
16. Give the new filter an appropriate name (such INTRANET) and then click Add.
17. In the IP Traffic Source window leave My IP Address selected dan click Next.
18. In the IP Traffic Destination window, click the drop-down list and select the type of destination. For example :
a. if you want to allow web traffic for one specific intranet web server, select A Specific DNS Name, then in the Host Name box type the Server Name and click Next.
b. if you want to allow web traffic for an entire internal subnet such as 192.168.0.0/24, select A Specific IP Subnet, and type the Network ID and Subnet Mask for the required subnet and click Next.
19. Back in the Manage IP Filter Lists and Filter Actions, click Manage Filter Actions tab. Now we need to add a filter action that will block our designated traffic, click Add.
20. In the Welcome window click Next.
21. In the Filter Action Name type BLOCK and click Next.
22. In the Filter Action General Options click Block and click Next.
23. Back in the MMC Console, right-click IP Security Policies on Local Computer and select Create IP Security Policy.
24. In the Welcome window click Next.
25. In the IP Security Policy Name enter a descriptive name, such as "Block HTTP & HTTPS Allow INTRANET" click Next.
26. In the Request for Secure Communication window click to clear Active the Default Response Rule check-box, click Next.
27. In the completing IP Security Wizard window click Finish.
28. In the New IPSec Policy window click Add.
29. In the Welcome window click Next.
30. In the Tunnel Endpoint make sure the default setting is selected and click Next.
31. In the Network Type window select All Network Connections and click Next.
32. In the IP Filter Lists window select one of the previously configured IP Filters (such as HTTP) click Next.
33. In the Filter Action window select one of the previously configured Filter Actions (such as Block) click Next
34. Back in the New IPSec Policy window, make sure the new IP Filter is selected. Click Add to add more IP Filters and Filter Actions. In this example we add the INTRANET IP filter.
35. Configure it to use the Permit Filter Action.
36. In the MMC Console, right-click the New IPSec Policy and select Assign.
Selesai.
Langganan:
Posting Komentar (Atom)
yg gak ruwet wae,...tapi ono duite,...
BalasHapus