The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Microsoft Windows IPsec VPN Client: Security, Validation & Administrative Guide

Download PC Repair Tool to quickly find & fix Windows errors automatically

VPN (Virtual Private Network) is a network that essentially maintains privacy while using the Internet via security procedures and tunneling protocols such as the L2TP (Layer Two Tunneling Protocol) or IPsec. So, any private data that is sent is encrypted and decrypted only at the receiving end. Moreover, the data is sent through a “tunnel” that cannot be “entered” by any other data. The same capability is offered by Windows 11/10 is known as Windows IPsec VPN Client. Windows implements IPsec to provide protected, authenticated, confidential, and tamper-proof networking between two peer computers.

Before we proceed, it is important to shed some light on the term Virtual Private Network. Well, a VPN is a way to use the Internet by giving users or a remote group, access to the organization’s network in a secured environment. Before the advent of VPN, companies rented expensive systems of leased lines to build VPN which only they could use. However, with the coming of VPN, the same capabilities are provided to the users and at a much lower cost.

Microsoft Windows 10 IPsec VPN Client

Microsoft Windows IPsec VPN Client

You can set up a VPN on your Windows 11/10 computer. The OS is well suited for business desktops and is designed to serve as a client within Windows domains.

Security Target for Microsoft Windows IPsec VPN Client

A few days ago, Microsoft released a security evaluation report for Microsoft Windows 10 IPsec VPN Client. Here’s its summary.

Security Audit

Audit information generated by the system covers events related to the date, time and the user identity that causes the event to be generated. Windows 10 can collect and audit this data, review audit logs, protect it from overflow, and restrict access to audit logs if required. Likewise, authorized administrators can review audit logs and search or sort audit record.

Security Management

Policy management is controlled via a combination of access control, membership in administrator groups, and privileges. Windows 10 supports several functions to manage security policies.

Trusted Path

Windows 10 is configured to use a suite of protocols for offering a Virtual Private Network Connection (VPN) between itself and a VPN gateway in addition to providing protected communications via HTTPS.

Cryptographic Support

Windows provides FIPS-validated cryptographic functions that have support for:

  1. Cryptographic signatures
  2. Cryptographic key agreement
  3. Cryptographic hashing
  4. Encryption/decryption

In addition to the use of cryptography for its own security functions, Windows gives access to the cryptographic support functions for user-mode and kernel mode programs. Also, it provides extensive auditing support of cryptographic operations.

Authentication and Identification

The latest version of Windows – Windows 10 comes with the ability to use, store, and protect X.509 certificates that are used for TLS and authenticates the user to their mobile device.

TOE Access

Windows constantly monitors the mouse, keyboard, and touch display for activity and locks the computer after a set period of inactivity. Thus, it allows a user to lock their session either immediately or after a defined interval. Apart from this, the OS allows an authorized administrator to configure the system to show a login banner before the login dialog is displayed.

Click here to download the Security Target for Microsoft Windows IPsec VPN Client.

Validation Report for Microsoft Windows IPsec VPN Client

It is a validation report documentation for the completed Common Criteria evaluation of Microsoft Windows IPsec VPN Client. Following are its highlights:

RAS IPsec VPN Client Configuration

This section provides information on how to configure the RAS IPsec VPN Client for IKEv1 and IKEv2 in tunnel mode.

Managing Audit Policy

A section under it describes the categories of audits in the Windows Security log – Advanced Audit Policy Configuration. The section, in detail, outlines steps to select audit policies by category, user and audit success or failure in the Windows Logs -> Security log.

Configuring Pre-Shared Key for IKEv1

This section contains the guidance to meet the Common Criteria SFRs related to

  1. Internet Protocol Security (IPsec) Communications (FCS_IPSEC_EXT.1.12) – Pre-shared keys
  2. 1 – Configure IKE authentication techniques

Configuring Cryptographic Algorithms for IKEv1 and IKEv2

There’s a link attached to every topic listed above which allows you to configure these settings without hassles.

Click here to download the Validation Report for Microsoft Windows IPsec VPN Client.

Administrative Guide for Microsoft Windows IPsec VPN Client

Finally, there’s administrative guidance documentation for the completed Common Criteria evaluation of Microsoft Windows 10 IPsec VPN Client. Similar to the above, The operational guide provides many links to TechNet and other Microsoft resources. It is mainly related Managing the Windows Firewall (Windows Filtering Platform) and the guidance to meet the following Common Criteria SFRs – Internet Protocol Security (IPsec) Communications (FCS_IPSEC_EXT.1.1).

The document highlights, the Windows Filtering Platform is configured to start automatically and must never be turned off in order to support any of the described IPsec scenarios. The Windows Filtering Platform is the

IPsec Security Policy Database (SPD) for Windows. The IPsec rules in the Windows Filtering Platform are entries in the SPD. Ideally, the Windows Filtering Platform can be configured to use Inbound and Outbound rules that protect, bypass, discard or allow the traffic specified by the Inbound and Outbound rules. A link is given to assist a user in configuring the Windows Firewall and IPsec Policy. It mainly explains the priority for applying firewall rules.

Click here to download the Administrative Guide for Microsoft Windows IPsec VPN Client.

Please note that all files are in PDF format and can be opened using a PDF file reader application supported on Windows operating system.

Thanks for the tip Octavio Rdz.

38 Shares

[email protected]

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap