Before we proceed, it is important to shed some light on the term Virtual Private Network. Well, a VPN is a way to use the Internet by giving users or a remote group, access to the organization’s network in a secured environment. Before the advent of VPN, companies rented expensive systems of leased lines to build VPN which only they could use. However, with the coming of VPN, the same capabilities are provided to the users and at a much lower cost.
Microsoft Windows IPsec VPN Client
You can set up a VPN on your Windows 11/10 computer. The OS is well suited for business desktops and is designed to serve as a client within Windows domains.
Security Target for Microsoft Windows IPsec VPN Client
A few days ago, Microsoft released a security evaluation report for Microsoft Windows 10 IPsec VPN Client. Here’s its summary. Security Audit Audit information generated by the system covers events related to the date, time and the user identity that causes the event to be generated. Windows 10 can collect and audit this data, review audit logs, protect it from overflow, and restrict access to audit logs if required. Likewise, authorized administrators can review audit logs and search or sort audit record. Security Management Policy management is controlled via a combination of access control, membership in administrator groups, and privileges. Windows 10 supports several functions to manage security policies. Trusted Path Windows 10 is configured to use a suite of protocols for offering a Virtual Private Network Connection (VPN) between itself and a VPN gateway in addition to providing protected communications via HTTPS. Cryptographic Support Windows provides FIPS-validated cryptographic functions that have support for: In addition to the use of cryptography for its own security functions, Windows gives access to the cryptographic support functions for user-mode and kernel mode programs. Also, it provides extensive auditing support of cryptographic operations. Authentication and Identification The latest version of Windows – Windows 10 comes with the ability to use, store, and protect X.509 certificates that are used for TLS and authenticates the user to their mobile device. TOE Access Windows constantly monitors the mouse, keyboard, and touch display for activity and locks the computer after a set period of inactivity. Thus, it allows a user to lock their session either immediately or after a defined interval. Apart from this, the OS allows an authorized administrator to configure the system to show a login banner before the login dialog is displayed. Click here to download the Security Target for Microsoft Windows IPsec VPN Client.
Validation Report for Microsoft Windows IPsec VPN Client
It is a validation report documentation for the completed Common Criteria evaluation of Microsoft Windows IPsec VPN Client. Following are its highlights: RAS IPsec VPN Client Configuration This section provides information on how to configure the RAS IPsec VPN Client for IKEv1 and IKEv2 in tunnel mode. Managing Audit Policy A section under it describes the categories of audits in the Windows Security log – Advanced Audit Policy Configuration. The section, in detail, outlines steps to select audit policies by category, user and audit success or failure in the Windows Logs -> Security log. Configuring Pre-Shared Key for IKEv1 This section contains the guidance to meet the Common Criteria SFRs related to Configuring Cryptographic Algorithms for IKEv1 and IKEv2 There’s a link attached to every topic listed above which allows you to configure these settings without hassles. Click here to download the Validation Report for Microsoft Windows IPsec VPN Client.
Administrative Guide for Microsoft Windows IPsec VPN Client
Finally, there’s administrative guidance documentation for the completed Common Criteria evaluation of Microsoft Windows 10 IPsec VPN Client. Similar to the above, The operational guide provides many links to TechNet and other Microsoft resources. It is mainly related Managing the Windows Firewall (Windows Filtering Platform) and the guidance to meet the following Common Criteria SFRs – Internet Protocol Security (IPsec) Communications (FCS_IPSEC_EXT.1.1). The document highlights, the Windows Filtering Platform is configured to start automatically and must never be turned off in order to support any of the described IPsec scenarios. The Windows Filtering Platform is the IPsec Security Policy Database (SPD) for Windows. The IPsec rules in the Windows Filtering Platform are entries in the SPD. Ideally, the Windows Filtering Platform can be configured to use Inbound and Outbound rules that protect, bypass, discard or allow the traffic specified by the Inbound and Outbound rules. A link is given to assist a user in configuring the Windows Firewall and IPsec Policy. It mainly explains the priority for applying firewall rules. Click here to download the Administrative Guide for Microsoft Windows IPsec VPN Client. Please note that all files are in PDF format and can be opened using a PDF file reader application supported on Windows operating system. Thanks for the tip Octavio Rdz.