Objective 3.1: Plan IPSec Deployment

IPSec is a complex technology that can effectively secure the network communications of an organization. Understanding the functionality of IPSec and the roles of various policy options is important to ensure that communications are secure. An administrator who applies the Server (Request Security) policy may believe that this will lead to secure communications on the network, but this will only be the case if all other clients on the network have an appropriate IPSec policy applied. If, for example, there is a computer on the network running Windows XP Professional that does not have an IPSec policy applied, and the Server (Request Security) policy is in general use, transmissions between this computer and any other computer in the domain will be insecure. Because the only way to test whether communications are encrypted is to capture traffic and analyze it, it is better to ensure that the right policies are applied. This is much better than attempting to debug policies by capturing traffic to determine which of the clients on the network is transmitting in an insecure fashion.