Configuring IPSec

Previous page
Table of content
Next page
 < Day Day Up > 

IPSec is built into Windows Server 2003 and is also available for clients . In fact, basic IPSec functionality can easily be set up in an environment that is running Windows Server 2003's Active Directory, because IPSec can use the Kerberos authentication functionality in lieu of certificates. Subsequently, it is a fairly straightforward process to install and configure IPSec between servers and clients, and should be considered as a way to further implement additional security in an environment.

Establishing an IPSec Policy

Although other policies can be customized to fit the organization's security requirements, three predefined IPSec policies are built into Windows Server 2003:

  • Server (Request Security) This policy option requests but does not require IPSec communications. Choosing this option enables the server to communicate with other non-IPSec clients, and is recommended for organizations with fewer security needs or those in the midst of, but not finished with, an implementation of IPSec.

  • Client (Respond Only) This option enables the configured client computer to respond to requests for IPSec communications.

  • Secure Server (Require Security) The most secure policy option is the Require Security option, which stipulates that all network traffic to and from the server must be encrypted with IPSec.

To establish a simple IPSec policy on a server, do the following:

  1. Choose Local Security Policy from the Start, Administrative Tools menu.

  2. Navigate to IP Security Policies on Local Computer.

  3. In the right pane, right-click Server (Request Security) and select Assign.

To establish a simple IPSec policy on a Windows XP client, do the following:

  1. Choose Local Security Policy from the Start, Administrative Tools menu. The Administrative Tools must be enabled in the Task Manager view settings.

  2. Navigate to IP Security Policies on Local Computer.

  3. In the right pane, right-click Client (Respond Only) and select Assign.

Transport Layer Security

Transport Layer Security (TLS) is another, lesser-known method of encrypting traffic. It is essentially a newer version of SSL and is used primarily to encrypt SMTP specific traffic, particularly SMTP connector related traffic. TLS encryption can also be used with Basic or Integrated Windows Authentication to protect credentials as they are being transmitted.

 < Day Day Up > 

Previous page
Table of content
Next page
Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Visual C# 2005 How to Program (2nd Edition)
GO! with Microsoft Office 2003 Brief (2nd Edition)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
File System Forensic Analysis
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy