The National Security Agency has published an excellent document, Microsoft Windows 2000 IPSec Guide , that covers practices for securing Windows networks with IPSec. Get it from http://www.nsa.gov/snac/win2k/download.htm .
RFC 3207 ( http://www.zvon.org/tmRFC/RFC3207/Output/index.html ) covers the ins and outs of the STARTTLS verb.
Microsoft TechNet has a useful step-by-step guide to configuring IPSec at http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/ispstep.asp .
There aren t very many books that cover IPSec on Windows 2000, although the Windows 2000 Server Resource Kit (available online at http://www.microsoft.com/windows2000/techinfo/reskit/en-us/ or in print from Microsoft Press) does a good job. For more basic IPSec reference material, try IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks (Doraswamy & Harkins; Prentice Hall PTR, 1999).
Microsoft Knowledge Base article 315055 describes how to apply IPSec protection to Terminal Services connections ”just the ticket if you re allowing remote access to your Exchange systems from the Internet.
Shinder & Shinder s ISA Server and Beyond (Syngress, 2002) is an excellent guide to deploying and managing ISA Server.
The National Security Agency publishes Guide to Secure Configuration and Administration of Microsoft ISA Server 2000, a good overall guide to ISA Server security and deployment (see http://www.nsa.gov/snac/win2k/guides/inf/isa.inf . In particular, the guide has additional coverage of the use of ISA on trihomed systems.