Planning Security

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

IP does not have a default security mechanism. Without security, both public and private IP networks are susceptible to unauthorized monitoring and access. To prevent these types of security breach, develop a security strategy for your IP deployment in tandem with your overall network security plan.

Ways that you can enhance security when deploying IP include:

• Securing IP packets. Provide end-to-end security by securing IP packets, which requires that you not use address translation (unless both peers support IPSec NAT-T and use ESP to protect traffic). IPSec is the most efficient way to provide a secure data stream.

• Deploying a perimeter network. Use a perimeter network to help secure your internal network from intrusion. Several options are available for doing this.

Figure 1.10 shows the tasks involved in incorporating IPSec and a perimeter network in your IP security plan.

Figure 1.10   Planning IP Security