Planning Security
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
IP does not have a default security mechanism. Without security, both public and private IP networks are susceptible to unauthorized monitoring and access. To prevent these types of security breach, develop a security strategy for your IP deployment in tandem with your overall network security plan.
Ways that you can enhance security when deploying IP include:
Securing IP packets. Provide end-to-end security by securing IP packets, which requires that you not use address translation (unless both peers support IPSec NAT-T and use ESP to protect traffic). IPSec is the most efficient way to provide a secure data stream.
Deploying a perimeter network. Use a perimeter network to help secure your internal network from intrusion. Several options are available for doing this.
Figure 1.10 shows the tasks involved in incorporating IPSec and a perimeter network in your IP security plan.
Figure 1.10 Planning IP Security