Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
TCP/IP incorporates security features that provide protection of the TCP/IP data as it is sent on the network and configuration of the types of local host traffic that are processed.
Internet Protocol security
Internet Protocol security (IPSec) is a set of Internet standards that uses cryptographic security services to provide the following:
IPSec traffic is encrypted. Captured IPSec traffic is unintelligible without knowledge of the encryption key.
IPSec traffic is digitally signed with the shared encryption key so that the receiver can verify that it was sent by the IPSec peer.
IPSec traffic contains a cryptographic checksum that incorporates the encryption key. The receiver can verify that the packet was not modified in transit.
For more information about IPSec, see Internet Protocol Security (IPSec).
With TCP/IP filtering, a feature known as TCP/IP Security in Microsoft® Windows NT® 4.0, you can specify exactly which types of incoming TCP/IP traffic are processed for each IP interface. This feature is designed to isolate the traffic that is processed by Internet or intranet servers in the absence of other TCP/IP filtering provided by the Routing and Remote Access service or other TCP/IP programs or services. TCP/IP filtering is disabled by default.
TCP/IP filtering is a set of filters for inbound local host TCP/IP traffic. Local host traffic is traffic that is processed by the host because the destination IP address of inbound TCP/IP traffic is addressed to an assigned interface addresses, appropriate subnet broadcast addresses, or a multicast address. TCP/IP filtering does not apply to routed traffic that is forwarded between interfaces.
With TCP/IP filtering, you can confine local host inbound TCP/IP traffic based on the:
Destination TCP port
Destination UDP port
For information about configuring TCP/IP filtering, see Configure TCP/IP to use TCP/IP filtering.