Security

You can view the default Internet Protocol security policies in the Group Policy snap-in to MMC. The policies are listed under IP Security Policies on Active Directory , or under IP Security Policies (Local Computer) :

Group Policy object

Ξ Computer Configuration

Ξ Windows Settings

Ξ Security Settings

Ξ IP Security Policies on Local Computer

You can also view IPSec policies by using the Internet Protocol Security Policy Management snap-in to MMC. Each Internet Protocol security policy contains security rules that determine when and how traffic is protected. Right-click a policy and select Properties . The Rules tab lists the policy rules. Rules can be further decomposed into filter lists, filter actions, and additional properties.

When planning for IPSec, make the following determinations:

• Identify clients and servers to use IPSec communications.

• Identify whether client authentication is based on Kerberos trust, digital certificates, or a pre-shared key.

• Describe how each computer will initially receive the proper IPSec policy and will continue to receive policy updates.

• Describe the security rules inside each IPSec policy. Consider how Certificate Services are needed to support client authentication by digital certificates.

• Describe enrollment process and strategies to enroll computers for IPSec certificates.

For more information about Internet Protocol security, see the Windows 2000 Server Help. See also Internet Protocol Security in the Microsoft Windows 2000 Server Resource Kit TCP/IP Core Networking Guide .