Introducing IPSec

  • Article

IPSec is the long-term direction for secure networking. It provides a key line of defense against private network and Internet attacks, balancing ease of use with security.

IPSec has two goals:

  • To protect IP packets.

  • To provide a defense against network attacks.

Both goals are met through the use of cryptography-based protection services, security protocols, and dynamic key management. This foundation provides both the strength and flexibility to protect communications between private network computers, domains, sites, remote sites, extranets, and dial-up clients. It can even be used to block receipt or transmission of specific traffic types.

IPSec is based on an end-to-end security model, meaning that the only computers that must know about the traffic being secured are the sending and receiving computers. Each handles security at its respective end, with the assumption that the medium over which the communication takes place is not secure. Any computers that only route data from source to destination are not required to support IPSec. This model allows IPSec to be successfully deployed for your existing enterprise scenarios:

  • Local area network (LAN): client/server, peer to peer.

  • Wide area network (WAN): router to router, gateway to gateway.

  • Remote access: dial-up clients; Internet access from private networks.

The Windows 2000 implementation of IPSec is based on industry standards currently in development by the Internet Engineering Task Force (IETF) IPSec working group. IPSec and its related services in Windows 2000 have been jointly developed by Microsoft and Cisco Systems, Inc.