TCP/IP in Windows 2000 Professional

Windows 2000 Professional incorporates two primary methods for securing IP packets: IP security and TCP/IP filtering. IP security is a new feature of Windows 2000 Professional. IP security protects data by securing and optionally encrypting IP packets prior to transmission on the network. The following section discusses the features of IP security, and describes the methods for installing and configuring this feature. TCP/IP filtering, known as TCP/IP Security in Windows NT 4.0, is also discussed as a method of controlling the IP traffic received by the network interface.

Determine IP security method to be implemented.    Windows 2000 Professional supports two methods to secure and control the transmission of IP packets: IP security, an industry-defined set of standards that verifies, authenticates, and optionally encrypts data at the IP packet level; and TCP/IP filtering , which controls the ports and packet types for incoming local host data. Either or both of these methods can be implemented within the same Windows 2000 Professional– based client. For more information about IP security, see Overview of IPSec, Considerations for IPSec, and Configure IP Filtering in this chapter.

Enable and configure IP Security, if required.    IP Security may be enabled in the registry of the Windows 2000 Professional computer through local policies, or implemented via Active Directory group policies in an enterprise environment. If implemented locally, built-in or custom policies created via the Policy Manager snap-in can determine the rules required for negotiating and starting communications with other hosts. See Configuring IPSec Policies later in this chapter.

Enable IP filtering, if required.    You may wish to restrict the type of IP traffic that can be received by a Windows 2000 Professional– based client. IP filtering allows the creation of rules that limit packet reception by TCP and UDP port, or by IP protocol type. See TCP/IP Filtering later in this chapter.