Introducing IPSec

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Introducing IPSec

IPSec is the long-term direction for secure networking. It provides a key line of defense against private network and Internet attacks.

IPSec has two goals:

  1. To protect the contents of IP packets.

  2. To provide a defense against network attacks through packet filtering and the enforcement of trusted communication.

Both goals are met through the use of cryptography-based protection services, security protocols, and dynamic key management. This foundation provides both the strength and flexibility to protect communications between private network computers, domains, sites, remote sites, extranets, and dial-up clients. It can even be used to block receipt or transmission of specific traffic types.

IPSec is based on an end-to-end security model, establishing trust and security from a source IP to a destination IP address. The IP address itself does not necessarily have to be considered an identity, rather the system behind the IP address has an identity that is validated through an authentication process. The only computers that must know about the traffic being secured are the sending and receiving computers. Each computer handles security at its respective end, with the assumption that the medium over which the communication takes place is not secure. Any computers that only route data from source to destination are not required to support IPSec, unless firewall-type packet filtering or network address translation is being done between the two computers. This model allows IPSec to be successfully deployed for the following enterprise scenarios:

  • Local area network (LAN): client/server and peer-to-peer

  • Wide area network (WAN): router-to-router and gateway-to-gateway

  • Remote access: dial-up clients and Internet access from private networks

Typically both sides require IPSec configuration (called an IPSec policy), to set options and security settings that will allow two systems to agree on how to secure traffic between them. The Microsoft® Windows® 2000 , Windows XP, and the Windows Server 2003 family implementations of IPSec is based on industry standards developed by the Internet Engineering Task Force (IETF) IPSec working group. Portions of IPSec-related services were jointly developed by Microsoft and Cisco Systems, Inc.