Share via


Establishing an IPSec security plan

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Establishing an IPSec security plan

Whether for a large domain or a small workgroup, implementing IPSec means finding a balance between making information easily available to the largest number of users, and protecting sensitive information from unauthorized access.

Finding the proper balance requires:

  • Assessing the risk and determining the appropriate level of security for your organization.

  • Identifying valuable information.

  • Defining security policies that use your risk management criteria and protect the identified information.

  • Determining how the policies can best be implemented within the existing organization.

  • Ensuring that management and technology requirements are in place.

  • Providing all users with both secure and efficient access to the appropriate resources, according to their needs.

Security considerations are also influenced by the way the computer will be used. For example, the required security might differ, depending on whether the computer is a domain controller, Web server, remote access server, file server, database server, or intranet or remote client. The security framework in Windows 2000, Windows XP, and Windows Server 2003 family is designed to fulfill the most stringent security requirements. However, software alone might be less effective without careful planning and assessment, effective security guidelines, enforcement, auditing, and sensible security policy design and assignment.

There is no exact definition of the measures that define standard security. These can vary widely, depending on an organization's policies and infrastructures. The following security levels can be considered a general basis for planning your IPSec deployment:

  • Minimal security

    Computers do not exchange sensitive data. IPSec is not active by default. No administrative action to disable IPSec is required.

  • Standard security

    Computers, especially file servers, are used to store valuable data. Security must be balanced so it does not become a barrier to users trying to perform their tasks. Windows XP and the Windows Server 2003 family provide example IPSec policies that secure data, but do not necessarily require the highest level of security: Client (Respond Only) and Server (Request Security). Use these as a basis for your IPSec policies. These, or similar custom policies, optimize efficiency without compromising security.

  • High security

    Computers that contain highly sensitive data are at risk for data theft, accidental or malicious disruption of the system (especially in remote dial-up scenarios), or any public network communications. Secure Server (Require Security), a default policy, requires IPSec protection for all traffic being sent or received (except initial inbound communication) with stronger security methods. Unsecured communication with a non-IPSec-aware computer is not allowed.

From planning to policy configuration

After you have identified the types of traffic that need to be secured and the level of security required, you can begin policy configuration. Windows XP and Windows Server 2003 IPSec policy configuration is the translation of your security requirements to one or more IPSec policies, only one of which can be assigned at each of the following levels: domain, site, organizational unit, or local levels. Each IPSec policy consists of one or more IPSec rules. Each IPSec rule consists of:

  • A selected filter list.

  • A selected filter action.

  • Selected authentication methods.

  • A selected connection type.

  • A selected tunnel setting.

You can configure IPSec policy in the following ways:

  • Create a new policy and define the set of rules for the policy, adding filter lists and filter actions as required.

    In this method, an IPSec policy is created first and then rules are added and configured. Filter lists (specifying traffic types) and filter actions (specifying how the traffic is treated) are added during rule creation.

    For more information, see Add, edit, or remove IPSec policies and Add, edit, or remove IPSec rules.

  • Create the set of filter lists and filter actions, and then create the policies and add rules that combine the filter lists with filter actions.

    In this method, the filter lists and the filter actions are configured first. Next, IPSec policies are created and rules are added that combine the appropriate filter list with the appropriate filter action. Additionally, authentication methods, connection types, and tunnel settings are specified.

    For information about how to individually configure IP filter lists and filter actions, see Manage multiple IP filter lists and Manage multiple filter actions.

For either configuration method, after the IPSec policies have been created, they must be assigned. For more information, see Creating, modifying, and assigning IPSec policies.

Notes

  • To manage Active Directory-based IPSec policies, you must be a member of the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. To manage local or remote IPSec policies for a computer, you must be a member of the Administrators group on the local or remote computer. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. For more information, see Default local groups and Default groups.

  • The integration of IPSec policies with Active Directory described here does not apply to computers running Windows XP Home Edition. You cannot administer Active Directory-based IPSec policy from a computer running Windows XP Home Edition because these computers cannot join Active Directory domains.