Network and Edge Protection

Applies To: Windows Server 2008

Network and edge protection technologies can be used to protect your organization's network from external threats and vulnerabilities. In addition, they can be used to manage and control internal network traffic to a destination that is external to your network. There are six fundamental elements in regard to network and edge protection to consider when designing your infrastructure. Windows Server 2008 uses Internet Protocol security (IPsec), Network Access Protection (NAP), and wireless technologies to accomplish security zoning.

Security Zoning

Security zoning enables companies to protect network resources based on the level of security they require. For example, core network services and applications may be within a security zone and protected from the general user population.

Network Firewalling and Web Proxies

Network firewalls and Web proxies enable organizations to control access to resources contained on both the corporate network and the Internet. A network firewall and Web proxy should not only protect, but also log and report all connections made through the firewall and Web proxy.

SSL VPNs

Secure Sockets Layer (SSL) virtual private networks (VPNs) enable secure global access to both Web and non-Web applications and corporate information resources over the Internet. Built-in comprehensive policy enforcement helps drive compliance with legal and business guidelines for handling sensitive data. Endpoint security management enables access control, authorization, and content inspection for line-of-business applications.

Intrusion Detection and Prevention

Intrusion detection and protection mechanisms enable network security administrators to be alerted to active threats and mitigate them in real time. Additional features such as worm and flood protection can detect prevalent intrusions and block them.

Network Level VPN

Network level VPN enables remote computers to connect to the corporate network and access resources in a manner similar to a workstation directly connected to the network.

IPsec Domain Isolation

IPsec is a standard Internet protocol that allows administrators to isolate and protect servers and network domains with peer-level authentication and encryption. It provides a powerful mechanism for network segmentation and client quarantine without the need for new hardware.