Security features

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security features

TCP/IP incorporates security features that provide protection of the TCP/IP data as it is sent on the network and configuration of the types of local host traffic that are processed.

Internet Protocol security

Internet Protocol security (IPSec) is a set of Internet standards that uses cryptographic security services to provide the following:

  • Confidentiality

    IPSec traffic is encrypted. Captured IPSec traffic is unintelligible without knowledge of the encryption key.

  • Authentication

    IPSec traffic is digitally signed with the shared encryption key so that the receiver can verify that it was sent by the IPSec peer.

  • Data integrity

    IPSec traffic contains a cryptographic checksum that incorporates the encryption key. The receiver can verify that the packet was not modified in transit.

For more information about IPSec, see Internet Protocol Security (IPSec).

TCP/IP filtering

With TCP/IP filtering, a feature known as TCP/IP Security in Microsoft® Windows NT® 4.0, you can specify exactly which types of incoming TCP/IP traffic are processed for each IP interface. This feature is designed to isolate the traffic that is processed by Internet or intranet servers in the absence of other TCP/IP filtering provided by the Routing and Remote Access service or other TCP/IP programs or services. TCP/IP filtering is disabled by default.

TCP/IP filtering is a set of filters for inbound local host TCP/IP traffic. Local host traffic is traffic that is processed by the host because the destination IP address of inbound TCP/IP traffic is addressed to an assigned interface addresses, appropriate subnet broadcast addresses, or a multicast address. TCP/IP filtering does not apply to routed traffic that is forwarded between interfaces.

With TCP/IP filtering, you can confine local host inbound TCP/IP traffic based on the:

  • Destination TCP port

  • Destination UDP port

  • IP protocol

For information about configuring TCP/IP filtering, see Configure TCP/IP to use TCP/IP filtering.