Windows 2000 incorporates Internet Protocol security (IPSec) for data protection of network traffic. IPSec is a suite of protocols that allow secure, encrypted communication between two computers over an insecure network. The encryption is applied at the IP network layer, which means that it is transparent to most applications that use specific protocols for network communication. IPSec provides end-to-end security, meaning that the IP packets are encrypted by the sending computer, are unreadable en route, and can be decrypted only by the recipient computer. Due to a special algorithm for generating the same shared encryption key at both ends of the connection, the key does not need to be passed over the network.

IPSec Policies can be applied at a local level or at the domain level, as is the case with other parts of security policy. Experience configuring network security will help in determining what is entailed in an effective IPSec Policies.

For more information about Internet Protocol security, see TCP/IP in Windows 2000 Professional in this book.