Overview

Information security strategies protect data on servers and client computers, and also conceal and protect packets traversing insecure networks. Distributed security plans need to identify which information must be protected in the event computer equipment is lost or stolen. Also, types of network traffic that are sensitive or private and need to be protected from network sniffers must be included in the plan.

In terms of users on the enterprise network, access control is the primary mechanism to protect sensitive files from unauthorized access. However, the computers themselves might be portable and subject to physical theft. Therefore, access control is not sufficient to protect the data stored on these computers. This is a special problem with laptop computers that can be easily stolen while traveling. Windows 2000 provides the Encrypting File System (EFS) to address this problem.

To keep network data packets confidential, Internet Protocol Security (IPSec) can be used to encrypt network traffic among some or all of the servers in an organization. IPSec provides the ability to set up authenticated and encrypted network connections between two computers. For example, an e-mail server can be configured to require secure communication with clients and thereby prevent a packet sniffer from reading e-mail messages between the clients and the server. IPSec is ideal for protecting data from existing applications that were not designed with security in mind.