Information Technology Reference
In-Depth Information
CHAPTER 7
■ ■ ■
Internet Protocol Security
(IPSec)
S
imilar to the TCP/IP suite, which is composed of a number of individual protocols designed
to enable network communication, Internet Protocol Security (IPSec) is a collection of protocols
that operate on top of TCP/IP to allow for private, secure communications over IP networks.
IPSec can provide data integrity by adding a mathematical checksum to a network packet before
it is transmitted. The receiver of that packet can use this checksum to confirm that the packet
was not tampered with during transit, and that the packet originated from the host that it claims
as its originator. IPSec can also provide for data confidentiality by encrypting data before it is
transmitted over a network. This feature is especially useful when information is being trans-
mitted over a public network such as the Internet.
In addition to its integrity and encryption features, IPSec also allows
mutual authentication
between communicating hosts. This feature is designed to protect against a so-called
man-in-the-
middle
attack, where a malicious user will impersonate a legitimate host (like a domain controller)
and attempt to fool you into transmitting confidential information and logon credentials because
you think that you are dealing with a trusted host. Microsoft's implementation of IPSec complies
with IPSec standards created by the Internet Engineering Task Force (IETF) IPsec Working Group,
and is supported by the following Windows operating systems:
Windows 2000 Professional
Windows 2000 Server
Windows XP Professional
Windows Server 2003
IPSec integrates directly with Active Directory, and you can assign IPSec configuration
through Group Policy, which will allow you to configure IPSec settings at the domain, site, or
organizational unit (OU) level. You can also configure IPSec settings through a local computer's
security policy or use the
netsh
utility to create full-featured IPSec configurations.
Windows Server 2003 has made a number of improvements and enhancements to IPSec,
including the following:
285
