Tuesday, January 17, 2012

Configuring IPSec

Even though you can encrypt your data stored on your hard drive, how do you protect the data while it is in transmission? IPSec can do this. 
IPSec (Internet Protocol Security) is a set of protocols that give you a level of encryption between two computers while it is being transferred over an unsecured network.  IPSec uses security services and digital certificates with public and private keys. As stated in Mark Russinovich's and David Solomon's Windows Internals Book:
Internet Protocol Security (IPSec), which is integrated with the Windows TCP/IP stack, helps to protect unicast (IPSec itself supports multicast, but the Windows implementation does not) IP data against attacks such as eavesdropping, sniffer attacks, data modification, IP address spoofing, and man-in-th-middle attacks (when the identity of the remote machine can be verified, like a VPN). You can use IPSec to provide defense-in-depth against network-based attacks from untrusted computers; certain attacks that can result in the denial-of-service of applications, services, or the network; data corruption, data theft, and user-credential theft; and the administrative control over servers, other computers, and the network. IPSec helps defend against network-based attacks through cryptography-based security services, security protocols, and dynamic key management.
IPSec was originally designed to secure traffic over public networks. However, IPSec is being used increasingly on private networks. Windows Server 2008 provides enhancements to the IPSec rules.