IPSec deals with encrypting data over the network. What IPSec does is
protect data against those bad people with their protocol analysers.
Encryption prevents these network monitors capturing packets and reading
sensitive information inside. In my mind's eye, using IPSec is like putting
one of those clear cellophane envelopes in a sealed parcel.
The best way to set IPSec is through Group Policies, alternatively, you can
check through TCP/IP properties, Advanced.
IPSec is Disabled by default, here are the other three settings
Client (Respond only) Means 'I will speak IPSec if you wish'.
Server (Request Security) Means 'I would like to speak IPSec, but if you
cannot comprehend IPSec then I will speak normally.
Secure Server (Require Security) Means 'I will only speak with clients who
understand IPSec'.
Guy Recommends: SolarWinds LANSurveyor
LANSurveyor will produce a neat diagram of your network topology. But that's
just the start;
LANSurveyor can
create an inventory of the hardware and software
of your machines and network devices. Other neat features include dynamic
update for when you add new devices to your network. I also love the ability to export
the diagrams
to Microsoft Visio.
Finally, Guy bets that if you take a free trial of LANSurveyor then you will
find a device on your network that you had forgotten about, or someone else
installed without you realizing!
Transport Mode is designed to ensure that traffic between two machines is
secure, for example the Financial Director and the CEO.
Tunnel Mode is to secure traffic between two networks and is particularly
useful for VPN traffic where you need encryption over the internet.
The diagram on the right gives a hint that there are a surprising number of
setting and properties for IPSec. In particular I recommend that you check
out the filtering tabs. (If necessary click and enlarge the thumb-nailed picture)
