Guy recommends :
Free Solarwinds
VM Console

Find out which of your VMs are a waste of space and which VMs need more resources.

Custom Search

Solarwinds' free monitor makes it easy to check the performance and health of a router or firewall.

Download your free Network Device Monitor

1) FreePing
2) Engineer's Toolset
3) Xobni
4) PuTTY
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) IP Address Tracker
9) DNS Stuff
10) WinDiff Compare

IPSec in Windows Server 2003

Introduction to IPSec in Windows Server 2003

IPSec deals with encrypting data over the network. What IPSec does is protect data against those bad people with their protocol analysers. Encryption prevents these network monitors capturing packets and reading sensitive information inside. In my mind's eye, using IPSec is like putting one of those clear cellophane envelopes in a sealed parcel.

‡

Attacks that you are protecting against

Network Monitoring - Protocol Analysers capturing data
Data Modification - Sending counterfeit data in your name e.g. alter the delivery address
Password cracking - Intruders capturing your password then logging to your network
Address Spoofing - Appear to come from a different email address

IPSec Options

The best way to set IPSec is through Group Policies, alternatively, you can check through TCP/IP properties, Advanced.

IPSec is Disabled by default, here are the other three settings

Client (Respond only) Means 'I will speak IPSec if you wish'.
Server (Request Security) Means 'I would like to speak IPSec, but if you cannot comprehend IPSec then I will speak normally.
Secure Server (Require Security) Means 'I will only speak with clients who understand IPSec'.

Guy Recommends: The Free IP Address Tracker (IPAT)

Calculating IP Address ranges is a black art, which many network managers solve by creating custom Excel spreadsheets. IPAT cracks this problem of allocating IP addresses in networks in two ways:

For Mr Organized there is a nifty subnet calculator, you enter the network address and the subnet mask, then IPAT works out the usable addresses and their ranges. For Mr Lazy IPAT discovers and then displays the IP addresses of existing computers.

Download the Free IP Address Tracker

IPSec Modes

Transport Mode is designed to ensure that traffic between two machines is secure, for example the Financial Director and the CEO.

Tunnel Mode is to secure traffic between two networks and is particularly useful for VPN traffic where you need encryption over the internet.

The diagram on the right gives a hint that there are a surprising number of setting and properties for IPSec. In particular I recommend that you check out the filtering tabs. (If necessary click and enlarge the thumb-nailed picture)

Encryption Schemes

Remembering that the whole purpose is to encrypt the data leads me to check out the encryption settings.

Authentication

SHA - Secure Hashing Algorithm. US government 160-bit encryption
MD5 - Message Digest 5. Widespread for commerce 138-bit encryption

Packet Encryption

56-bit DES (Data Encryption Standard)
40-bit DES (France uses)
3 DES (Triple 56-bit highest level of encryption utilizes the processor significantly)

If you like this page then please share it with your friends

Guy Recommends:
Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.

Download a free trial of Network Performance Monitor

Please report a broken link, or an error.