IP Security (IPSec)
IPSec, new to Windows 2000, allows encryption for TCP/IP traffic. IPSec was developed by the IETF and is an open standard for a variety of encryption technologies. IPSec can be configured to provide security between any two Windows 2000 Server computers. IPSec is supported in Windows 2000 by the following components:
- IPSec Policy Agent
This is a service that runs under Windows 2000 and manages IPSec policies. The policies are stored in the Active Directory or in the local computer’s registry.
- ISAKMP/Oakley Key Management Service
This combines two protocols: ISAKMP, a key management protocol, and the Oakley protocol, which generates keys for data encryption. The IPSec Policy Agent automatically starts and manages this service.
- IP Security Driver
This driver (IPSEC.SYS) acts as a filter for all IP communication, determining whether security is required for each packet. Secured packets are encrypted using the key provided by the Key Management Service.
You can configure IPSec by setting security policies, which can be set either for the Active Directory or for individual computers. To manage a computer’s security policies, select Administrative Tools → Local Security Policy from the Start menu.
From the Local Security Settings snap-in, double-click the entry for IP Security Policies on local machine. The following default policies are available from this window:
- Client (Respond Only)
Allows the computer to act as a client when a server requests or requires ...