IP Security (IPSec)

IPSec, new to Windows 2000, allows encryption for TCP/IP traffic. IPSec was developed by the IETF and is an open standard for a variety of encryption technologies. IPSec can be configured to provide security between any two Windows 2000 Server computers. IPSec is supported in Windows 2000 by the following components:

IPSec Policy Agent

This is a service that runs under Windows 2000 and manages IPSec policies. The policies are stored in the Active Directory or in the local computer’s registry.

ISAKMP/Oakley Key Management Service

This combines two protocols: ISAKMP, a key management protocol, and the Oakley protocol, which generates keys for data encryption. The IPSec Policy Agent automatically starts and manages this service.

IP Security Driver

This driver (IPSEC.SYS) acts as a filter for all IP communication, determining whether security is required for each packet. Secured packets are encrypted using the key provided by the Key Management Service.

Configuring IPSec

You can configure IPSec by setting security policies, which can be set either for the Active Directory or for individual computers. To manage a computer’s security policies, select Administrative Tools Local Security Policy from the Start menu.

From the Local Security Settings snap-in, double-click the entry for IP Security Policies on local machine. The following default policies are available from this window:

Client (Respond Only)

Allows the computer to act as a client when a server requests or requires ...

Get MCSE: Windows 2000 Exams in a Nutshell now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.