The connections between computers in a network are a potential security vulnerability, because network data can be read on the computers it passes through. This becomes a much more serious issue when public networks, such as the Internet, are involved.
The following sections discuss some key methods of securing network connectivity:
Providing secure access to public networks, such as the Internet
Using the Internet to create virtual private networks (VPNs)
Using Server Message Block (SMB) signing to add security to network file sharing
The simplest method of providing a network with connectivity to the Internet is to assign a public IP address to each computer on the network and use a router to provide all computers with connectivity to the network. This works, but has several disadvantages:
A limited number of public IP addresses are available, and you may not be able to obtain enough for all of the computers on the network.
All computers are accessible by anyone on the Internet, providing infinite possibilities for security problems.
There is no way to control which local resources can be accessed from the Internet or which Internet resources can be accessed.
The solution to these problems is to use a separate internal IP addressing scheme and use a translation system or a proxy server to provide connectivity between public and private networks. Windows 2000 provides two methods of accomplishing this: