Microsoft’s Implementation of IPSec in Windows Server 2003
The Microsoft implementation of IPSec in Windows Server 2003 adheres to the appropriate RFCs and is compatible with other hosts running RFC-compliant IPSec software. This includes other computers running Windows 2000 and Windows XP Professional, computers running other operating systems with an IPSec component, and intermediate network devices such as routers. In the next few sections, I’ll discuss the specific software components that implement IPSec in Windows Server 2003.
Microsoft IPSec Components
In the Microsoft implementation of
IPSec, the IPSec driver acts as a filter driver on top of the TCP/IP
protocol stack. The IPSec driver is initialized at the same time that
other network services are initialized at system bootup, and the
driver receives its policy information from the IPSec Policy Agent.
The agent examines local and domain policies (which are set through
Group Policy) that apply to IPSec to determine exactly how IPSec
should behave. The appropriate configuration information is then
delivered to the IPSec driver as a policy list.
The
Policy
Agent does little else, but does periodically check for changed IPSec
policy settings and delivers those to the IPSec driver as necessary.
So the core IPSec work is done by the driver, but the agent is
necessary to deliver the driver’s configuration
information.
The IPSec driver examines all data sent through the TCP/IP protocol stack and destined to be sent over the network. ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
