Internet Protocol security (IPSec) is a
framework of open standards for helping to
ensure private, secure communications over
Internet Protocol (IP) networks through the use
of cryptographic security services. IPSec
supports network-level data integrity, data
confidentiality, data origin authentication and
replay protection. Because IPSec is integrated
at the Internet layer (layer 3), it provides
security for almost all protocols in the TCP/IP
suite and because IPSec is applied transparently
to applications, there is no need to configure
separate security for each application that uses
TCP/IP. IPSec helps provide defense-in-depth
against:
- Network-based attacks from untrusted
computers, attacks that can result in the
denial-of-service of applications, services, or
the network
- Data corruption
- Data theft
- User-credential theft
You can use
IPSec to defend against network-based attacks
through a combination of host-based IPSec packet
filtering and the enforcement of trusted
communications. IPSec is integrated with the
Windows Server 2003 operating system and it can
use the Active Directory directory service as a
trust model. You can use Group Policy to
configure Active Directory domains, sites and
organizational units (OUs) and then assign IPSec
policies as required to Group Policy objects
(GPOs). In this way, IPSec policies can be
implemented to meet the security requirements of
many different types of organizations.
|