Terminal Services  «Prev  Next»

Lesson 5 Internet Protocol Security (IPSec)
Objective Define the basic capabilities of IPSec

Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec) is a framework of network protocols, hashing, and encryption algorithms used for ensuring secure private communications over IP networks by using cryptographic security services. IPSec provides aggressive protection against private network and Internet attacks and is also easy to use. It allows for authentication, integrity, and confidentiality of network communications via the variety of security protocols and algorithms that it employs.


You can use IPSec policies to configure IPSec security services. IPSec policies provide variable levels of protection for most types of network traffic. Your network security administrator can configure IPSec policies to meet the security requirements of a user, group, application, domain, site, or global enterprise. The IPSec security protocol is actually implemented at the transport layer of the DoD networking model. Because IPSec is integrated with the TCP/IP protocol stack, its functions are completely transparent to users and applications. This means that users can utilize IPSec without any configuration efforts of their own. In addition, applications do not have to be specifically written to support IPSec. This is in contrast to another popular data encryption protocol used on internetwork, the Secure Socket Layer (SSL).

IP Security Policy Management

Windows 2000 provides an administrative interface, IP Security Policy Management, to create and manage IPSec policies (centrally at the Group Policy level for domain members, or locally on a non-domain computer). IP Security Policy Management is a snap-in that you can add to Microsoft Management Console (MMC). Note: For more information about the security architecture of the IP protocol, see RFC 1825. You will learn much more about using IPSec in the upcoming module entitled "Securing Windows 2000 and implementing IPSec." Next, you will examine the L2TP and PPTP protocols.

Question: Which type of protocol allows for the extension of authentication modules for new technologies, such as smart cards?
Answer: EAP--Extensible Authentication Protocol