Windows 2003 Server

Essay by yasser.aliyan April 2010

download word file, 2 pages 0.0

{DATE\\@ "03/09/2006"}

Student's Name: Yasser Aliyan

Assignment Type: Individual Project

Unit: 5

Course: ITN 420-0601B-01

Prof: Dr. Ike Okonkwo

Cover Page

Windows 2003 Server

IPSecc Protocol, and

Group of Policy

Yasser Aliyan

Individual Project; Unit: 5

Course: ITN 420-0601B-01

Prof: Dr. Ike Okonkwo

Difficulties and Problems:

The difficulty is that, depending on how each system connected is configured, communications with non-IPSec clients will not be encrypted.

IPSec support for IPv4 was added after the fact, whereas it is an inherent part of IPv6. However, Microsoft's Help files state that the implementation of IPSec that comes with Server 2003 IPv6 is not recommended for production use. This is because it uses static keying and does not provide for updating of keys when sequence numbers are reused, and thus does not provide the level of security necessary for mission-critical communications. Here's another problem: the IPSec implementation that comes with Server 2003's IPv6 doesn't support ESP data encryption, which means it fails to provide for data confidentiality (you can use ESP with null encryption, but it only provides authentication and integrity, not data confidentiality).

Further, Internet Key Exchange (IKE) is not supported for negotiating security associations. In other words, the IPSec aspect of IPv6 in Server 2003 is not ready for prime time.

IPSec policies are configured and stored as part of local and Active Directory group policies (although Windows Server 2003 also provides an option to use a persistent store for the location of locally assigned IPSec policy, independent of group policies. (This is accomplished with the NETSH command line utility, as described later in this article.) In either case, there are three pre-configured IPSec policies.

Client (respond only),

Server (request security), and

Secure Server (require security),

listed in the order of increasing security level. Creation of new...