Thursday, October 19, 2006

Got a sec for IPSec?

I've been doing a lot of thinking about IPSec recently. It's one of those "features" built into Windows servers that many people don't know much about and what they do know generally falls into the bucket of "it's hard".

Has anyone out there been thinking about using IPSec? Or, maybe you are using IPSec? If so, I'd like to understand what for. Is it for server isolation? Is it for domain isolation? Is it for Active Directory domain controller isolation? If you are using it are you also using it for data integrity? In other words, are you using it to encrypt your network traffic?

Microsoft has a lot of good documents and information about IPSec that can be found here and here. Microsoft characterizes the benefits of IPSec as follows:
  • Additional security. A logical isolation defense layer provides additional security for all managed computers on the network.
  • Tighter control of who can access specific information. By using this solution, computers do not automatically gain access to all network resources simply by connecting to the network.
  • Lower cost. This solution is typically far less expensive to implement than a physical isolation solution.
  • An increase in the number of managed computers. If an organization's information is available only to managed computers, all devices will have to become managed systems to provide access to their users.
  • Improved levels of protection against malware attacks. The isolation solution significantly restricts the ability of an untrusted computer to access trusted resources. For this reason, a malware attack from an untrusted computer will fail because the connection will not be allowed, even if the attacker obtains a valid user name and password.
  • A mechanism to encrypt network data. Logical isolation makes it possible to require encryption of all network traffic among selected computers.
  • Rapid emergency isolation. This solution provides a mechanism to quickly and efficiently isolate specific resources inside your network in the event of an attack.
  • Improved auditing. This solution provides a way to log and audit network access by managed resources.

Sounds great, right? If so, how come more people aren't using it? Let me know what you think.



Technorati Tags:
, , ,

No comments: