Implementing IPSec for Data Transfers between XP Clients and Unix Servers
Windows Powered NAS appliances can also use the IPSec integrated in Windows XP to provide enhanced protection of network data flowing across enterprise networks.
IPSec is a network protocol that was designed by the Internet Engineering Task Force (IETF) to provide IP packets with data authentication, integrity, confidentiality, and replay protection. IPSec is implemented at the IP Transport Layer, which enables a high level of protection for applications, services, and upper layer protocols such as TCP and UDP.
IPSec negotiations between the source and destination systems require mutual authentication before the exchange of secured data. Windows IPSec provides multiple methods of authentication to ensure compatibility with legacy systems, non-Windows-based systems, and remote computers.
In order to ensure that for eg. Company XYZ data remains encrypted during data transfers between client notebooks and Windows Powered NAS appliances, IPSec can be implemented in the Active Directory environment. The flexibility of IPSec can be utilized to assign different polices and levels of security for different computers and users. In addition, computers can be configured to accept or transmit data only if an IPSec secure channel can be established.
The amount of configuration required to enable IPSec will be minimized by using the default Windows IPSec authentication method: Kerberos v5. This is also the standard authentication protocol used between Windows 2000 systems that are members of an Active Directory domain. Company XYZ selected Kerberos authentication and domain trusts to simplify the management of IPSec configuration. If required in the future, certificates or pre-shared keys can be used for non-trusted domains or third-party interoperability.
To enforce the use of IPSec for all network communications between the company-owned notebooks and the Windows Powered NAS appliance without applying it to all other computers in the Active Directory domain, Company XYZ creates an organizational unit (OU) named Financial Systems that contains two child OUs: NAS and Notebooks. The NAS OU contains all appropriate Windows Powered NAS appliance computer objects. The Notebooks OU contains all appropriate notebook computer objects.
A Group Policy is created and linked to the NAS OU that sets configuration parameters for IPSec policy to require security. This will require that all IP traffic between the Windows Powered NAS appliances and clients use IPSec to encrypt network data transfers and will not allow any unsecured communication with non-trusted clients.
A second Group Policy is created and linked to the Notebooks OU that sets configuration parameters for IPSec policy to request security. This will allow computers in the Notebook OU to communicate normally with all other servers, but to use IPSec for network data transfers to the Windows Powered NAS appliances.
Hope this info may helo u !