Solved

IPSEC Practice

Posted on 2004-08-15
2
376 Views
Last Modified: 2012-05-05
Would it be good practice in a Network, where there are 7 servers (Win 2000 and Win 2003), connected by a GB Switch, to use IPSEC on the traffic between the Servers?
If not, what are any suggestions on when to use IPSEC.
Any related Websites would be helpful.

Thanks in advance... Michael
0
Comment
Question by:Linux_Hawk
2 Comments
 

Expert Comment

by:yasuo
ID: 11806817
I would recommend researching this topic in depth as there is quite a bit to the design and proper setup of an IPSEC network.

That said, I find this article good for in-general topics on "is it needed" security:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Also, here is an additional white-paper on the design and use of IPSEC in the corporation on Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=a774012a-ac25-4a1d-8851-b7a09e3f1dc9&displaylang=en



To comment however...it is always good practice to excercise as much security as convenient and comfortable. I.E: it would not be good to enable IPSEC on your servers etc. without evaluating the overall impact to your business practices and ease of operation. If it requires a serious adaptation and engagement to your administrative/management or userbase then it could be a disadvantage. Additionally, it also depends on the endpoints you are using for security, if you mean client-server IPSEC security this can be a daunting task, especially for a new user/employee or otherwise trying to connect a computer to the network or server for the first time. It can also mean an administrative nightmare in troubleshooting.

Again you also must take into account that all traffic encrypted is not capable of being reviewed by an Intrusion Detection System between the client-server later on as well. Server-Server traffic can be a good thing, and in practice I personally try to secure and encrypt as much as I can comfortably accomodate. There are however specific areas where flexibility is not an option (such as VPN tunnels, specific traffic networks and/or private servers) in which case full security is afforded.

Bottom line is, what level of exposure to traffic does your servers have, do they require utmost security given the data  store on them? Seeing as you are on a switch, sniffing is difficult without performing a man-in-the-middle operation. Aside from that, if you are a company that needs to ensure a high-degree of security amongst their servers then it might necessarily be a positive and necessary effort. I would in any event ensure that I fully understood my final implementation and had tested it within a private lab/sandbox if possible before attempting such a task.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 250 total points
ID: 11809084
IPSEC is a standards-based encryption method designed for securing traffic over a public medium.  As your network isn't public, it doesn't need IPSEC.
Why do you think you need to do this ?
On a LAN level, IPSEC is too resource and bandwidth intensive to use, bearing in mind there is a lot of overhead in error checking, strong encryption and multi-vendor support necessary for traversing across the Internet.
I would recommend a hardware / L2 encryption device as an alternative - eg X-Cryptor, http://www.bemac.com/ISec/section2.asp?S2ID=14.
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Suggested Solutions

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now