Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

IPSEC Practice

Posted on 2004-08-15
2
Medium Priority
?
389 Views
Last Modified: 2012-05-05
Would it be good practice in a Network, where there are 7 servers (Win 2000 and Win 2003), connected by a GB Switch, to use IPSEC on the traffic between the Servers?
If not, what are any suggestions on when to use IPSEC.
Any related Websites would be helpful.

Thanks in advance... Michael
0
Comment
Question by:Linux_Hawk
2 Comments
 

Expert Comment

by:yasuo
ID: 11806817
I would recommend researching this topic in depth as there is quite a bit to the design and proper setup of an IPSEC network.

That said, I find this article good for in-general topics on "is it needed" security:
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx

Also, here is an additional white-paper on the design and use of IPSEC in the corporation on Microsoft:
http://www.microsoft.com/downloads/details.aspx?FamilyID=a774012a-ac25-4a1d-8851-b7a09e3f1dc9&displaylang=en



To comment however...it is always good practice to excercise as much security as convenient and comfortable. I.E: it would not be good to enable IPSEC on your servers etc. without evaluating the overall impact to your business practices and ease of operation. If it requires a serious adaptation and engagement to your administrative/management or userbase then it could be a disadvantage. Additionally, it also depends on the endpoints you are using for security, if you mean client-server IPSEC security this can be a daunting task, especially for a new user/employee or otherwise trying to connect a computer to the network or server for the first time. It can also mean an administrative nightmare in troubleshooting.

Again you also must take into account that all traffic encrypted is not capable of being reviewed by an Intrusion Detection System between the client-server later on as well. Server-Server traffic can be a good thing, and in practice I personally try to secure and encrypt as much as I can comfortably accomodate. There are however specific areas where flexibility is not an option (such as VPN tunnels, specific traffic networks and/or private servers) in which case full security is afforded.

Bottom line is, what level of exposure to traffic does your servers have, do they require utmost security given the data  store on them? Seeing as you are on a switch, sniffing is difficult without performing a man-in-the-middle operation. Aside from that, if you are a company that needs to ensure a high-degree of security amongst their servers then it might necessarily be a positive and necessary effort. I would in any event ensure that I fully understood my final implementation and had tested it within a private lab/sandbox if possible before attempting such a task.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 1000 total points
ID: 11809084
IPSEC is a standards-based encryption method designed for securing traffic over a public medium.  As your network isn't public, it doesn't need IPSEC.
Why do you think you need to do this ?
On a LAN level, IPSEC is too resource and bandwidth intensive to use, bearing in mind there is a lot of overhead in error checking, strong encryption and multi-vendor support necessary for traversing across the Internet.
I would recommend a hardware / L2 encryption device as an alternative - eg X-Cryptor, http://www.bemac.com/ISec/section2.asp?S2ID=14.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question