How to Use IPSec to Protect My Network
A:
IPSec Terminology
Before following the guidance steps below, make sure you understand the meaning of the following terms:
**Authentication**: The process of verifying whether the identity of a computer is legitimate. Windows 2000 IPSec supports three types of authentication: Kerberos, certificates, and pre-shared keys. Kerberos authentication is only valid when both endpoints (computers) are located in the same Windows 2000 domain. This type of authentication is the preferred method. If the computers are in different domains or at least one computer is not in a domain, certificates or pre-shared keys must be used. Certificates are valid only when each endpoint contains a certificate signed by a certification authority trusted by the other endpoint. Pre-shared keys have the same issues as passwords. They cannot remain confidential over long periods of time. If the endpoints are not in the same domain and certificates are unavailable, pre-shared keys are the only authentication option.
**Encryption**: The process of making data prepared for transmission between two endpoints difficult to recognize. By using well-tested algorithms, each endpoint creates and exchanges keys. This process ensures that only these endpoints know the keys, and if any key exchange sequence is intercepted, the interceptor will not gain any valuable information.
**Filter**: A description of Internet Protocol (IP) addresses and protocols that can trigger the establishment of an IPSec security association.
**Filter Action**: Security requirements that can be enabled when communication matches a filter in the filter list.
**Filter List**: A collection of filters.