There are three default IPSec Policies:
- Secure Server (Requires IPSec) – Can be assigned to any 2000+ OS.
- Server (Requests IPSec).
- Client (Respond only).
There are three security methods available when using IPSec. They are (also shown in figure 2):
- AH - Authentication Header provides data integrity protection.
- ESP - Encapsulating Security Payload provides data integrity and encryption.
There are three IPSec Authentication Methods, they are (also shown in figure 3):
- Kerberos (Active Directory) – Most secure, use for computers in the same AD forest.
- Certificates – Secure, use for computers not in the same forest.
- Preshared key – plain text password stored on both computers, least secure.
- IPSec is a layer 3 protocol and can be used to secure TCP and UDP traffic. IPSec is often used for VPN connections.
- ISAKMP (Internet Security Association and Key Management Protocol) is a protocol for establishing Security Associations (SA) - Wikipedia.
- he Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection - Wikipedia.