|
Posted by Steve Riley [MSFT] on October 30, 2008, 5:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The domain isolation principle is uses IPsec with Kerberos authentication.
Servers receive policies that require inbound communications to be protected
with IPsec; clients receive policies instructing them to use IPsec when
communicating to severs within whatever address range you define.
http://technet.microsoft.com/en-us/network/bb545651.aspx has links to
various resources.
--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
Protect Your Windows Network: http://www.amazon.com/dp/0321336437
> Hi all,
>
> I have a question regarding implementing domain isolation with IPsec
> support from Windows 2003 (or higher.)
>
> From the examples online, you only need to join a few machines into
> the domain and they are magically protected from outsider attacks and
> eavesdropping. I am wondering how exactly this should be configured,
> especially using a group policy distributed from the domain
> controller.
>
> How should I write this policy in the domain controller? The most
> naive way is to list all the IP addresses of all the domain members in
> a filter list, and apply "secure" action to this filter. My questions
> is, what if a new computer joins the domain or someone left? Do I,
> presumably the domain admin, need to reconfigure the filter list every
> time?
>
> Is there a better way of doing this? Or, can some one show me the
> correct way of doing it?
> Thanks a lot!
>
> -Simon
| 
XML site map