• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Difference between a secure IPSEC and a confidential AND secure IPSEC??

P

PeeluckyDuckee

Diamond Member
What does making it confidential actually mean?

Also, the text says that IPSEC policies can be implemented either thru the Active Directory or the registry? By registry? Umm, how exactly? Just go in and edit them on an individual basis?

Thx.
Plucky
 
never heard of a confidential IPSEC? IPSEC is just a security protocol. there are a few different ways of implementing it such as whether you encrypt the entire frame or just the payload.

What kind of gear are you inquiring about?
 
Sorry if I'm not getting thru correctly. But what I mean is like when you create a SA, in that process thru security policies, encryption choices, hashing options, you can make an internal-to-external either with the features of it having integrity, anti-replay, secured OR all of the previous + confidentiality.

Its something to do with choosing either AH or ESP that gives you the options to choose...

I believe it was AH that does not provide confidentiality and ESP that does.

Plucky
 
In the registry, you can set the IPSEC policies in the registry. But, I would recommend that you don't. There is the Local Security Policy MMC and the Domain Security Policy MMC that you can edit the policies for IPSEC and also for user rights. Also, in the TCP/IP Advanced settings.

Also, the different versions of IPSEC you are referring to are only available in Microsoft Windows 2000 and Active Directory applications. From what I have read, Microsoft's implementations of IPSEC are compatible with other vendors and the IETF standard. However, Microsoft just adds additional/different terminology for their implementation.

I also believe that what they mean by "confidential", they parse the computer name or username through a One-way hash alogorithm to produce a unique string of text that will represent the user/computer. This is similar to that of Kerberos v5.

Here is some additional documents on IPSEC from Microsoft's Technet.

IPSEC Architecture.
IP Security
IP Security for MS Windows 2000 Server
IP Security for Local Communication Systems
Step-by-Step Guide to Internet Protocol Security (IPSec)

If you have any additional questions, you can PM/IM/email me.

Word up spidey07!
 
yo man, where you been?

duckee - ESP guarantees confidentialty. I forgot that was one of the features. I haven't seen AH used in a long time. ALL ipsec i touch is ESP.

cheers!
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top