IPSec only "interesting traffic" between 2 Win2003 servers with a PSK

[Bob151]

I'm sure there are dozens of people here that know how to do this.

I'm a data communications guy, not a windows guy. I don't configure or manage windows servers. I have done this on Cisco gear, but I do not know if it is even possible on windows, but I once heard it was.

The organization I work for purchased as "enterprise" application. This "enterprise" application uses clear text ftp to transfer large quantities of data containing sensitive information between just two Win2003 servers. I've been told that the conversation between the server and all the clients is SSL, but these two servers speak to each other in the clear. For some unknown reason, that is the way the application developer designed it. None of this is internet facing, published on the Internet, or traverses the Internet, it is only internal. Still, my organization is concerned that their "enterprise" application has some conversations in the clear.

I've heard that Win2003 can perform encryption. I don't know if that is limited to SMB, SSL/HTTPS or what. Can we design something that encrypts prior to transmission only FTP control and FTP data conversations between two hosts? Data not matching such criteria would be unencrypted as usual. Can you provide links?

Thanks

 

[RebateMonger]

Microsoft: IPSEC FAQ

But I don't think you can control it "per-protocol". You can control it by source IP address or by whether the two computers are set to "request" or to "demand" encryption before they'll talk.

You can get NICs that "offload" the encryption work to reduce the computer CPU load in encrypting the data.

 

[Bob151]

Thanks, that appears to be a quite inclusive document of everything that one can do. However, if it seems to lengthy for my organization to read, they may not persue this. My organization does not analyze products/designs before they decide to implement and we are stuck in a bad position. This data need to be encrypted, and somehow my organaization's tech team/management arrived at the idea that using an ACL on the network hardware is the same as encrpting it. Don't ask me to explain, I just can't.

I must not know how to search on Microsoft's site or may not be using the right keywords in a search. I find a lot of Windows CE stuff for some reason unknown to me.

Do you know of a few sample point-and-click examples that describe encrypting traffic between two Windows 2003 servers?

 

[Bob151]

Bump.

 

[seepy83]

You might want to look for IPSEC topics in Microsoft's free Virtual Labs to get your feet wet with it. http://technet.microsoft.com/en-us/bb539981.aspx

 

[imported_snikt]

Originally posted by: Bob151
Do you know of a few sample point-and-click examples that describe encrypting traffic between two Windows 2003 servers?

I don't know if this is what you're looking for but here it is.

IPSec basic presentation