Re: IPSEC

From: Steve Clark [MSFT] (bogus_at_microsoft.com)
Date: 02/24/05

Next message: Steven L Umbach: "Re: EFS Recovery Agent"
Previous message: Mark Gamache: "Re: 2003 PKI Design Question"
In reply to: Mark Gamache: "Re: IPSEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Feb 2005 14:13:30 -0800

By anyday's standards, it isn't a firewall.

Use IPsec transport mode to protect all traffic, use IPsec filters to
control inbound and outbound communications on specific ports, and use
Windows Firewall to provide stateful decisions combined with the above...

"Mark Gamache" <mark.gamache@css-security.com.nospam> wrote in message
news:%23DlGbRqGFHA.1740@TK2MSFTNGP09.phx.gbl...
> You can use it as a stateless inbound packet filter. It really can't help
> with outbound traffic. By today's standards, its not a firewall...
>
> --
> Mark Gamache
> Certified Security Solutions
> http://www.css-security.com
>
>
>
> "Athan" <athan_P@hotmail.com> wrote in message
> news:cvl8ad$h2m$1@usenet.otenet.gr...
>> Hello
>>
>> Can I use IPSEC as a Firewall in Windows Server ?
>>
>> Thank you
>>
>> Athan
>>
>>
>
>

Next message: Steven L Umbach: "Re: EFS Recovery Agent"
Previous message: Mark Gamache: "Re: 2003 PKI Design Question"
In reply to: Mark Gamache: "Re: IPSEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Win2K Security & Firewall - long post
... IPSec, and more so some reasons why it might be a bad idea for MS to ... realize that tailoring an IPSec policy for a specific home user, ... disabled their personal firewall. ... Won't work if the malware uses a "legitimate" means of disabling ...
(comp.security.firewalls)
Re: Isolate systems
... some sort of port/protocol/Ip/mac"filtering" via switches, ipsec filtering, ... firewall yourself from outside the network, even if you use a self scan site ... If legitimate users are trying to attack your computers you may have to see ...
(microsoft.public.win2000.security)
Re: Win2K Security & Firewall - long post
... coupled with the fact that most Win2K users are not home users. ... > the regard of disabling insecure functionality within specific ... > of whether or not IPSec is a good thing or not it is just one of those ... > disabled their personal firewall. ...
(comp.security.firewalls)
Re: VPN not working when client behind another firewall
... The latest is that we have tested the ports and GRE ... >place a hardwarebased firewall router out in front of SBS ... This area is NAT-T over IPSec across ... >server to work when behind a NAT. ...
(microsoft.public.windows.server.sbs)
Re: VPN not working when client behind another firewall
... [from SBS 2003 Best Practices] ... place a hardwarebased firewall router out in front of SBS 2003 and want ... This area is NAT-T over IPSec across the firewall. ... client and the remote access server must be IPSec NAT-T-capable. ...
(microsoft.public.windows.server.sbs)