Gservo
4th June 2003, 01:41 PM
Keeping Up with Win2K and NT ====
by Paula Sharick, paula@winnetmag.com
Many of us implement Network Address Translation (NAT) on firewalls and routers as the first line of defense in protecting internal systems. When NAT is active and a user connects to a system on the Internet, the firewall or router repackages the request so that the client system remains anonymous. In technical terms, the NAT device remembers the address of the system making the request and the destination address. The NAT device then replaces the original client address with its own address (or one of a range of preconfigured
addresses) and forwards the request to the destination machine. When the destination system responds, the NAT device determines which client should receive the response, reformats the packet so that it contains the client's real address, and sends the response to the client. By masking the addresses of all systems on your internal network and preventing direct connections between a local system and an unknown system on the Internet, NAT technology reduces the exposure and vulnerability of your internal systems.
The combination of Layer Two Tunneling Protocol (L2TP) and IP Security (IPSec) offers an even more secure method of communication. Unlike NAT, which simply reformats packets with a different source or destination address, L2TP connections are encrypted and ruled by an IPSec policy that requires the endpoints to authenticate each other with a shared password or certificate. Until recently, Microsoft platforms didn't support the use of L2TP connections in combination with NAT. To improve the interoperability of Windows XP and Windows 2000 systems with Windows Server 2003 systems, Microsoft recently released an update for XP and Win2K platforms that lets clients create secure IPSec connections to a Windows 2003 server when the clients are behind a firewall or router running NAT. In real-world terms, this functionality lets clients on your internal network create secure, encrypted connections to systems on the Internet, while remaining anonymous to any systems between the firewall and the destination machine. For more details about this new functionality, visit the following URL:
http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39166
by Paula Sharick, paula@winnetmag.com
Many of us implement Network Address Translation (NAT) on firewalls and routers as the first line of defense in protecting internal systems. When NAT is active and a user connects to a system on the Internet, the firewall or router repackages the request so that the client system remains anonymous. In technical terms, the NAT device remembers the address of the system making the request and the destination address. The NAT device then replaces the original client address with its own address (or one of a range of preconfigured
addresses) and forwards the request to the destination machine. When the destination system responds, the NAT device determines which client should receive the response, reformats the packet so that it contains the client's real address, and sends the response to the client. By masking the addresses of all systems on your internal network and preventing direct connections between a local system and an unknown system on the Internet, NAT technology reduces the exposure and vulnerability of your internal systems.
The combination of Layer Two Tunneling Protocol (L2TP) and IP Security (IPSec) offers an even more secure method of communication. Unlike NAT, which simply reformats packets with a different source or destination address, L2TP connections are encrypted and ruled by an IPSec policy that requires the endpoints to authenticate each other with a shared password or certificate. Until recently, Microsoft platforms didn't support the use of L2TP connections in combination with NAT. To improve the interoperability of Windows XP and Windows 2000 systems with Windows Server 2003 systems, Microsoft recently released an update for XP and Win2K platforms that lets clients create secure IPSec connections to a Windows 2003 server when the clients are behind a firewall or router running NAT. In real-world terms, this functionality lets clients on your internal network create secure, encrypted connections to systems on the Internet, while remaining anonymous to any systems between the firewall and the destination machine. For more details about this new functionality, visit the following URL:
http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39166