One way that you can secure communications between two computers is through IPSec (Internet Protocol Security). With IPSec, the data sent across the network between two computers is encrypted. Sounds simple enough but the process is actually quite complex.

Microsoft’s IPSec is policy-based. IPSec policies consist of rules that specify:

• Types of IP traffic to be examined by IPSec (the filter list).
• How IP traffic is to be treated, that is, whether specific types of traffic are to be permitted,
• blocked, or secured (the filter action).
• What authentication method(s) should be used.
• Whether the traffic is to be tunneled (and the IP address of the endpoint of the tunnel, if it is).
• The type of connection (dialup and/or LAN).

As with previous versions of Windows, Vista includes three predefined IPSec policies.

• Client (Respond Only)
• Secure Server (Require Security)
• Server (Request Security)

Usually, one of the predefined policies will meet your needs, but you can edit one of the policies to customize it if you like. To do so, click Start, type secpol.msc in the Search field, and press Enter. Click IP Security Policies on Local Computer. In the right console pane, double-click the policy you want to edit. The properties window will display two tabs: General and Rules.

To edit the key exchange settings by click the Advanced button on the General tab. This will display the Key Exchange Settings dialog box. Here you can select to use PFS for the master key, change the interval at which new keys are authenticated and generated (in minutes or after a specified number of sessions), and select the security methods (DES or 3DES encryption algorithm, SHA1 or MD5 hashing algorithm for integrity, and Diffie-Hellman group 1 or 2).

Using the Rules tab, you can add or edit IPSec rules. Creating an IPSec security rule is relatively straightforward since a wizard walks you through the entire process. We will look more closely at this process in Part II of this article.

• KeyNote policy files and conversion to disjunctive normal form for use in IPsec
• XML Based Adaptive IPSEC Policy Management in a Trust Management Context