Get a glimpse inside Roberta Bragg's book "Hardening Windows Systems" with this series of book excerpts. Below is an excerpt from Chapter 11, "Harden Communications." Click for the complete book excerpt series or purchase the book.
Communications between computers on the LAN can be secured using either SMB message signing or IPSec. While IPSec is a more secure protocol, it is not as easily implemented, nor available for all versions of Windows. SMB message signing can be configured for Windows NT 4.0 (post service pack 3) as well as Windows XP, Windows Server 2003, and Windows 2000. Windows 95/98 computers running the Directory Services client can also be configured to do SMB message signing. Windows 9x, Windows ME, and Windows NT 4.0 cannot use IPSec in transport mode.
NOTE An update for Windows 9x, Windows ME, and Windows NT 4.0 allows these OSs to participate in L2TP/IPSec VPNs. This is different, however, than IPSec in transport mode.
Protect LAN Communications excerpts from Chapter 11 of 'Hardening Windows Systems'
- 1. Use SMB Signing and Session Security for NTLM
2. Use IPSec Policies
3. Use IPSec to Manage Connections
To download the complete 'Harden Communications' chapter, click for the .pdf.
Click here to return to the SearchWindowsSecurity.com Book Excerpts Library.
This was first published in March 2005