Internet.com ISP-Planet
Search ISP-Planet


Search internet.com
internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet.commerce
Partner With Us














ISP Technology


Virtual Private Networks

Windows 2000's VPN-Related Security Issues

The new OS from Redmond has lots of new security features, but — surprise! — there are significant compatibility issues with existing security gateways. We scrutinize the technology and offer a list of pitfalls to watch out for.

 

Lisa Phifer
VP Core Competence, Inc.

The February release of Microsoft's long-awaited Windows 2000 occurred amid much self-congratulatory fanfare. But now that the launch party is over, what next?

While corporate America ponders when and how to roll out Windows 2000, ISPs specializing in residential dial-up can largely breathe a sigh of relief — for now. The newly released Windows 2000 Professional and Server are enterprise-market NT replacements. Microsoft won't be releasing its a consumer/Windows 98 replacement, Windows Millenium Edition (ME) until later this year.

But what about ISPs who offer business services that reach the enterprise desktop — specifically, those who offer remote access VPN services? What kind of impact can these ISPs expect from Windows 2000? What's New In Windows 2000 Security? Windows 2000 Professional and Server, once deployed, will offer many new security features and improvements. Why the caveat "once deployed"?

Although Microsoft estimates that more then one million copies of Windows 2000 were shipped in its first month, corporations won't roll out Windows 2000 in one ubiquitous fell swoop. Expect enterprise rollout to take time, particularly for road warrior laptops that were never strongly populated by NT in the first place.

Overview
Here's a 30,000-foot view of the new and improved security features incorporated into Windows 2000:

  • Active Directory: distributed infrastructure for centralized user and group policy management
  • Connection Manager Administration: dial-up profile configuration, integrated with single sign-on
  • Kerberos User Authentication: grants tickets to authenticated users and streamlines domain login
  • Certificate Server: built-in support for public key infrastructure (PKI) based on digital certificates
  • Authenticode: file-signing service that enables detection of unauthorized content modification
  • Encrypting file system: transparently scrambles files and folders for privacy under NTFS
  • IPsec support: IP packet authentication, integrity, and data privacy for virtual private networks

This list is just the tip of the iceberg. For further information about general Windows 2000 security services, visit Microsoft's own security services notes. Here, we'll focus on the last item: embedded support for IP security (IPsec).

Windows 2000 IPsec Support
Embedded operating system support for tunneling protocols promises to greatly simplify VPN deployment. Witness PPTP today: This oft-maligned tunneling protocol has seen widespread use purely because it's been included with Windows 9x Dial-Up Networking and NT RRAS. This means no VPN client software to install or update on the desktop and minimal or no end-user configuration. ISPs and enterprises alike can benefit from integration of stronger VPN protocols like IPsec and IKE within operating systems such as Solaris, OpenBSD, and Windows 2000.

But there's a snag. In the end, Microsoft chose to ship Windows 2000 with a suite of VPN tunneling protocols: PPTP, the layer 2 tunneling protocol L2TP, and IPsec. But remote access IPsec has been confined to L2TP encrypted with IPsec (L2TP/IPsec).

Why didn't Microsoft provide native (non-L2TP) support for IPsec remote access? The answer can be found in the combined limitations of L2TP and IPsec. L2TP, a hybrid evolving from PPTP and Cisco's L2F, provides dial-up user authentication and IP address assignment for PPP sessions. But L2TP doesn't offer data privacy — it lacks encryption. On the other hand, IPsec standards offer strong encryption — but do not address legacy (non-certificate-based) user authentication or tunnel endpoint address assignment.

IETF work is underway to enhance IPsec remote access support, and many vendors have deployed products that employ proprietary or draft measures like XAUTH (Extended Authentication) and DHCP-based tunnel configuration to meet these needs.

goto page 2: Issues to Watch Out For

 

ISP News
IDC: Microsoft's Yahoo Deal Could be a Big Hit
Ballmer Fills in 'Software-Plus-Services' Plan
Report: Enterprise Search Will Top $1 Billion by 2010

More >


ISP Glossary
Find an ISP Term

Newsletters!
ISP-Planet Weekly


Best of ISP-Planet

 

Feedback


Advertising inquiry? Click here!

ISP-Planet's RSS feed



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Solutions
Whitepapers and eBooks
Intel PDF: Virtualization Delivers Data Center Efficiency
Intel eBook: Managing the Evolving Data Center
Microsoft Article: BitLocker Brings Encryption to Windows Server 2008
Symantec eBook: The Guide to E-Mail Archiving and Management
Microsoft Article: RODCs Transform Branch Office Security
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
Avaya Article: Advancing the State of the Art in Customer Service
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Avaya Article: Avaya AE Services Provide Rapid Telephony Integration with Facebook
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Intel Seminar: Efficiencies in Hardware/Software Virtualization
HP Webcast: Disaster Recovery Planning
Go Parallel Video: Performance and Threading Tools for Game Developers
HP Video: StorageWorks EVA4400 and Oracle
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
IBM TCO eKIT: Your IT Budget is Under Attack, Get in Control
IBM Energy Efficiency eKIT: Learn How to Reduce Costs
30-Day Trial: SPAMfighter Exchange Module
Red Gate Download: SQL Toolbelt and free High-Performance SQL Code eBook
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
Microsoft Article: Silverlight Streaming--Free Video Hosting for All
Featured Algorithm: Intel Threading Building Blocks - parallel_reduce
HP Demo: StorageWorks EVA4400
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES