Network and Edge Protection

Applies To: Windows Server 2008

Network and edge protection technologies can be used to protect your organization's network from external threats and vulnerabilities. In addition, they can be used to manage and control internal network traffic to a destination that is external to your network. There are six fundamental elements in regard to network and edge protection to consider when designing your infrastructure. Windows Server 2008 uses Internet Protocol security (IPsec), Network Access Protection (NAP), and wireless technologies to accomplish security zoning.

Security Zoning

Security zoning enables companies to protect network resources based on the level of security they require. For example, core network services and applications may be within a security zone and protected from the general user population.

• Microsoft Windows IPsec TechCenter

  Overview, deployment, and troubleshooting resources for Windows IPsec.

• Network Access Protection TechCenter

  Resources for protecting computers on your network.

• Wired Networking with 802.1x Authentication

  The IEEE 802.1X standard for wired networks provides authentication and authorization protection at the network edge where a host attaches to the network.

• Securing Wireless LANs with Certificate Services

  How to use Certificate Services to protect your wireless network.

• Securing Wireless LANs with PEAP and Passwords (Windows Server 2003)

  Guidance for small to medium-size businesses through the complete life cycle of planning, deploying, testing, and managing a wireless security solution.

Network Firewalling and Web Proxies

Network firewalls and Web proxies enable organizations to control access to resources contained on both the corporate network and the Internet. A network firewall and Web proxy should not only protect, but also log and report all connections made through the firewall and Web proxy.

• Internet Security and Acceleration (ISA) Server 2006 Technical Library

  Technical information for using Microsoft Internet Security and Acceleration (ISA) Server within your network.

SSL VPNs

Secure Sockets Layer (SSL) virtual private networks (VPNs) enable secure global access to both Web and non-Web applications and corporate information resources over the Internet. Built-in comprehensive policy enforcement helps drive compliance with legal and business guidelines for handling sensitive data. Endpoint security management enables access control, authorization, and content inspection for line-of-business applications.

• Intelligent Application Gateway (IAG) 2007 TechCenter

  IAG 2007 is part of the Microsoft Forefront edge security solution, and is a comprehensive remote access gateway that provides SSL-based application access and protection with endpoint security management. The IAG 2007 TechCenter provides technical documentation and webcasts to help you administer and deploy IAG 2007 in your organization.

• TechNet Webcast: What's New with ISA and IAG and a Road Map for the Future of Edge Security (Level 300)

  This webcast describes the new features of the ISA 2006 Supportability Pack and IAG 2007 Service Pack 1 and discusses plans for the future of ISA and IAG.

Intrusion Detection and Prevention

Intrusion detection and protection mechanisms enable network security administrators to be alerted to active threats and mitigate them in real time. Additional features such as worm and flood protection can detect prevalent intrusions and block them.

• Microsoft Forefront Security Technologies home page

  Information about how Microsoft Forefront works on multiple levels to help protect your enterprise and integrates the capabilities of other security products and features.

• Microsoft Forefront Client Security Technical Library

  Resources for using Forefront Client Security to provide unified protection against malicious software for business desktops, laptops, and server operating systems.

• Microsoft Forefront Server Security Technical Library

  Resources for using Microsoft Forefront to help achieve greater efficiency and control over the network security.

Network Level VPN

Network level VPN enables remote computers to connect to the corporate network and access resources in a manner similar to a workstation directly connected to the network.

• Microsoft VPN Service

  Learn about the extensive support for virtual private network (VPN) technologies in Windows Server 2003 and Windows Server 2008.

• Implementing Quarantine Services with Microsoft Virtual Private Networks (Windows Server 2003)

  Planning guide to help organizations use VPN quarantine services when providing employees the ability to connect to corporate networks from remote locations such as homes, branch offices, hotels, Internet cafes, or customers' premises.

IPsec Domain Isolation

IPsec is a standard Internet protocol that allows administrators to isolate and protect servers and network domains with peer-level authentication and encryption. It provides a powerful mechanism for network segmentation and client quarantine without the need for new hardware.

• IPsec Server and Domain Isolation

  Provides information about server and domain isolation solutions, including overviews, case studies, and deployment resources.