Enabling the Intelligent Network Services in the Presence of the End-to-end Security Model of Windows XP/2000’s IPSec Protocols using Two Layer Protection Model

M.M. Shahsavari and N.Z. Almeshary (USA)


Internet and Software Control, Protection, and Security, Windows XP/2000, Intelligent Network Services, End-to-End Security Model


Insider's attacks have become major threats to corporate LANs as data is not protected when it travels across the network, so employees or visitors may connect sniffing devices and copy data for later analysis. Consequently, there is a high demand to adopt an end-to-end security model to ensure secure communications between any two machines within an enterprise. Microsoft Windows XP/2000 OSes, as one of the major driving force in building LANs, have adopted this model which is based on IPSec standard to ensure secure communications between any two Windows XP/2000 machines. Unfortunately, this security model disables a wide range of Intelligent Network Services (INS Services) that are inevitable for operating corporate LANs such as firewalls, IDS, Network Monitoring tools, NAT and Traffic classifications. This paper investigates this critical issue and provides classification of INS Services access requirements as well as a flexible and efficient solution that allows the transport mode of Windows XP/2000's IPSec protocols to co-exist with the INS Services.

Important Links:

Go Back