Network and Edge Protection
Applies To: Windows Server 2008
Network and edge protection technologies can be used to protect your organization's network from external threats and vulnerabilities. In addition, they can be used to manage and control internal network traffic to a destination that is external to your network. There are six fundamental elements in regard to network and edge protection to consider when designing your infrastructure. Windows Server 2008 uses Internet Protocol security (IPsec), Network Access Protection (NAP), and wireless technologies to accomplish security zoning.
Security zoning enables companies to protect network resources based on the level of security they require. For example, core network services and applications may be within a security zone and protected from the general user population.
Overview, deployment, and troubleshooting resources for Windows IPsec.
Resources for protecting computers on your network.
The IEEE 802.1X standard for wired networks provides authentication and authorization protection at the network edge where a host attaches to the network.
How to use Certificate Services to protect your wireless network.
Guidance for small to medium-size businesses through the complete life cycle of planning, deploying, testing, and managing a wireless security solution.
Network Firewalling and Web Proxies
Network firewalls and Web proxies enable organizations to control access to resources contained on both the corporate network and the Internet. A network firewall and Web proxy should not only protect, but also log and report all connections made through the firewall and Web proxy.
Technical information for using Microsoft Internet Security and Acceleration (ISA) Server within your network.
Secure Sockets Layer (SSL) virtual private networks (VPNs) enable secure global access to both Web and non-Web applications and corporate information resources over the Internet. Built-in comprehensive policy enforcement helps drive compliance with legal and business guidelines for handling sensitive data. Endpoint security management enables access control, authorization, and content inspection for line-of-business applications.
IAG 2007 is part of the Microsoft Forefront edge security solution, and is a comprehensive remote access gateway that provides SSL-based application access and protection with endpoint security management. The IAG 2007 TechCenter provides technical documentation and webcasts to help you administer and deploy IAG 2007 in your organization.
This webcast describes the new features of the ISA 2006 Supportability Pack and IAG 2007 Service Pack 1 and discusses plans for the future of ISA and IAG.
Intrusion Detection and Prevention
Intrusion detection and protection mechanisms enable network security administrators to be alerted to active threats and mitigate them in real time. Additional features such as worm and flood protection can detect prevalent intrusions and block them.
Information about how Microsoft Forefront works on multiple levels to help protect your enterprise and integrates the capabilities of other security products and features.
Resources for using Forefront Client Security to provide unified protection against malicious software for business desktops, laptops, and server operating systems.
Resources for using Microsoft Forefront to help achieve greater efficiency and control over the network security.
Network Level VPN
Network level VPN enables remote computers to connect to the corporate network and access resources in a manner similar to a workstation directly connected to the network.
Learn about the extensive support for virtual private network (VPN) technologies in Windows Server 2003 and Windows Server 2008.
Planning guide to help organizations use VPN quarantine services when providing employees the ability to connect to corporate networks from remote locations such as homes, branch offices, hotels, Internet cafes, or customers' premises.
IPsec Domain Isolation
IPsec is a standard Internet protocol that allows administrators to isolate and protect servers and network domains with peer-level authentication and encryption. It provides a powerful mechanism for network segmentation and client quarantine without the need for new hardware.
Provides information about server and domain isolation solutions, including overviews, case studies, and deployment resources.