I won't pretend that I should be a System Administrator for any network that really matters -- but I do have at least a basic understanding of protocols, ports, and the various means that hackers commonly use to compromise software, systems and networks. Today I've been configuring a new application test server for a project we're working on. This server will be hosted in a Data Center where I am leasing a 1U space in a rack. Because I only get 1U, this machine will be connected directly to the Internet. Usually, I keep all our servers behind or in the DMZ of restrictive firewalls that I feel comfortable configuring, but this will be an exception.
So I went hunting for a solution to secure access to this machine in just a handful of pre-defined ways. Like any good software developer who has better things to do than determine which encryption protocol is better (3DES or AES) or learn the semantics behind PPTP, I hit the web looking for an off-the-shelf software solution I could setup easily. I found many options, all of which looked like 3rd party software that would take the time to bring my dual processor dual-core Xeon server to it's knees while the software figures out the appropriate way to allow or deny web traffic to the box. No, I wanted something integrated, easy to setup and hassle-free.
Enter IPSec support in Windows Server 2k3. Ok, it's definitely not the easiest solution to configure, but armed with my basic knowledge of computer networks it wasn't rocket science (or even that much computer science), either. In about 20 minutes I was able to setup a basic firewall policy right inside Windows Server that doesn't require some 3rd party mystery software, and uses industry accepted protocols to secure our new test server. Not to mention, I learned a few new tricks. Since I'm not an expert, I'll cite some resources where interested parties can find out the how and why of IPsec in Windows Server:
Enjoy!