{"id":263,"date":"2005-08-30T13:00:00","date_gmt":"2005-08-30T13:00:00","guid":{"rendered":"http:\/\/markwilson.me.uk\/blog\/2005\/08\/introduction-to-ipsec.htm"},"modified":"2007-07-16T17:13:13","modified_gmt":"2007-07-16T16:13:13","slug":"introduction-to-ipsec","status":"publish","type":"post","link":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm","title":{"rendered":"An introduction to IPSec"},"content":{"rendered":"<p><!--112541683342713326-->I&#8217;ve been meaning to write something about <a href=\"http:\/\/en.wikipedia.org\/wiki\/IPSec\">Internet protocol security<\/a> (IPSec) ever since I heard <a href=\"http:\/\/blogs.technet.com\/steve_lamb\/\">Steve Lamb<\/a> talk about it a few months back but <a href=\"http:\/\/www.u-g-h.com\/AnIllustratedGuideToIPSec.aspx\">Owen Cutajar<\/a> blogged about <a href=\"http:\/\/www.unixwiz.net\/techtips\/iguide-ipsec.html\">Steve Friedl&#8217;s Illustrated Guide to IPSec<\/a> a few days back which gives a much better description than I ever will! Steve&#8217;s site has a whole load of useful technical tips, but as his URL might give away, he comes at things from a UNIX perspective.<\/p>\n<p>For Windows users who are interested in implementing IPSec, I recommend that you read both <a href=\"http:\/\/blogs.technet.com\/steve_lamb\/search.aspx?q=ipsec&#038;p=1\">Steve Lamb&#8217;s blog<\/a> and <a href=\"http:\/\/www.unixwiz.net\/techtips\/iguide-ipsec.html\">Steve Friedl&#8217;s Illustrated Guide to IPSec<\/a>, but what follows is a brief description of some high-level concepts which might help to put it all into context.<\/p>\n<p>Although it sounds complex, symmetric key cryptography is a very basic method of encrypting messages (e.g. DES or AES\/Rijndael) using a shared secret. The plain text input is encrypted to produce cipher text which is transmitted to the intended recipient, who can then decrypt it to produce plain text output. An example of such a mechanism is the <a href=\"http:\/\/www.vectorsite.net\/ttcode1.html\">Caesar shift<\/a>, whereby characters are shifted by a known number of places (the shared secret), so that for example if the shared secret is 3, A becomes D, B becomes E, and so on. Symmetric key cryptography is simple, and fast, but relies on some form of mechanism for exchanging keys (shared secrets).<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"Symmetric key cryptography\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png?w=700&#038;ssl=1\" border=\"0\" \/><\/p>\n<p>Public key cryptography is an asymmetric encryption mechanism, whereby knowledge of the encryption key doesn&#8217;t provide the methods to decrypt the message. The recipient of the message generates a pair of keys (using a certificate authority) and publishes the public key in a directory so that anyone can send them encrypted messages that only they can read. This pair of keys is actually a single key split mathematically using a one-way algorithm (i.e. one which current mathematics does not allow to be reversed). When sending a message, it is encrypted with the recipient&#8217;s public key and they can decrypt it (using their private key). Unfortunately even this method has its weaknesses as it is slow, subject to what is known as a &#8220;known ciphertext&#8221; attack and requires the public key to be trusted (i.e. to be from a known certificate authority).<\/p>\n<p><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"Asymmetric key cryptography\" src=\"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/images\/asymmetrickey.png?w=700&#038;ssl=1\" border=\"0\" \/><\/p>\n<p>The real-world answer is often a hybrid encryption process whereby a symmetric session key is encrypted using the recipient&#8217;s public key and then, once this key has been decrypted by the recipient (using their private key), they can read messages encrypted using the session key. The session key is transmitted with the encrypted message as a digital envelope. Once the message exchange is complete (whether that is literally the transfer of a message, or a communication session) the session key is disregarded (i.e. its life is finite &#8211; dictated by the length of the session).<\/p>\n<p>IPSec is used to authenticate and\/or encrypt TCP\/IP communications, securing either specific ports or all IP traffic and is obligatory for <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/07\/ipv6-so-whats-it-all-about.htm\">IPv6<\/a>.<\/p>\n<p>In an Active Directory environment, IPSec is generally configured via group policy and both the client and the server must be configured. No reply is issued to rejected packets &#8211; they are simply dropped. Installing a certificate authority (CA) is a simple process (although because a lot of the configuration is wizard-based, it can be difficult to appreciate exactly what has been done). Windows Server 2003 Certificate Services allows a hierarchy of CAs to be implemented (generally with the root CA kept offline once the hierarchy is established) as well as adhering to public key standards from <a href=\"http:\/\/www.rsasecurity.com\/\">RSA<\/a>, <a href=\"http:\/\/www.entrust.com\/\">Entrust<\/a> and <a href=\"http:\/\/www.verisign.com\/\">Verisign<\/a> (licensed by Microsoft to avoid any per-certificate cost issues). Once a certificate has been issued the client no longer needs to communicate with the CA. Of course, internal CAs are only suitable for internal use of IPSec (a trusted CA needs to be used for securing traffic across the Internet).<\/p>\n<p>One of the advantages of IPSec is that, because it works at the network layer, it can be used to provide secure data transfer without affecting applications; however the downside is that architects (or administrators) should carefully consider the impact that encrypting all traffic would cause as some security software (e.g. intrusion detection systems) will no longer function.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve been meaning to write something about Internet protocol security (IPSec) ever since I heard Steve Lamb talk about it a few months back but Owen Cutajar blogged about Steve Friedl&#8217;s Illustrated Guide to IPSec a few days back which gives a much better description than I ever will! Steve&#8217;s site has a whole load &hellip; <a href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">An introduction to IPSec<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[],"tags":[43,45],"class_list":["post-263","post","type-post","status-publish","format-standard","hentry","tag-security","tag-tcpip"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>An introduction to IPSec - markwilson.it<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"An introduction to IPSec - markwilson.it\" \/>\n<meta property=\"og:description\" content=\"I&#8217;ve been meaning to write something about Internet protocol security (IPSec) ever since I heard Steve Lamb talk about it a few months back but Owen Cutajar blogged about Steve Friedl&#8217;s Illustrated Guide to IPSec a few days back which gives a much better description than I ever will! Steve&#8217;s site has a whole load &hellip; Continue reading An introduction to IPSec\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm\" \/>\n<meta property=\"og:site_name\" content=\"markwilson.it\" \/>\n<meta property=\"article:published_time\" content=\"2005-08-30T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2007-07-16T16:13:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png\" \/>\n<meta name=\"author\" content=\"Mark Wilson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:site\" content=\"@markwilsonit\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Wilson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm\"},\"author\":{\"name\":\"Mark Wilson\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"headline\":\"An introduction to IPSec\",\"datePublished\":\"2005-08-30T13:00:00+00:00\",\"dateModified\":\"2007-07-16T16:13:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm\"},\"wordCount\":715,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/symmetrickey.png\",\"keywords\":[\"Security\",\"TCP\\\/IP\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm\",\"name\":\"An introduction to IPSec - markwilson.it\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/symmetrickey.png\",\"datePublished\":\"2005-08-30T13:00:00+00:00\",\"dateModified\":\"2007-07-16T16:13:13+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#primaryimage\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/symmetrickey.png\",\"contentUrl\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/images\\\/symmetrickey.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/2005\\\/08\\\/introduction-to-ipsec.htm#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"An introduction to IPSec\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/\",\"name\":\"markwilson.it\",\"description\":\"get-info -class technology | write-output &gt; \\\/dev\\\/web\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/#\\\/schema\\\/person\\\/98f61365e7c39d6be942174b8c4de468\",\"name\":\"Mark Wilson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\",\"width\":800,\"height\":800,\"caption\":\"Mark Wilson\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/www.markwilson.co.uk\\\/blog\\\/uploads\\\/image-4.png?fit=800%2C800&ssl=1\"},\"description\":\"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.\",\"sameAs\":[\"http:\\\/\\\/www.markwilson.co.uk\\\/\",\"https:\\\/\\\/www.instagram.com\\\/markwilsonuk\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/markawilson\\\/\",\"https:\\\/\\\/x.com\\\/markwilsonit\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCWHlZCoHRTocdvtrOJ2IL4A\"],\"url\":\"https:\\\/\\\/www.markwilson.co.uk\\\/blog\\\/author\\\/mark-wilson\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"An introduction to IPSec - markwilson.it","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm","og_locale":"en_GB","og_type":"article","og_title":"An introduction to IPSec - markwilson.it","og_description":"I&#8217;ve been meaning to write something about Internet protocol security (IPSec) ever since I heard Steve Lamb talk about it a few months back but Owen Cutajar blogged about Steve Friedl&#8217;s Illustrated Guide to IPSec a few days back which gives a much better description than I ever will! Steve&#8217;s site has a whole load &hellip; Continue reading An introduction to IPSec","og_url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm","og_site_name":"markwilson.it","article_published_time":"2005-08-30T13:00:00+00:00","article_modified_time":"2007-07-16T16:13:13+00:00","og_image":[{"url":"https:\/\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png","type":"","width":"","height":""}],"author":"Mark Wilson","twitter_card":"summary_large_image","twitter_creator":"@markwilsonit","twitter_site":"@markwilsonit","twitter_misc":{"Written by":"Mark Wilson","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#article","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm"},"author":{"name":"Mark Wilson","@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"headline":"An introduction to IPSec","datePublished":"2005-08-30T13:00:00+00:00","dateModified":"2007-07-16T16:13:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm"},"wordCount":715,"commentCount":2,"publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png","keywords":["Security","TCP\/IP"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm","url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm","name":"An introduction to IPSec - markwilson.it","isPartOf":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#primaryimage"},"image":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#primaryimage"},"thumbnailUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png","datePublished":"2005-08-30T13:00:00+00:00","dateModified":"2007-07-16T16:13:13+00:00","breadcrumb":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#primaryimage","url":"https:\/\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png","contentUrl":"https:\/\/www.markwilson.co.uk\/blog\/images\/symmetrickey.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/introduction-to-ipsec.htm#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.markwilson.co.uk\/blog"},{"@type":"ListItem","position":2,"name":"An introduction to IPSec"}]},{"@type":"WebSite","@id":"https:\/\/www.markwilson.co.uk\/blog\/#website","url":"https:\/\/www.markwilson.co.uk\/blog\/","name":"markwilson.it","description":"get-info -class technology | write-output &gt; \/dev\/web","publisher":{"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.markwilson.co.uk\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Person","Organization"],"@id":"https:\/\/www.markwilson.co.uk\/blog\/#\/schema\/person\/98f61365e7c39d6be942174b8c4de468","name":"Mark Wilson","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","url":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1","width":800,"height":800,"caption":"Mark Wilson"},"logo":{"@id":"https:\/\/i0.wp.com\/www.markwilson.co.uk\/blog\/uploads\/image-4.png?fit=800%2C800&ssl=1"},"description":"A Chartered IT Professional, with recent experience in technology leadership, IT strategy and practice management roles, Mark Wilson is an Enterprise Architect in the Advisory and Management Group at risual. During a career spanning more than two decades, Mark has gained widespread recognition as an expert in his field including both industry and national press exposure. In addition to certifications from Microsoft, VMware, Red Hat, The Open Group and Axelos, Mark held a Microsoft Most Valuable Professional (MVP) award for three years and is now part of the MVP Reconnect programme. Mark is also well-known on social media and maintains an award-winning blog.","sameAs":["http:\/\/www.markwilson.co.uk\/","https:\/\/www.instagram.com\/markwilsonuk\/","https:\/\/www.linkedin.com\/in\/markawilson\/","https:\/\/x.com\/markwilsonit","https:\/\/www.youtube.com\/channel\/UCWHlZCoHRTocdvtrOJ2IL4A"],"url":"https:\/\/www.markwilson.co.uk\/blog\/author\/mark-wilson"}]}},"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":815,"url":"https:\/\/www.markwilson.co.uk\/blog\/2007\/06\/improvements-to-the-windows-firewall-in-vista.htm","url_meta":{"origin":263,"position":0},"title":"Improvements to the Windows firewall in Vista","author":"Mark Wilson","date":"Wednesday 13 June 2007","format":false,"excerpt":"I recently attended a Windows Vista security session at Microsoft, presented by Steve Lamb. Windows Vista security is too broad to cover in a single presentation (or even in a single blog post!) but some of the key points that Steve concentrated on were around the Windows firewall and IPsec.\u2026","rel":"","context":"In \"Microsoft Windows Vista\"","block_context":{"text":"Microsoft Windows Vista","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/windows-vista"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":159,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/08\/so-you-want-to-be-consultant.htm","url_meta":{"origin":263,"position":1},"title":"So you want to be a consultant&#8230;","author":"Mark Wilson","date":"Tuesday 30 August 2005","format":false,"excerpt":"Earlier today I posted a link to Steve Friedl's illustrated guide to IPSec. Steve's site has a whole load of technical tips, but one item I stumbled across was his extremely interesting review of consultancy practices (subtitled as \"Why work 8 hours\/day for someone else when you can work 16\u2026","rel":"","context":"In \"Certification\"","block_context":{"text":"Certification","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/certification"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1162,"url":"https:\/\/www.markwilson.co.uk\/blog\/2008\/08\/microsoft-infrastructure-architecture-considerations-part-3-controlling-network-access.htm","url_meta":{"origin":263,"position":2},"title":"Microsoft infrastructure architecture considerations: part 3 (controlling network access)","author":"Mark Wilson","date":"Thursday 21 August 2008","format":false,"excerpt":"Continuing the series of posts on the architectural considerations for designing a predominantly-Microsoft IT infrastructure, based on the MCS Talks: Enterprise Infrastructure series, in this post, I\u00e2\u20ac\u2122ll look at some of the considerations for controlling access to the network. Although network access control (NAC) has been around for a few\u2026","rel":"","context":"In \"Architecture\"","block_context":{"text":"Architecture","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/architecture"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2700,"url":"https:\/\/www.markwilson.co.uk\/blog\/2011\/04\/azure-connect-the-missing-link-between-on-premise-and-cloud.htm","url_meta":{"origin":263,"position":3},"title":"Azure Connect &#8211; the missing link between on-premise and cloud","author":"Mark Wilson","date":"Monday 18 April 2011","format":false,"excerpt":"Azure Connect offers a way to connect on-premise infrastructure with Windows Azure but it's lacking functionality that may hinder adoption. While Microsoft is one of the most dominant players in client-server computing, until recently, its position in the cloud seemed uncertain. \u00a0More recently, we've seen Microsoft lay out its stall\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/www.markwilson.co.uk\/blog\/topic\/technology"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":69,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/03\/securing-network-using-microsoft-isa.htm","url_meta":{"origin":263,"position":4},"title":"Securing the network using Microsoft ISA Server 2004","author":"Mark Wilson","date":"Thursday 3 March 2005","format":false,"excerpt":"Several months ago, I attended a Microsoft TechNet UK event where the topic was ISA Server 2004 network design\/troubleshooting and inside application layer firewalling and filtering. It's taken me a while to get around to writing up the notes, but finally, here they are, with some additional information that I\u2026","rel":"","context":"In \"Microsoft ISA Server\"","block_context":{"text":"Microsoft ISA Server","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/isa"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":135,"url":"https:\/\/www.markwilson.co.uk\/blog\/2005\/07\/ipv6-so-whats-it-all-about.htm","url_meta":{"origin":263,"position":5},"title":"IPv6 &#8211; so what&#8217;s it all about?","author":"Mark Wilson","date":"Thursday 21 July 2005","format":false,"excerpt":"A few weeks back, I was at a Microsoft TechNet UK event, where Steve Lamb discussed Microsoft's implementation of the Internet Protocol v6 (IPv6), available in Windows 2000 service pack 3 or later, Windows XP service pack 1 or later, or Windows Server 2003. This is a new version of\u2026","rel":"","context":"In \"TCP\/IP\"","block_context":{"text":"TCP\/IP","link":"https:\/\/www.markwilson.co.uk\/blog\/tag\/tcpip"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/263","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=263"}],"version-history":[{"count":0,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/posts\/263\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=263"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=263"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.markwilson.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=263"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}