Protect Confidential Information Using IPSec and Group Policy

At one time or another, everyone has had to limit read access to a file server directory, a Microsoft Exchange Server folder, or a SQL Server table. Chances are that the information you want to protect is confidential. But how do you protect this information? Access control permissions are great, as long as the data remains on the server. However, as soon as a legitimate user accesses the information from his or her workstation, the data might become visible to anyone using a network sniffer. To protect your classified information as it traverses your Windows 2000 network, you can use Group Policy to implement a limited rollout of IP Security (IPSec). And to put your mind at ease, you can use a network sniffer yourself to prove that you've properly secured the information—an important step considering that your network servers are hosting information worth protecting.

I hear you saying, "Aren't sniffers limited to network experts with special hardware?" Actually, using a sniffer to scan the data on your network is easier than you might think. Several easy-to-use sniffer programs are available that require little, if any, networking knowledge. For example, I recently used a popular packet analyzer called PacketBoy from NDG Software to capture traffic on my network. To test the software, I opened a file called confidential.txt with Notepad, as Figure 1 shows. Compare the contents of the file in Notepad with the packet highlighted in PacketBoy, as Figure 2 shows. As you can see, confidential.txt transmitted in clear text, and it didn’t require a lot of effort to capture its contents. You can easily capture database and email traffic as well because most applications (e.g., POP3) send information, including account passwords, in clear text. Remember, though, that an attacker needs to have access to a computer that connects to a segment of the LAN carrying the desired traffic. . . .