More information

fernando_cima — Mon, 10 Jul 2006 13:33:22 GMT

Thanks Jamie, Sam and the CTAC crew for the opportunity for this podcast. I'd like to add a little bit more of information to our readers:

IPsec is usually associated with VPN, and sometimes people don't realize that it can be used to protect "regular" network traffic inside a corporate or home network. This is basically what Domain Isolation is about: using IPsec in transport mode to authenticate and sometimes also encrypt trusted network traffic, while discarding traffic from untrusted sources.

This is a solution that has been in use in Microsoft corporate network for some years, and when we took it to customers there was a clear need for interoperability. So our group (me and my colleague Kiyoshi Watanabe from Japan) started working on creating guidance for using the solution with Linux, FreeBSD, Mac OS X, Solaris and other platforms.

The beauty of it is that every modern OS has IPsec and IKE support, and even though not all IPsec implementations are created equally, all the platforms we tested have been working quite well. As long as you have IPsec and IKE support, with PKI authentication, and is able to define remote IPs/subnets where IPsec should not be used, you are good to go.

Our guide is currently being formatted and going through the legal and technical review, and should be posted to http://www.microsoft.com/sdisolation as soon as it is ready. We are sorry for not having it on time for the podcast, but in the meantime I'd be glad to answer any question that our readers might have!

Server & Domain Isolation with Fernando Cima, Microsoft Brazil (Podcast)

More information