network traffic encryption???

keith

Distinguished
Mar 30, 2004
1,335
0
19,280
Archived from groups: microsoft.public.win2000.security (More info?)

Does anyone know whether the network traffic between Windows 2000 client and
server is encrypted? If so, what kind of encryption is being used?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

No it is not. User authentication however in a default installation never allows
passwords to be sent over the network in clear text but a encrypted password
hash is used instead in a challenge/reponse session . Replication traffic
between W2K domain controllers is always encrypted per the kerberos protocol
which is one reason AD integrated dns zones are recommended. W2K introduced
ipsec which allows traffic to be encrypted between W2K member servers and member
servers [but not domain controllers]. The three default ipsec policies which can
be modified to your needs are client/respond, server/request, and
server/require. A computer with a require ipsec policy will not communicate with
any computer unless traffic can be secured via ipsec with a combination of
either ESP and/or AH which can use DES, 3DES, SHA1, or MD5. See the link below
for more information on ipsec. A security association will use the strongest
encryption that can be negotiated between the computers which would be 3DES/SHA1
in a default W2K installation. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://www.microsoft.com/windows2000/techinfo/howitworks/security/ip_security.asp

"Keith" <ms2331@yahoo.com> wrote in message
news:O1qPl6XXEHA.2408@tk2msftngp13.phx.gbl...
> Does anyone know whether the network traffic between Windows 2000 client and
> server is encrypted? If so, what kind of encryption is being used?
>
>