IPSec and Credentials - Network

This is a discussion on IPSec and Credentials - Network ; I set up IPSec on a Windows Server 2003 and Windows XP Professional so the communication of the network shares are encrypted. Is the credentials for the shares encrypted when opening the shares? Is this true also for Windows 2000 ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: IPSec and Credentials

  1. IPSec and Credentials

    I set up IPSec on a Windows Server 2003 and Windows XP Professional so the
    communication of the network shares are encrypted. Is the credentials for
    the shares encrypted when opening the shares? Is this true also for Windows
    2000 workstations?



  2. Re: IPSec and Credentials

    Windows credential authentication for access to network shares is always
    secured whether ipsec is used or not. Passwords are not sent over the
    network connection. Instead a challenge/response mechanism is used. When a
    user tries to access the share the user sends a request to the server that
    includes the user name. The server sends a random challenge string called a
    nonce to the client computer. The client computer encrypts the nonce with
    the hash of the user's password and sends it back to the server. The server
    encrypts the nonce with the password hash it has for the user and compares
    the two. If identical then authentication is successful. In a domain
    environment the authentication is a bit different and the domain controller
    is involved but in any case a challenge/response is used. Beware however
    that passwords used for FTP and telnett are sent in clear text but that
    would not be the case in your scenario. Keep in mind that a benefit of ipsec
    when negotiation [ESP/AH] is required is that the computers must
    authenticate with each other before the ipsec SA can be created. That means
    that a user on a computer that can not create an ipsec SA with the server
    can not access the share even if the user knows credentials that could
    normally be used to authenticate to that server to access the share. If your
    computers are not in an Active Directory domain and you have configured
    ipsec to be requires for all traffic between the computers then the user
    authentication process will also happen with ipsec encryption just like it
    is in a L2TP VPN connection. --- Steve


    "Michael W White" wrote in message
    news:uz3691ukGHA.1456@TK2MSFTNGP04.phx.gbl...
    > I set up IPSec on a Windows Server 2003 and Windows XP Professional so
    > the communication of the network shares are encrypted. Is the credentials
    > for the shares encrypted when opening the shares? Is this true also for
    > Windows 2000 workstations?
    >




+ Reply to Thread