Enabling the Intelligent Network Services in the Presence of the End-to-end Security Model of Windows XP/2000's IPSEC Protocols using IP Option Field Model

N.Z. AlMeshary, and M.M. Shahsavari (USA)


Communication Systems, Windows XP/2000, Intelligent Network Services, End-to-End Security Model


The widely used network security strategy concentrates on preventing attacks from outsiders. While this is absolutely true, it ignores major attacks that might be initiated from insiders within the corporate LANs. Under Windows XP/2000 networks, most of the LAN traffic is not secured. Therefore, malicious employees, visitors, or partners might plug sniffing devices to monitor and analyze the traffic. Security countermeasure, such as firewalls at the perimeter can not prevent insider attacks. Consequently, there is a high demand to adopt an end-to end security model to ensure secure communications between any two Windows XP/2000 machines. The transport mode of Windows XP's IPSec protocols provides such model. Unfortunately, this security model disables a wide range of Intelligent Network Services (INS Services) that are inevitable for operating corporate LANs, such as internal firewalls, NIDS, Network Monitoring tools, and Traffic classifications, prioritization, and port management services. This paper investigates this critical issue and provides classification of INS Services access requirements and a flexible and efficient solution that allows the transport mode of Windows XP/2000's IPSec protocols to co-exist with the INS Services.

Important Links:

Go Back