New IPsec white paper

Microsoft has a cool new IPsec white paper, cowritten with Foundstone, describing how IPsec is used to harden Microsoft’s own internal network: “Using Microsoft Windows IPSec to Help Secure an Internal Corporate Network Server.” From the abstract:

This paper describes how to configure Microsoft® Windows® 2000 IPSec and Windows XP IPSec to help secure an internal corporate network server against network-based attacks from untrusted computers. You can significantly enhance the ability of a server to defend against such attacks by requiring IPSec-authenticated, signed, and encrypted communication between computers. This paper describes the security threats to, and the benefits of using IPSec on, an internal corporate network server and uses a scenario to describe the process of IPSec policy design for an internal corporate network. Although the focus of this paper is Windows 2000 and Windows XP IPSec, it also provides information about IPSec functionality enhancements in Windows 2000 service packs and in the Microsoft® Windows Server™ 2003 family.

When you combine it with the material in the Windows 2003 hardening and threats/countermeasures guides, you can really do some nifty stuff to harden your network.