Window Server 2003 contains a number of significant improvements to network security, which has become a greater concern over the past several years as hackers become more sophisticated. The threats to network infrastructure represent the largest threats to network security because compromising vital network infrastructure services can seriously disrupt corporate networks, destroy data, and breach confidentiality. As a result, Windows Server 2003 provides numerous ways to protect the infrastructure.

Network infrastructure consists of physical assets such as cabling, hubs, routers, and servers, and the software aspects such as DHCP, DNS, and WINS services that define, create, and manage the elements that provide network functionality. Each of the critical services can be configured to be more secure, reducing or eliminating the threat of attack.

Ethernet-based networks, the majority of networks implemented today, use the Internet Protocol (IP) as the basis of network activity. The implementation of the IP Security protocol by Windows 2000 and Windows Server 2003 provides significant opportunities to secure network infrastructure. IPSec consists of several elements, including the IPSec Policy Agent that looks for IPSec policy and applies it to the computer, the IPSec driver that implements the filter lists and filter actions specified by the IPSec policies, and the IPSec protocols that provide data integrity, anti-replay, and optional confidentiality services.

The IPSec protocols are the Authentication Header (AH) and Encapsulated Security Payload (ESP). AH provides data integrity by signing the IP packet header, which prevents the packet from being tampered with in any way. However, it does...