The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form.

Q: Doesn t network infrastructure refer to a lot more than just DHCP and DNS?

A: Yes, typically it does. However, when we re dealing with a wired network, the physical security of the infrastructure is typically discussed separately from the network-based (electronic) security elements. Ensuring network cabling isn t jacked into or that unauthorized computers are not on the network are certainly parts of securing the infrastructure, but these threats are typically easier to spot and easier to manage.

Q: How do IPSec policies and group policies relate to one another?

A: Group policies are policies that include many different elements, including user configuration, software configuration settings, event logs, startup or logon scripts, and more. IP Security policies can be implemented as part of a Group Policy Object (GPO) and applied to domains, OUs, or groups.

Q: Why don t you typically use the AH and ESP IPSec protocols together?

A: The AH protocol signs the packet to ensure the integrity of the data and header. It prevents someone from modifying the packet in any way, but doesn t do anything to prevent someone from reading the data in the packet.