I was presenting a TechNet session down in Cork & over in Galway this week - covering best practice use of AD, Group Policy, the Windows Firewall, IPSec and MOM. There was a lot of interest in the IPSec session - most people present had the impression that implementing IPSec would be very hard and would introduce encryption to their network (and therefore have shied away from it). As it turns out, IPSec is pretty easy to implement and doesn't have to use encryption - it can be used in a "authentication only" mode. I demonstrated how easy it was to set up IPSec to isolate a domain (as in http://www.microsoft.com/technet/itsolutions/network/sdiso/default.mspx). The benefits being that you allow only your machines to talk to each other (I can't plug my laptop into your network & introduce bad stuff of find your good stuff) and you also have the ability to restrict certain machines to have access to certain servers as an example. My "cheat sheet" for my demo was 17 lines of poorly written notes on a single side of A5 - lots of people have asked for it (if I can implement domain issolation from one side of A5, it really can't be that difficult). So here's my notes (typed for easy of use with comments added if necessary):
New IPSec Policy
Assign GPO to domain
Apply GPO to FS1 & XP1 (test machines)
That's it (only 17 lines). Oh, and apologies for being a bit light on the blogging front this month - I need to work out how to fit it into by busy schedule..