Internal -primarily. The way the environment is set up is:
Domain controller's (no secure/dynamic updates), file server, SQL servers, DNS servers are all inside and on separate subnets. The webserver is outside on the DMZ and can access all the internal servers. Access to the outside world is allowed only for the DNS and webservers.
The requirement is for DNS to be encrypted. I have been testing with IPSec policies.
It is applied to all machines that the policy is applied to. You can make it a policy that is applied to the entire domain or only a few critical systems, or any combination of them.
You might also want to step back from requiring IPSec to requesting IPSec, except for those most "high security" servers. That way if both the client and server support the encryption it will use it, otherwise it will fall back to unencrypted for compatibility.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.