Determine the security requirements of the organization.

Plan network security which should be implemented.
Photo provided by Flickr

Establish and create secure boundaries.

Deploying and implementing security features and security policies: The security design team should also be responsible for implementing security features and security policies.

Implement security technologies for the network.
Photo provided by Flickr

Implement server security technologies.

RADIUS service: The RADIUS service is used mainly to authenticate dial-up users, and can be used to authenticate wireless users when they attempt to connect to the network. One of the main benefits of using the RADIUS service is that user authentication for wireless networks are centralized. When a client transmits a request to establish a connection, the RADIUS service verifies the identity of the client by looking for a match in its authentication database. You can also configure a maximum session time limit which forces clients to regularly re-authenticate to the RADIUS service. During re-authentication, a new shared secret is generated, which makes it more difficult for attackers to decipher the shared secret keys.

Implement application security technologies.
Photo provided by Flickr

Secure Server (Request Security): With the Secure Server (Request Security) default IPSec policy, the computer prefers and initiates secure data communication. If the other computer supports IPSec, secure data communication will take place. If the other computer does not support IPSec, the computer will allow unsecured communication with that computer.

Implement user security technologies.
Photo provided by Flickr


Install Windows operating systems to a NTFS partition.

Kerberos authentication: A downside of using the Kerberos v5 authentication protocol is that the identity of the computer remains unencrypted up to the point that the whole payload is encrypted.

Using the NTFS file system and its security features.

Data integrity: Data integrity deals with ensuring that the data received at the recipient has not been tampered with. A hashing algorithm is used to ensure that the data is not modified as it is passed over the network. The hashing algorithms which can be used by IPSec are:

Using the Encrypting File System (EFS).

Digital certificates: Provides the most secure means of authenticating identities. Certificate authorities (CAs) such as Netscape, Entrust, VeriSign, and Microsoft provide certificates which can be used for authentication purposes.

Securing network access points.

Data confidentiality: IPSec ensures data confidentiality by applying encryption algorithms to data before it is sent over the network. If the data is intercepted, encryption ensures that the intruder cannot interpret the data. To ensure data confidentiality, IPSec can use either of the following encryption algorithms:

Enforcing the use of strong passwords.

Authentication: Authentication deals with verifying the identity of the computer sending the data, or the identity of the computer receiving the data. The methods which IPSec can use to authenticate the sender or receiver of data are:

Securing confidential application data as it moves over the network.

Secure Server (Require Security): With the Secure Server (Require Security) default IPSec policy only secure data communication is allowed. If the other computer does not support IPSec, the connection is not established.