What is the best way to encrypt data between internal servers? We have a few homegrown apps that run on 2008R2 servers that transmit sensitive data. Would an IPSec connection between the two servers encrypt all traffic between those two servers? Does anyone have a link for best practices encrypting server to server in Windows Server 2008? Thanks!
Asked
Active
Viewed 102 times
-1
-
2IPSec in transport mode. – EEAA Nov 19 '14 at 13:07
1 Answers
1
IPSec in transport mode (as @EEAA comments) is what you're looking for. Microsoft has a lot of documentation on the topic.
In a scenario where the servers are domain-joined IPSec becomes reasonably easy to configure because authentication and key-exchanged are handled "for free" by the OS. In non-domain scenarios you have to worry about making that work yourself (with either PKI or static keys).
IPSec policy, which reads a lot like firewall rules, controls how traffic wil be encrypted on egress, and how ingress traffi will be handled and accepted. Beware-- it is fairly easy to lock yourself out of access to a machine over the network when you're playing win IPSec policy.
Evan Anderson
- 141,881
- 20
- 196
- 331
-
Thank you Evan. I setup a test in our domain with firewall rules and such. It seems pretty easy, too easy actually. I'll take a look at the link and do some research. Thanks again. – Slim Nov 19 '14 at 13:52