Windows 7 / Networking

Connection Security Rules

Connection security rules are a special type of rule that deal with authenticated and encrypted traffic. You can use connection security rules to manage how communication occurs between different hosts on the network. You use the New Connection Security Rule Wizard to create connection security rules. Connections can be authenticated using the Kerberos V5 protocol requiring a domain computer and user account or a domain computer account. If you select advanced properties, connections can be authenticated using NTLMv2, computer certificates from a particular certificate authority (CA) or using a pre-shared key. The different connection security rules work in the following ways:

  • Isolation Isolation rules allow you to limit communication to hosts that are able to authenticate using specific credentials. For example, you can use an isolation rule to stop computers communicating with any hosts that are not members of an AD DS domain. You can configure an isolation rule to request authentication for inbound and outbound communication, require authentication for inbound communication and request it for outbound communication, or require authentication for all communication.
  • Authentication exemption These rules allow you to configure exemptions to isolation rules. You can configure authentication exemptions to allow a computer to connect to infrastructure servers, such as DHCP servers and DNS servers, without having to authenticate.
  • Server-to-server These rules allow you to protect connections between specific computers. They differ from isolation rules in that instead of applying to all connections, they apply to connections between hosts at specific addresses.
  • Tunnel These rules are similar to server-to-server rules, except that they apply to connections through tunnels to remote sites, such as site-to-site links.

Note The relationship between connection security rules and IPSec policies is similar to the relationship between AppLocker and Software Restriction Policies. Both sets of rules do similar things, but the ones that you use depend on the operating systems used by the client computers in your organization. All editions of Windows 7 and Windows Vista support connection security rules, but Windows XP does not.

[Previous] [Contents] [Next]