A. TCP/IP is widely used in most networks and with Windows 2000 forms a compulsory part of your network however a number of problems with TCP/IP exist.
Data is not sent in an encrypted format over TCP/IP which leaves it vulnerable to a number of attacks including eavesdropping which is where an attacker has access to the network and can therefore view all data sent.
Being able to view data sent over the network would allow data such as passwords to be viewed when connecting to some services like FTP which does not encrypt passwords sent over the network.
A solution was created in IPSec which is an industry standard based on end-to-end security which only the transmitting and receiving computers need know about any encryption.
Windows 2000 provides an implementation of IPSec and Group Policy settings in which to define your environments implementation of the IP add-on. This was developed by Microsoft and Cisco.
One of the great things with IPSec is it operates at layer 3 so any application of IP and upper layer protocols such as TCP, UDP will gain the advantage of IPSec without any modifications being needed to the applications.