IPSec Policy is free and using it can make your security incredibly hard to penetrate. Below we show you how to install such a policy and provide you with a IPSec Policy download.
IPSec is an acronym for Internet Protocol Security and enables encryption and firewall services (in the form of network access restrictions) for most Windows Operating systems, such as 2000, XP and 2003.
I have a test site that has been running for more than two years without being compromised, and the only Firewall is my IPSec policy. In fact, I have exported that same security policy and zipped it up for you.
IP Security Policy
Although this IPSec policy has been available for download for years, I just decided to put up a page dedicated to security polices for Windows thanks to a vitior who sent me the following email:
Subject: Using NAT Hardware Firewall simultaneously with software Firewall
I wonder if this situation is damaging. My laptop and my sons pc is connected to the Linksys 4 port router. This router has a NAT built in firewall. I really don’t know how to configure it, never had need to.
My son on his pc plays online gaming with other people. The connection as it is appears to have no problem. I was wondering, for added security only because after testing my ports with your site which determined an open port, and don’t know the severity of it, if I should run the NAT firewall plus say either Zone Alarm of any other software firewall all at the same time.
Do you feel I may be opening myself up for problems? If you do recommend the double protection, for someone who is unfamiliar in how to use a software firewall, which one would be easiest to use for a newbie to this.
Thank you for being out there
IPSec Policies, why you should use one!
Here is my response:
Your router is protecting both of you. You and your son receive unique internal ip address but when you access the internet, you both surf using the same external IP. Anyone from the outside (internet) trying to get past the firewall / router will be blocked, as it should be. The question to ask is, do I need to protect myself from my son’s computer? Of course you son is not going to hack into your computer, but should your son’s computer become compromised (this can happen by simply clicking on the wrong item on a malicious website), then the hacker will use his computer to break into your computer.
Remember, routers / firewalls usually come configured to protect you from the outside, not internally. It is assumed that everyone inside / behind the firewall trusts everyone else.
So, yes, add the extra protection and be safe!
To give yourself added protection, as in the case above, use the IPSec policy that comes with Windows; here is how.
How to Import a IPSec Policy
This is the IPSec Policy, download it and continue reading, I’ll explain how to install this. Once you have downloaded the policy, unzip and extract it( Use the password ‘auditmypc.com’). For this example, I’ll assume you will extract it to c:\ipsec
To import this security policy, simply navigate to (and click on) administrative tools (start, settings, control panel), local security policy, right click on IP security policies on local computer, all tasks, import policies and choose the location of the ipsechome.ipsec file you extracted from the zip file ipsechome.zip.
How to Activate the IPSec Policy
To activate the IPSec policy, simply right clicking on the new policy (IPrules for Home Use) and choose assign.
You can also use the command prompt to import the security policy, simply type:
netsh ipsec static importpolicy c:\ipsec\ipsechome.ipsec
That should do it. If you still feel you need a firewall, then check out our list of free firewalls for more information.
I am trying to change the policies to make it manual instead of IKA..But all the time i am seeing IKA messages for negotiations..Can u help me to run thru manual pre-shared keys,
Thank you very much for posting this I have some ports I need to close. I’ve noticed that my computer has been intruded on in a way that I’ve had a very hard time isolating, and I’ve brought it down to a couple things that I think might help me out. I’ve learned much from this fun time with my would-be stalker as far as preventing them from further screwing with my machine.
This works very well as Malwarebytes does not report any longer to be blocking IP from China :)
But how do i allow my bitTorrent client access to incoming port e.g. TCP 40396 ?
This caught my eye. Will this interfere with my xp home web server that I use for my business webpage?
Also the password auditmypccom isn’t working to unzip this for me either.. Why is this password protected?
Thanks for the extra security. For those checking gmail or other emails through secure servers, they will need to edit the policy after installing it to open ports 995 for POP3 and 465 for SMTP. I had to do this to get gmail to work in Outlook Express.
One other programme I use is Freepops to download my yahoo emails in Outlook Express. It uses localhost and port 2000 to access the freepops programme, and freepops I think uses port 8080. I’ve not been able to change the right settings in the policy to allow this software to work. Any suggestions?
Thanks for the information. I unzipped it and it works.
Sense of Security
i think it work with Windows 7 RC 32-bit and Windows 7 RC 64-bit but WinXP 64 never hear
Glad it helps Lee!
The Ipsec policy has been more of a help with keeping intruders out than anything else I have tried. I run the Windows firewall, Ipsec policy and Avira free and have been fine on the same install for a much longer time than with any other combination. Thanks.
No, thank you Dennis – I set the password to the ipsec policy a long time ago and should have been more clear – I’ll simply remove it when I get time.
If you have the windows firewall, you should check out my update on free firewalls – You won’t need the ipsec policy with the advanced setup…
Have a great day!
Thank you Jim. Sorry to be such a dolt. Btw, your site contains a wealth of information. Much appreciate your efforts.
yours is a great public service.
does IPsec work with my windows XP 64 bit also? This computer has so far worked only offline with electronic piano, so is new to the internet.
You can unzip the ipsec policy with a password of auditmypc.com
I have followed the instructions dutifully for your IPsec Policy but the password (auditmypc.com)does NOT work:
This is AuditMyPC.com’s free IPsec policy.
If you downloaded this from a site other than auditmypc.com/ipsec-policy.asp, please visit AuditMyPC.com for the latest version and while you’re there, please leave a comment stating where you heard about us.
The password for this zip file is also included on the webpage mentioned above.