It is worthwhile mentioning that Windows provides some default policies that can enable IP security, but it is always possible to create a customized policy for a complex network scheme that requires several advanced features and special needs. Therefore, it is necessary to activate on one side of the network the Server Policy and on the other side the Client policy. The Server’s policy can be based on authentication methods (including (a) active directory via Kerberos v5 protocol, (b) certificates where a third trusted party holds a certificate and serves as authenticator, and (c) pre-shared key,
which enables two peers holding the same key to establish a secured connection. In our implementation we have used option c (pre-shared key) for simplicity, tunnel setting (we have not used tunnel in our implementation). There are several options for setting the ‘‘connection type’’. Some of the possibilities include ‘‘all network connections’’, or ‘‘LAN connections’’ or ‘‘a remote computer’’. We have employed the LAN connections option in our Zeroconf deployment. The filter list defines the filter that can be applied to the traffic. The most common choices are the Internet Protocol (IP) filter and the Internet Control Message Protocol (ICMP) filter. The filters can also be customized to allow or to block specific traffic types. The Filter Action option corresponds to the list of filters defined under filter lists. In this implementation, we employed the IP filter.