readme.txt Driver File Contents (MB092LND.ZIP)

Intel(R) Packet Protect Software Supplemental Information
Version 2.0 for Windows* 98
=========================================================

NOTE: If you are using Windows NT, refer to the readme.txt in the 
\PktPt\NT4 directory.  Additional information is in the Packet Protect 
User's Guide in the \Info\Protect directory on the product CD-ROM.


Contents
========

- Overview
- Available Versions
- System Requirements
- Installation
- Configuration
- Compatibility
- Communicating with a DNS
- Communicating with Windows 2000
- Other Known Issues


Overview
========

Intel Packet Protect is a departmental solution that helps protect
Internet Protocol (IP) traffic as it travels between computers on your
local area network (LAN).  It protects data confidentiality and 
authenticity, and helps prevent data from being retrieved by intruders
or hackers.  Because many of the total data compromises are attempted 
from within a company firewall, it is important to protect sensitive 
data while it travels on your company's LAN.

Though Packet Protect securely transmits traffic on the network, it 
does not protect the data while it is stored on a computer.  Use your 
operating system features to provide access control to sensitive 
areas of your network. 

Packet Protect uses Internet Key Exchange (IKE) and Internet Protocol
Security (IPSec) to protect communications on your LAN.  Both IKE and 
IPSec are protocol specifications being developed by the Internet 
Engineering Task Force (IETF).  Packet Protect uses pre-shared keys 
for credential verification.  


Available Versions
==================

Packet Protect is available in DES-only (56-bit encryption) and 
DES/3DES (56-/168-bit encryption).  3DES is available worldwide 
except where prohibited due to U.S. import/export restrictions.  


System Requirements
===================

- Microsoft Windows* 98
- DCOM98, v1.3 or later.  This can be downloaded at: 
  http://www.microsoft.com/com/dcom/dcom98/download.asp.
- 40 MB minimum available hard disk space.
- 32 MB RAM minimum, of 64 MB RAM recommended.
- 200 MHz Pentium(R) processor (performance level or bette)r.
- Intel EtherExpress(TM) adapter (PRO/100 family).


Installation
============

Before installing Packet Protect:

- Uninstall any existing version of Packet Protect using the 
  Add/Remove Programs applet in the Control Panel.
- Install and configure your adapter.

Refer to your adapter Installation Guide for detailed information 
about configuring your adapter using the EtherExpress PROSet II 
utility.

Configure PROSet II to enable IPSec:

1.  Open PROSet II.

2.  In the left pane, select Network Components.

3.  Right-click on the name of the adapter you want to use.

4.  Select Enable IPSec in the pop-up window.

5.  Re-start the system in order for the IPSec bindings to take 
    effect.  


To install Packet Protect:

1.  With the product CD inserted, browse to the CD-ROM using 
    Windows Explorer.

2.  Double-click \PktPt\Win98\setup.exe.

3.  Follow the prompts on the screen.

4.  Restart Windows 98 when prompted.


Configuration
=============

When you install Packet Protect on a computer, you set up basic 
security settings the computer will apply to communication attempts.  
Optionally, you may set up security policies to apply different 
security settings to specific types of communication attempts.  Refer 
to the Packet Protect User's Guide in the \Info\Protect folder on the 
product CD-ROM for configuration details and deployment examples.


Compatibility
=============

Packet Protect is designed to offload encryption and authentication 
tasks to Intel EtherExpress PRO/100 S Server and Intel EtherExpress 
PRO/100 S Management adapters, but can also work with Intel LAN 
adapters that do not support the offload.  If you have multiple 
adapters that are not teamed, one of them must be an Intel 
EtherExpress PRO/100 S Server or Intel EtherExpress PRO/100 S 
Management adapter in order for the tasks to be offloaded to that 
adapter.  Packet Protect will not work on systems with Intel 
EtherExpress PRO/1000 Gigabit Server adapters.  Packet Protect does 
not support dial-up adapters.

When you set up Packet Protect, each computer that will communicate in
a protected way using Packet Protect must use a pre-shared key or by
using a certificate.  Packet Protect does not support the Kerberos 
authentication method.

Packet Protect computers can communicate with Windows 2000 IPSec 
computers by setting up each computer's policy to use the same 
settings.  You cannot use Packet Protect to manage security policies 
for Windows 2000 IPSec computers, or vice versa.


Communicating with a DNS
========================

In order for a client machine running Packet Protect to communicate 
with a Domain Name Server (DNS), you must use one of the following 
configurations:

* If the DNS is communicating with NO IP Security enabled, and you 
  want to use Fully Qualified Domain Names (FQDN) in your rules, 
  then there must be a security exception for DNS requests.  This is 
  specified in the Security Exceptions tab in the following way: 

  Protocol  Local Port  Remote Port
    TCP        Any          53
    UDP        Any          53

  NOTE: These rules are created by default when Packet Protect is 
  installed, but they can be altered or deleted by the user. 

* If the DNS is communicating WITH IP Security enabled, then you must 
  create a new rule that allows DNS communication with matching 
  security. This must be the first rule in the list. (You must specify 
  the DNS by it's IP number.) In addition, you must remove the two 
  security exceptions (see prior bullet). If this step is not done, 
  security violations will occur.


Communicating with Windows 2000
===============================

Packet Protect 2.0 can communicate with the IPSec implementation in 
Windows 2000, but there are two restrictions:

* Use the "All IP Traffic" protocol filter
* Use a matching preshared key

Use the "All IP Traffic" Protocol Filter
----------------------------------------

On Windows 2000, the rule used to communicate with Packet Protect 
clients must be set to "All IP Traffic" protocol filter, even if you 
are only interested in specific protocols (e.g. TCP, UDP, etc) on 
top of IP.

For example, if you are only interested in TCP communications between 
Windows 2000 and Packet Protect, you must create a new rule in 
Windows 2000, which can communicate with the active rule or default 
behaviour on Packet Protect.  If you select TCP as the protocol 
filter in the Windows 2000 rule, the communication will FAIL.  You 
MUST select "All IP Traffic" filter instead.

Use a Matching Preshared Key
----------------------------

Since all default rules in Windows 2000 use Kerberos for 
authentication (not supported in Packet Protect version 2.0), you 
must either add a preshared key to the authentication methods in the 
"All IP Traffic" default rule, or you must create a new rule with 
"All IP Traffic" protocol filter AND a matching pre-shared key as one 
of its authentication methods.  This pre-shared key must match what 
is in use with Packet Protect.


Other Known Issues
==================

- If you are using Packet Protect on a system with Windows 98 Retail 
  version, and are using a dual-port network adapter, low-level 
  protocols such as PING directed at this system may not be received.  
  This condition only occurs when both ports are on the same subnet. 

- If you are using Windows 98 Retail with the Service Pack 1 (SP1) 
  upgrade, and attempt to disable the network adapter using the 
  Device Manager utility, the Control Panel window will appear to 
  hang.  To resolve this condition, press Ctrl-Alt-Delete, and shut 
  down the MSGSRV32 process. 

- If you are using Packet Protect on a system with Windows 98 Second 
  Edition, heavy and continuous traffic conditions over several days 
  or weeks without a reboot may cause system behavior to become 
  sluggish and/or erratic.  To correct this condition, you must reboot 
  the system.  Additional diagnosis and remedy information is provided 
  in the Troubleshooting section of the user guide. 

- The Default Rule conflicts with Secure Responder behavior.  Secure 
  Responders should initiate communication without security.  
  However, the Default Rule, if present, takes precedence over the 
  Secure Responder behavior and always initiates communication with 
  security.  In this case, Secure Responders act like Secure 
  Initiators when the Default Rule is present.  You can delete the 
  Default Rule.  If you do, then Secure Responders will initiate 
  communications without security, or "in the clear."

- During client startup, the client may communicate "in the clear" 
  for a few seconds, even though it may require protection.  This is 
  because the computer is initiating itself on the network.  During 
  this time period, the IP stack is open to IP-based network 
  intrusions.

- Packet Protect can offload IPSec encryption and authentication tasks
  to Intel PRO/100 S Server and Intel PRO/100 S Management adapters.  
  Packet Protect supports the AH and ESP IPSec security formats.  AH 
  and ESP can be used separately or in combination (AH+ESP) to secure 
  packets.  When the combined AH+ESP security format is used, only AH 
  authentication will offload to the adapter.

- Packet Protect does not compress packets before they are sent using 
  IPSec.

- Packet Protect does not support IPSec tunnel mode.

- Certificates are not supported in Windows 98 systems.

- The pre-shared key is stored in the registry and is "in the clear."
  Anyone with access to the registry can view the pre-shared key.

- When using the Default Rule, computers that operate as Secure 
  Responders will initiate communication with security and not in the 
  clear.

- Multicast traffic (defined as having an IP address between 224.0.0.0
  and 239.255.255.255) will always be transmitted in the clear.

- Security exceptions and ports that are kept open allow traffic to 
  pass with no security. This leaves the system open to intruders. 

- If a system running Packet Protect has an adapter configured with 
  multiple IP addresses, all communications via any IP address other 
  than the first one (the primary IP address) will fail to negotiate 
  IPSec Security Association. Hence the communication will NOT be 
  secure. 

- Packet Protect is not compatible in systems that are performing 
  IP Forwarding.

- If an IPSec enabled client needs to communicate with a server that 
  has a combination of IPSec enabled and non-IPSec adapters, the 
  client must have an explicit rule in the IPSec Policy that allows 
  communication to the server with no security:

  destination work group = <server's non-ipsec ip address>
  security action = allow communication in the clear

- If you are running on a non-English operating system which uses a 
  double-byte language (e.g., Kanji), the directory path to the 
  executable files must be specified in ANSI text (e.g., English). 
  If there are any double-byte characters in the path, Packet Protect 
  may not run properly. 

- Under certain high-stress conditions, drive mapping over a network 
  may fail, causing incomplete or failed file transfers. 


----------------------------------------------------------
* Brand, name, or trademark or brand owned by another company.

Copyright (C) 2000, Intel Corporation.


                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     
Download Driver Pack

How To Update Drivers Manually

After your driver has been downloaded, follow these simple steps to install it.

  • Expand the archive file (if the download file is in zip or rar format).

  • If the expanded file has an .exe extension, double click it and follow the installation instructions.

  • Otherwise, open Device Manager by right-clicking the Start menu and selecting Device Manager.

  • Find the device and model you want to update in the device list.

  • Double-click on it to open the Properties dialog box.

  • From the Properties dialog box, select the Driver tab.

  • Click the Update Driver button, then follow the instructions.

Very important: You must reboot your system to ensure that any driver updates have taken effect.

For more help, visit our Driver Support section for step-by-step videos on how to install drivers for every file type.

server: web5, load: 0.98