Although stronger security methods based on cryptography have become necessary to fully protect communication, they can often greatly increase administrative overhead. To reduce overhead, IPSec uses policy-based administration.
IPSec policies, rather than application programming interfaces (APIs), are used to configure IPSec security services. The policies provide variable levels of protection for most traffic types in most existing networks.
You can configure IPSec policies to meet the security requirements of a computer, application, organizational unit, domain, site, or global enterprise. You can use the IP Security Policies snap-in provided in Windows XP to define IPSec policies for computers through Active Directory (for domain members), or on the local computer (for computers that do not belong to domains).