Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

Are VPN connections more secure than regular dial-up connections?

no. regular dial-up connections do not transfer data over public networks. the capability of most attackers to intercept packets crossing the analog telephone network is small at best. with proper design, however, vpn connections can be made very secure.

2.  

Do vendors besides Microsoft support RIP and OSPF?

yes, but support for ospf is more ubiquitous. ospf is more complex than rip, but is more efficient. both protocols can be secured.

3.  

Do demand dial routes use OSPF?

no. static routes must be manually added for use with demand dial routes. automatic static routes can be used, with slightly increased security risk.

4.  

Can L2TP be used if my network uses Network Address Translation (NAT)?

windows server 2003 supports nat traversal (nat-t), which means that l2tp packets can be forwarded across nat. pptp can cross a nat server without the aid of nat-t.

5.  

If L2TP is more secure than PPTP, why would I want to use PPTP at all?

using l2tp requires an existing public key infrastructure (pki) in order to support certificate authentication. implementing such an infrastructure can be needlessly complicated in a smaller network or one that does not require the highest security levels.

6.  

Can my VPN be used behind a firewall?

yes, but you will need to let through the appropriate tunneling traffic. this can mean allowing tcp port 1723 for pptp, udp port 500 and udp port 1701 among others for l2tp. if a firewall blocks everything but what is absolutely necessary, it is doing its job.

Answers

1.  

No. Regular dial-up connections do not transfer data over public networks. The capability of most attackers to intercept packets crossing the analog telephone network is small at best. With proper design, however, VPN connections can be made very secure.

2.  

Yes, but support for OSPF is more ubiquitous. OSPF is more complex than RIP, but is more efficient. Both protocols can be secured.

3.  

No. Static routes must be manually added for use with demand dial routes. Automatic static routes can be used, with slightly increased security risk.

4.  

Windows Server 2003 supports NAT Traversal (NAT-T), which means that L2TP packets can be forwarded across NAT. PPTP can cross a NAT server without the aid of NAT-T.

5.  

Using L2TP requires an existing public key infrastructure (PKI) in order to support certificate authentication. Implementing such an infrastructure can be needlessly complicated in a smaller network or one that does not require the highest security levels.

6.  

Yes, but you will need to let through the appropriate tunneling traffic. This can mean allowing TCP port 1723 for PPTP, UDP port 500 and UDP Port 1701 among others for L2TP. If a firewall blocks everything but what is absolutely necessary, it is doing its job.



Previous page
Table of content
Next page
MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122
Authors: Elias Khasner, Laura E. Hunter
BUY ON AMAZON
Documenting Software Architectures: Views and Beyond
Network Security Architectures
Postfix: The Definitive Guide
InDesign Type: Professional Typography with Adobe InDesign CS2
Microsoft Office Visio 2007 Step by Step (Step By Step (Microsoft))
.NET-A Complete Development Cycle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy