Chapter 7: Planning, Implementing, and Maintaining a Remote Access Strategy

Previous page
Table of content
Next page


Introduction

In today’s business world, users need access to the company network not only when they’re on company premises, but from home and when they’re on the road, as well. An important part of the network administrator’s job is to design and implement a strategy for allowing authorized users to connect to network resources without compromising security. Windows Server 2003 includes technologies and features that make this easier.

This chapter examines the issues and procedures involved in devising a remote access strategy, including planning tasks such as analyzing organizational needs, analyzing user needs, and selecting the remote access types that will be allowed (dial-in, VPN, and/or wireless). We’ll discuss design considerations related to dial-in access, such as the allocation of IP addresses, how to determine incoming port needs, and how to select the best administrative model based on your organizational needs and the functional level of your domain.

Next, we’ll talk about design considerations related to VPN access. You’ll learn how to select the VPN protocols to be allowed, based on client support, PKI requirements, and the need for data integrity and sender authentication. You’ll learn how to install machine certificates, how to configure firewall filters, and how to create access policies governing VPN connections.

In the next section, you’ll learn about the design considerations that relate to wireless remote access. We’ll discuss the use of IAS for wireless connections, and how to configure remote access policies for wireless connections. We’ll address the use of multiple WAPs and the advantages of placing a certification authority on a Virtual LAN (VLAN) for new wireless clients. We’ll also show you how to configure WAPs as RADIUS clients.

Finally, we move on to planning overall security strategies for remote access connections. We’ll discuss the best practices in selecting authentication methods that will be allowed, and the benefits of disallowing insecure password-based connections such as PAP, SPAP, CHAP, and MS-CHAPv1. We’ll then look at the more secure methods such as MS-CHAPv2 and EAP, and discuss the advantages of using RADIUS/IAS rather than Windows authentication. We’ll also address the selection of the data-encryption level and other security measures such as requiring callback, mandating operating system and file system choices, using managed connections, and using smart cards for remote access. We’ll delve deeply into the subject of remote access Policies and show you how to authorize remote access by user or group, how to restrict remote access in various ways, and how to control remote connections.


Previous page
Table of content
Next page
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure. Exam 70-293 Study Guide and DVD Training System
MCSE Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide and DVD Training System
ISBN: 1931836930
EAN: 2147483647
Year: 2003
Pages: 173
Authors: Syngress, Syngress Publishing, Thomas W. Shinder, Debra Littlejohn Shinder
BUY ON AMAZON
SQL Hacks
Managing Enterprise Systems with the Windows Script Host
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
An Introduction to Design Patterns in C++ with Qt 4
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy