Chapter 9: Configuring and Troubleshooting Remote Access and VPN Authentication

Introduction

Much of this book has discussed the different ways to secure Windows 2000 systems, both from a server perspective and by securing network-connected users. In this chapter, we cut the cord—it's time to discuss how to provide secure connectivity to your remote users. Welcome to the world of the mobile employee, the driving force behind the need for secure remote access.

One of the largest security challenges facing network administrators and security professionals in today's business environment is the fact that every employee needs access to data. Mail, the corporate intranet, the sales database—all need to be accessed from virtually anywhere. Users are no longer tied to corporate networks, and in many companies it's more likely for an employee to connect to the Internet than it is for them to connect to the company's physical network. This situation has resulted in the blurring of the lines between what is considered the corporate network and the Internet, as well as a blurring of the obligations of IT departments in keeping companies' proprietary information secure. Gone are the days when building a strong perimeter with firewalls and screening routers is enough to ensure the integrity of your data. Now the chances are very good that part of your job will be to create breaches in that perimeter to provide access to the very information you need to protect. This increasing demand has driven some of the largest innovations in the Windows 2000 operating system.

Unlike many of its predecessors, Windows 2000 was architected with these new demands in mind. Microsoft recognized the challenges faced by the administrators of its operating systems and provided the tools and mechanisms to provide connectivity from beyond the LAN/WAN while still providing security as part of the core design. Microsoft has been much maligned over the security of its operating systems, but a properly configured Windows 2000 server can be used to deliver secure connectivity over the now commonplace dial-up and Internet-based connection methods used by today's companies.

The tools and services included with the Windows 2000 operating system not only provide a wide range of connectivity methods, they also give administrators a high degree of control and flexibility. These solutions range from the use of new authentication methods and secure dial-up procedures to the latest in strong encryption protocols and IP security.

The two services we discuss in the chapter are the Remote Access Service (RAS) and virtual private networks (VPNs), both of which are included as part of the Routing and Remote Access Service (RRAS) of the Windows 2000 operating system. Although on the surface these services might seem completely different types of remote access mechanism, they are very closely integrated in the RRAS and can be used in combination to provide secure, flexible remote access solutions for virtually every need.

To truly understand the use of these technologies, you must understand how to configure and maintain remote access policies. Remote access policies are the core of the Windows 2000 RRAS and provide incredibly granular and flexible configuration settings for both RAS and VPN connections. This granularity and flexibility unfortunately come at the expense of ease of use; remote access policies can be very complex, and you need an in-depth understanding of them if you are to successfully provide secure remote access to your users.

To ensure that you fully understand these services, we cover in detail how to configure authentication for secure remote access and how to configure and troubleshoot VPN protocols. From there we take a closer look at how remote access policies work. We finish the chapter with a discussion of configuring secure client connections to take advantage of remote access and VPN services. As you work your way through the chapter, it's important to remember that Microsoft has provided a solid, scalable, secure remote access solution for business requirements. While we discuss these services in context of the 70-214 exam, think about how you might use these services to solve real-world business problems. Not only will this perspective help you understand the information in the chapter, it will also serve you in good stead in your existing or future job. Remote access and security are critical components of many of the Windows 2000-related jobs today and will only become more critical as the environment and business challenges continue to evolve.

Before we jump into setting up our first RAS, we need to cover some of the theory behind remote access authentication in the Windows 2000 operating system. Let's start by discussing the remote access authentication protocols supported by Windows 2000.



MCSE. MCSA Implementing & Administering Security in a Windows 2000 Network Study Guide Exam 70-214
MCSE/MCSA Implementing and Administering Security in a Windows 2000 Network: Study Guide and DVD Training System (Exam 70-214)
ISBN: 1931836841
EAN: 2147483647
Year: 2003
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net