Using Internet Authentication Service to Increase VPN Security

Previous page
Table of content
Next page

  < Day Day Up > 


To maximize compatibility, VPNs in Windows Small Business Server 2003 aren’t locked down as tightly as they could be. However, you can increase VPN security significantly with no compatibility problems as long as all clients run Windows 98 or later with High Encryption (128 bit) support. To do so, first install Internet Authentication Service (IAS), Microsoft’s implementation of a Remote Authentication Dial-In User Service (RADIUS) server. (IAS is also needed for L2TP VPNs and 802.1X wireless authentication.)

To install IAS, complete the following steps:

  1. Open Add Or Remove Programs in Control Panel and then click Add/ Remove Windows Components. The Windows Components Wizard opens.

  2. On the Windows Components page, select Networking Services and click Details.

  3. In the Networking Services dialog box, select the check box next to Internet Authentication Service, click OK, and then click Next. The Windows Components Wizard installs IAS. Click Finish when it’s done.

Once IAS is installed, use the following steps to modify the Windows Small Business Server Remote Access Policy to disable the use of Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) authentication and require 128-bit encryption:

  1. From the Start menu, choose the Administrative Tools folder and then select Internet Authentication Service. This opens the Internet Authentication Service console.

  2. Select Remote Access Policies and then double-click Small Business Remote Access Policy (Figure 15-7).

    click to expand
    Figure 15-7: The Internet Authentication Service console.

  3. In the Small Business Remote Access Policy Properties dialog box, click Edit Profile. The Edit Dial-In Profile dialog box appears.

  4. Click the Authentication tab and then clear the Microsoft Encrypted Authentication (MS-CHAP) check box.

  5. Click the Encryption tab (Figure 15-8) and clear all check boxes except Strongest Encryption (MPPE 128 bit), and then click OK.

click to expand
Figure 15-8: The Encryption tab of the Edit Dial-In Profile dialog box.

Note 

Disabling MS-CHAP authentication prevents Microsoft Windows 95 clients from establishing remote access connections unless you install the Dial-Up Networking 1.3 Performance And Security Update for Windows 95, or upgrade the clients to Windows 98 or newer.


 < Day Day Up > 


Previous page
Table of content
Next page
Microsoft Windows Small Business Server 2003 Administrator's Companion
Microsoft Windows Small Business Server 2003 Administrators Companion (Pro-Administrators Companion)
ISBN: 0735620202
EAN: 2147483647
Year: 2004
Pages: 224
Authors: Charlie Russel, Sharon Crawford, Jason Gerend
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Beginning Cryptography with Java
CISSP Exam Cram 2
C++ How to Program (5th Edition)
Information Dashboard Design: The Effective Visual Communication of Data
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy