With remote access, you are basically opening the door for remote access clients to access the internal network. With this arises the topic of security. You need to be able to allow certain clients remote access while keeping the door closed to everyone else. You also want to ensure that the data being sent between a remote access client and a remote access server is secure. To meet these requirements, Windows 2000 supports a number of authentication and encryption protocols. Configuring Authentication ProtocolsWindows 2000 supports a number of authentication protocols that can be used to authenticate dial-up clients. Knowing the features and differences between each is important to achieving success on the exam.
Using the Properties dialog box for the remote access server, as shown in Figure 4.15, you can configure which authentication protocol the remote access server can use to authenticate remote clients. Clicking the Authentication Methods button opens the Authentication Methods dialog box, in which you can select the authentication protocols available on the server. Figure 4.15. Configuring authentication methods.
Once you've enabled the authentication protocols at the server level, you can specify which of the authentication protocols are available for each remote access policy using the Authentication tab in the policy's properties dialog box (see Figure 4.16). Figure 4.16. Configuring authentication methods in a remote access policy.
Configuring Encryption ProtocolsIf you're sending sensitive data across the network, you may want to add another level of security by implementing some form of data encryption. The two types of encryption available are as follows :
You configure encryption for a dial-up connection at the policy level. To do so, open the Properties dialog box for the remote access policy and select the Encryption tab (see Figure 4.17). Select one or more of the following encryption levels:
Figure 4.17. Configuring the encryption level.
Creating a Remote Access PolicyEarlier in the chapter, you looked at the elements of a remote access policy. Those were conditions, permissions, and profile settings. As already mentioned, once RRAS is enabled, a default policy is automatically created called Allow Access If Dial-in Permission Is Granted. However, there may be instances whereby you need to configure additional policies to meet security requirements and the needs of the remote access clients. To create a new remote access policy, right-click the Remote Access Policies container within the Routing and Remote Access management console and click New Remote Access Policy. You are prompted to specify a name for the policy and configure the conditions, permissions, and profile settings. Once complete, the policy will be listed under the Remote Access Policies container. The policy settings can be changed at any time using the policy's Properties dialog box. Policies are evaluated in the order in which they appear within the management console. The order can be changed by right-clicking a policy and choosing the Move Up or Move Down options. |