Just as Chapter 5, Securing Network Services and Protocols, discussed new challenges in securing network transmissions for users in a LAN environment, the increasing prevalence of the Internet as a communications necessity has also made life both easier and harder for users who want to access network resources from a home office or other remote location. Even a scant half- decade ago, remote access for home users was primarily limited to dial-up modems connected directly to a LAN server, and satellite offices relied primarily on dedicated WAN links that merely extended the geography of the LAN ”the bandwidth was not shared with other companies and only needed to be secured in the same manner as other LAN traffic. This provided good data security, but created great inconvenience and expense for remote users who were faced with long-distance telephone charges and costs of expensive dedicated links. Using the Internet as a communications medium, by contrast, allows individuals and businesses to leverage existing Internet connectivity (including the increasing number of broadband installations in residences) to access company resources. However, this ease of use comes at a price: without proper planning and implementation, network security could suffer significant losses from transmitting sensitive data over a public network like the Internet. This has led to the increasing popularity of virtual private network, or VPN, technology within the corporate enterprise.
Windows Server 2003 offers a number of remote connectivity services and applications that we discuss in this chapter. Depending on your connectivity needs, Windows Server 2003 can actually function as a basic router, acting as a traffic cop to direct network communications between geographically disparate locations. Windows uses two common, standards-based routing protocols to accomplish this: the Routing Information Protocol, or RIP, and the Open Shortest Path First, or OSPF, algorithm. We discuss both of these in detail.
The remainder (and indeed the bulk) of this chapter discusses the more common use of Windows Server 2003 as a VPN server. Windows Server 2003 offers a number of options to secure traffic between LANs, between routers, and for end users who want to connect to network resources. Within a corporate enterprise, network administrators can configure policies to ensure that all traffic is sufficiently encrypted, and to control the use of company resources for VPN usage. Remote access policies can control any aspect of the VPN connection process, accepting or rejecting connections based on user authentication, connection type, time of day, and the like. In this chapter, we focus on the best ways to design and deploy the Windows Server 2003 VPN technologies in a large environment, to provide remote access to those who need it without sacrificing the overall integrity of the corporate network data and resources.