Index_I-K


I-K

IAS (Internet Authentication Service)

access server vulnerabilities 361

account lockout 360

accounting described 321

additional resources 373–374

architecture 317

auditing described 321

authentication described 321

authentication methods See authentication methods for IAS

authentication protocols 354–357

authorization described 321

client-specific remote access policies 352

common vs. custom remote access policies 349–351

concepts 316–321

conditions for remote access policies 350

configuring remote access policies 347–352

definitions 321

deployment overview 313–314

deployment process 315

described 321

designing IAS See designing IAS

digital signature 360

implementing deployments See implementing IAS

installing computer certificates 359, 583–584

integrating with certificate infrastructure 357–359

Internet firewalls 360

IPSec traffic security 361

Message-Authenticator attribute 360

Network Access Quarantine Control 348

optimizing IAS See optimizing IAS

permissions for remote access policies 350

profile properties for remote access policies 350

Quarantine Remote Access Policy 352

RADIUS client described 321

RADIUS protocol described 321

RADIUS protocol overview 316

RADIUS proxy described 321

RADIUS server described 321

RADIUS shared secrets 359, 361

remote access groups 346

remote access policies for switch access clients 352

remote access policies for users and groups 351

remote access policies for VPN clients 352

remote access policies for wireless access clients 352

remote access policy overview 345

remote access policy restrictions 351

remote client access authorization 346

securing RADIUS servers and proxies 359–361

security overview for remote access 353

server deployments for RADIUS authentication 522

signature attribute 360

specifications for common remote access policies 349

specifications for custom remote access policies 349

terms 321

user accounts 347

VPN tunnels 361

Windows Server 2003 features 318–320

IEEE 802.11 554

IEEE 802.1X 554

IETF (Internet Engineering Task Force) 316

IGMP (Internet Group Management Protocol) 40

IKE (Internet Key Exchange) 287, 294

illegal addresses 25

implementing Connection Manager

distributing certificates 449

distributing service profiles 451

example See Connection Manager implementation example

Internet enrollments 449

intranet enrollments 450

overview 448

security education for users 450

testing deployments 449

implementing DHCP

BOOTP client support 99–101

configuring clients 98–101

example See DHCP implementation example

exporting settings from Windows NT 4.0 or Windows 2000 97

importing settings to Windows Server 2003 98

installing on servers 96

migrating existing servers 96–98

Netsh tool 98

overview 95

remote access client support 99

testing deployments 101

implementing dial-up networking

configuring connections to clients 425

configuring connections to intranet 425–426

configuring encryption 426

configuring ports for remote access 425–426

configuring remote access servers 424–425

configuring TCP/IP on LAN adapter 425

overview 423

implementing DNS

conditional forwarding 171

configuring aging 171

configuring dynamic updates for servers 171

configuring replication scope 172

configuring scavenging 171

configuring zone transfers 172

deployment tools 173

Dnscmd.exe 173

Nslookup.exe 173

overview 168

preparing for deployments 169

setting up clients 173

setting up servers 169–170

setting up zones 170

verifying server operation 172

implementing IAS

compatibility with third-party access servers 371–372

configuring firewalls to support RADIUS traffic 369

configuring primary RADIUS proxy in perimeter network 368

configuring primary RADIUS server on domain controller 365

configuring RADIUS clients 371

configuring RADIUS server authentication and accounting 366

configuring secondary RADIUS proxy in perimeter network 368

configuring secondary RADIUS server on domain controller 366

configuring user accounts and groups for RADIUS servers 364

custom attributes for third-party access server compatibility 372

deploying IAS as RADIUS proxy 367–371

deploying IAS as RADIUS server 363–366

filters on Internet interface 369

overview 362

vendor-specific attributes for third-party access server compatibility 372

implementing IPSec

network deployments 308

overview 305

RSoP (Resultant Set of Policy) 307

testing in pilot projects 307–308

testing in test labs 306–307

implementing ISA Server

cache mode 218–219

firewall mode 218

forward cache mode 218

installing in a domain 224

integrated mode 220

overview 237

reverse cache mode 219

steps for 238–240

implementing remote site-to-site connections

Active Directory deployments 521

Active Directory user accounts and groups 523–524

authentication methods 543

authentication providers 543

auto-static updates 539

certificate deployments 522

demand-dial filters 546

deployment tasks 520

dial-out or dial-in hours 545

disconnect intervals 537

EAP-TLS computer and user certificates 527

IAS server deployments for RADIUS authentication 522

initiating connections 546

Internet access through calling router 540–541

intranet connections 525

IP packet filters 546

joining routers to domains 526

L2TP/IPSec computer certificates 526

multicast connectivity between sites 542

overview 518

performance for Internet traffic 541

persistent connections 537

ports 544

remote access policies 534–536

replication 547–549

routers in perimeter networks 526

Routing and Remote Access 527–533

routing protocols 540

security for Internet traffic 540

static routes 537–539

test deployments in test labs 518–519

testing connectivity 547

WAN adapters 524

implementing VPN

Configure Your Server Wizard 407

configuring account lockout 422

configuring encryption 421

configuring filters for servers behind firewalls 409

configuring filters for servers in front of firewalls 413

configuring name resolution 409

configuring Network Access Quarantine Control 416417

configuring packet filters 409–415

configuring routing 417–419

configuring TCP/IP 407–409

firewalls 409–415

installing certificates for connections 420–421

Internet configuration for TCP/IP 408

intranet interface configuration for TCP/IP 409

L2TP/IPSec connections for servers behind firewalls 411

L2TP/IPSec connections for servers in front of firewalls 415

L2TP/IPSec Internet interface of firewalls 412

L2TP/IPSec perimeter network interface of firewalls 412

overview 406

perimeter network interface configuration for TCP/IP 408

PPTP connections for servers behind firewalls 409

PPTP connections for servers in front of firewalls 414

PPTP Internet interface of firewalls 410

PPTP perimeter network interface of firewalls 411

remote access server configuration tasks 407

routing for clients 418–419

security 420–422

servers behind firewalls 409

implementing WINS

conversion files 209

evaluating deployments 210

migrating to Windows Server 2003 208

overview 207

testing deployments 210

implementing WLAN test environments

adding APs as RADIUS clients 587

certificate infrastructure 582–587

configuring Active Directory 580

configuring DNS and DHCP 582

configuring encryption for remote access policy 589

configuring Group Policy settings 591

configuring IAS RADIUS servers 587–589

configuring wireless adapter on wireless clients 589

configuring wireless APs 580

creating remote access policy for wireless clients 588

expanding test deployments 590–592

initial test deployments 579

installing computer certificates on IAS servers 583–584

installing computer certificates on wireless clients 584–586

installing single-tier CA (certification authority) 582

installing three-tier CA (certification authority) 592

installing user certificates on wireless clients 584–587

overview 578

setting up test deployments 579

testing deployments 589–590

increasing DHCP default lease duration 87

incremental zone transfer, DNS 151

industry tests for TCP/IP networks 66

information options, DHCP 92

installing

backup RADIUS proxies for IAS 331

backup RADIUS servers for IAS 330

computer certificates for EAP-TLS 527

computer certificates for IAS access clients 359

computer certificates for IAS servers 359, 583–584

computer certificates for L2TP/IPSec 526

computer certificates on wireless clients 584–586

DHCP on servers 96

ISA Server in a domain 224

PBA for Connection Manager 436

user certificates on wireless clients 584–587

user certificates for EAP-TLS 527

VPN certificates for connections 420–421

integrated mode, ISA Server 220

integrating

DHCP with DNS and WINS 27

DHCP with other services 81–84

DNS with Windows Server 2003 services 164–167

IAS with certificate infrastructure 357–359

remote site connections into Active Directory 510–512

remote site connections into networks 501–512

VPN servers into perimeter networks 485–486

Windows Server 2003 DNS into existing namespace 129–130

WINS with other services 205–207

internal DNS domains 125–126

internal DNS root 127–128

Internet

DNS status 121

L2TP/IPSec firewalls 412

PPTP firewalls 410

traffic for remote site connectivity 505–506

Internet Authentication Service See IAS (Internet Authentication Service)

Internet Engineering Task Force (IETF) 316

Internet Group Management Protocol (IGMP) 40

Internet Key Exchange (IKE) 287, 294

Internet Protocol security See IPSec (Internet Protocol security)

Internet Protocol Version 4 See IPv4 (Internet Protocol Version 4)

Internet Protocol Version 6 See IPv6 (Internet Protocol Version 6)

Internet Security and Acceleration Server See ISA Server

interoperability, ISA Server 222–224

intranet

Connection Manager enrollments 450

dial-up connections 425–426

remote site-to-site connections 525

VPN interface 409

IP address lease and renewal, DHCP 74

IP addressing schemes

address allocation methods 23

aggregation 20–21

CIDR (classless interdomain routing) 22–23

classless IP addressing 16–18

classless routing 18–20

design overview 14–15

private vs. public addresses 23–25

route summarization 20–21

structured address assignment model 16

supernetting 22–23

VLSM (variable length subnet mask) 21–22

wireless LANs 559–561

IP configuration strategy 26–28

IP multicasting

configuring client computers 42

configuring for remote site-to-site connectivity 542

configuring IGMP 40

configuring IP multicast scopes 41

DVMRP (Distance Vector Multicast Routing Protocol) 39

MADCAP (Multicast Address Dynamic Client Allocation Protocol) 37–38

MOSPF (Multicast Extensions to OSPF) 39

overview 35–37

PIM (Protocol-Independent Multicast) 39

PIM-DM (Protocol-Independent Multicast Dense Mode) 39

PIM-SM (Protocol-Independent Multicast Sparse Mode) 39

routers 38–39

IP packet filters See packet filtering

IPSec (Internet Protocol security)

additional resources 309

AH (Authentication Header) 250

assigning policies See assigning IPSec policies

authentication 250–251, 267

broadcast traffic failures 267

cluster node connectivity loss 267

compatibility 247

concepts 246–251

connecting remote sites 491–492

cryptography 250

decreased throughput 266

decrypting traffic for firewall inspections 263

default exemptions 249

default response 250

definitions 250–251

deployment overview 243–245

deployment process 245

designing policies See designing IPSec policies

determining needs 252–269

endpoint not supporting IPSec 263

end-to-end security 256–260

ESP (Encapsulating Security Payload) 250

example of corporate network deployment 268–269

example of end-to-end security 259

filter actions 250

filters 248, 251

gateway-to-gateway tunneling 262

GPO (Group Policy object) 251

Group Policy 250

ICMP failures 267

implementing deployments 305–309

multicast traffic failures 267

NAT-T incompatibility 266

NAT-T support 248

Netsh tool 249, 251

network deployments 308

networking inspection technologies 266

offload cards for remote site connectivity 515

packet filtering 255–256

peer-to-peer communication 257

PFS (perfect forward secrecy) 251

policy described 251

reduced computing performance 265

RSoP (Resultant Set of Policy) 249, 307

rules 251

securing application server 258

slower connections 265

solutions 246

TCP/IP network security 30–31

terms 250–251

testing deployments in pilot projects 307–308

testing deployments in test labs 306–307

tradeoffs 265–267

transport mode 251, 255

tunnel endpoint 251

tunnel mode 251, 261–264

Windows Server 2003 features 248–249

WINS security using tunnels 204

IPSec (Internet Protocol Security)

IAS traffic security 361

IPSec examples

corporate network deployment 268–269

end-to-end security 259

IPSec NAT Traversal (NAT-T) See NAT-T (IPSec NAT Traversal)

IPv4 (Internet Protocol Version 4)

coexisting with IPv6 42

compared to IPv6 55

configuring DNS for IPv6/IPv4 coexistence 62–63

enabling IPv4 applications for IPv6 using PortProxy 64

history of 44

node types 48

routing IPv6 traffic over IPv4 infrastructure 56–61

unicast addresses 16

IPv6 (Internet Protocol Version 6)

address types 49

addresses assigned to hosts and routers 54

addressing overview 48–49

anycast addresses 54

APIs that support Windows Server 2003 47

compared to IPv4 55

configuring DNS for IPv6/IPv4 coexistence 62–63

enabling IPv4 applications for IPv6 using PortProxy 64

feature upgrades from IPv4 44

features supported by Windows Server 2003 45

multicast addresses 53

multicast solicited node address 54

node types 48

overview 42–43

routing IPv6 traffic over IPv4 infrastructure 56–61

server applications supported by Windows Server 2003 46

stateful address configurations 49

stateless address configurations 49

tools supported by Windows Server 2003 47

unicast 6to4 addresses 52

unicast global addresses 50

unicast ISATAP addresses 52

unicast link-local addresses 51

unicast loopback addresses 51

unicast site-local addresses 51

unicast unspecified addresses 51

Windows Server 2003 features 44–48

ISA Server

adding computers 229

additional resources 241

array vs. stand-alone 230

availability overview 225

back-to-back perimeter network 234

cache mode 218–219

capacity planning 226–229

client types 220–221

configuring in an array 230–231

connecting remote sites 233

deployment process 215

DNS round-robin 231

Enterprise Edition vs. Standard Edition 230

extranets 236

firewall clients 220

firewall mode 218

firewall requirements 228

forward cache mode 218, 228

hardware requirements 227

implementation overview 237

implementation steps 238–240

installation modes 217

installing in a domain 224

integrated mode 220

interoperability 222–224

network services 224

overview 213–214

reverse cache mode 219, 229

roles overview 216

running other services 223

scalability 230

SecureNAT clients 220

securing network perimeters 233–235

security overview 232

three-homed perimeter network 235

Web Proxy clients 220

iterative DNS queries 119

Kerberos V5 IPSec authentication 285




Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
Microsoft Corporation Microsoft Windows Server 2003 Deployment Kit(c) Deploying Network Services 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 146

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net