Objective 3.7: Configure Security for Remote Access Users

Security does not end at the perimeter network firewall. Almost all networks have users that access them remotely. A network that is secured internally is still vulnerable if remote access connections are not properly configured. The two most popular ways to remotely access a network are by dial-up analog modem connection and by a virtual private network (VPN) tunnel through the Internet. Both of these methods of remote access are secured by setting remote access policies on a Routing and Remote Access (RRAS) server.

It is important to understand the various authentication methods. Certain authentication methods can be used with encrypted connections, and other authentication methods cannot. Some authentication methods are only compatible with Windows 2000, with Windows XP, or with Windows Server 2003, and others can be used by almost any client that can connect by modem. Similarly, it is important to understand the difference between tunneling protocols available to Windows XP–based and Windows Server 2003–based VPN clients.

Administrators in the position of needing to roll out a substantial number of connections to computers in an organization can use the Connection Manager Administration Kit. This will create an executable file to completely configure a remote access connection to a network.