Best Practices

  • Use a very strong RADIUS shared secret key comprising a random set of alpha, numeric, and symbols. The key length should be between 22 and 128 characters and it should be changed periodically.

  • When configuring the ISA VPN server, be sure to check for alerts both in the ISA Management console and in the server's event log. The RRAS service often logs descriptive messages.

  • Use the IPSec pre-shared key to verify VPN communication during troubleshooting; this will help identify a problem with network or certificates. Refrain from using the pre-shared key in production environments to minimize security risks.

  • Deploy two-factor authentication methods such as SecurID or smart cards using EAP authentication whenever possible. This provides for secured L2TP/IPSec VPN encryption.

  • Simplify a PKI Certificate deployment through the AD autoenrollment when possible.

  • Use the Connection Management Administration Kit (CMAK) to simplify client VPN rollout.

  • Use Layer 2 Tunneling Protocol (L2TP) with IP Security (IPSec), instead of the Point-to-Point Tunneling Protocol (PPTP) to secure VPN connections whenever possible.

    Microsoft Internet Security and Acceleration ISA Server 2004 Unleashed
    Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed
    ISBN: 067232718X
    EAN: 2147483647
    Year: 2005
    Pages: 216
    Authors: Michael Noel

    Similar book on Amazon © 2008-2017.
    If you may any questions please contact us: