Best Practices

 <  Day Day Up  >  

The following are best practices from this chapter:

  • Use the EAP-TLS authentication protocol for both PPTP and L2TP connections

  • If a smartcard will be used, or if a certificate infrastructure that issues user certificates exists, use EAP-TLS.

  • Use MS-CHAP v2 and enforce strong passwords using group policy if you must use a password-based authentication protocol.

  • Use IPSec to provide per packet data authentication (proof that the data was sent by the authorized user), data integrity (proof that the data was not modified in transit), replay protection (prevention from resending a stream of captured packets), and data confidentiality (prevention from interpreting captured packets without the encryption key).

  • L2TP/IPSec connections provide stronger authentication by requiring both computer-level authentication through certificates and user-level authentication through a PPP authentication protocol.

  • PPTP does not require a certificate infrastructure. L2TP/IPSec requires a certificate infrastructure for issuing computer certificates to the VPN server computer (or other authenticating server) and all VPN client computers.

  • Use PPTP for versions of Windows prior to Windows 2000 and Windows XP.

  • For an environment with a hundred or more remote access VPN clients , configure the remote access solution automatically using the Connection Manager Administration Kit.

  • Logging remote access activity uses system resources; therefore, use it sparingly to help identify network problems.

  • Do not leave tracing enabled on multiprocessor computers.

 <  Day Day Up  >  


Microsoft Exchange Server 2003 Unleashed
Microsoft Exchange Server 2003 Unleashed (2nd Edition)
ISBN: 0672328070
EAN: 2147483647
Year: 2003
Pages: 393
Authors: Rand Morimoto

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net