Exam Essentials

Know that the preferred VPN technology on Microsoft platforms is L2TP/IPSec. L2TP/ IPSec provides the strongest mechanisms for authentication, encryption, and packet integrity.

Understand the various authentication protocols used on Windows Server 2003. EAP-TLS is the strongest and most versatile authentication protocol, but not everyone will be able to maintain the PKI infrastructure to support it. MS-CHAPv2 is not as strong, but it is simpler to set up than EAP-TLS. You should choose MS-CHAPv2 when EAP-TLS is not available due to lack of infrastructure. You would use EAP-TLS or CHAP to authenticate non-Windows clients.

Recognize that not all data will need to be encrypted. Be able to determine what data should be encrypted and, to conserve resources, apply encryption to just those situations.

Design security for the vulnerabilities that the company’s data may face. Consider eavesdropping, DoS, data alteration, and spoofing in your data security design. Know what technologies can overcome these vulnerabilities in a given situation.

Remember to take advantage of the caller ID and callback functions to increase demand-dial strength. You don’t want to rely on just the authentication mechanism to provide authentication if you don’t have to.

Understand how to secure a wireless network. Windows Server 2003 provides authentication through the 802.1x standard. This requires an 802.1x-compliant access point, IAS installed on the Windows Server 2003 network, and a public infrastructure to support EAP-TLS. You can avoid having to use smart cards or client certificates by using PEAP. At the very least, you should disable broadcasting of the SSID and enable WEP.