Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Slides:

Advertisements

Similar presentations

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Advertisements

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

Module 5: Configuring Access for Remote Clients and Networks.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Configuring Virtual Private Networks for Remote Clients and Networks.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Remote Networking Architectures

Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Chapter 11: Dial-Up Connectivity in Remote Access Designs

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

Windows Server 2003 RRAS 安裝設定與管理維護林寶森

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Windows Server 2008 Chapter 9 Last Update

Configuring Routing and Remote Access(RRAS) and Wireless Networking

Chapter 20: Getting from the Office to the Road: VPNs BAI617.

1 Week #7 Network Access Protection Overview of Network Access Protection How NAP Works Configuring NAP Monitoring and Troubleshooting NAP.

Chapter 12 Chapter 12: Remote Access and Virtual Private Networks.

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 6: Configuring and Troubleshooting Routing and Remote Access

11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

70-411: Administering Windows Server 2012

Implementing Network Access Protection

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.

1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.

1 Week 6 – NPS and RADIUS Install and Configure a Network Policy Server Configure RADIUS Clients and Servers NPS Authentication Methods Monitor and Troubleshoot.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

Module 9: Configuring IPsec. Module Overview Overview of IPsec Configuring Connection Security Rules Configuring IPsec NAP Enforcement.

1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.

Module 11: Remote Access Fundamentals

VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.

Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.

Module 8: Configuring Network Access Protection

11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.

5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Module 9: Fundamentals of Securing Network Communication.

Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.

Configuring Network Access Protection

Module 5: Designing Security for Internal Networks.

1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.

Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

Configure and Security Remote Acess. Chapter 8 Advance Computer Network Lecture Sorn Pisey

1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.

Windows Vista Configuration MCTS : Advanced Networking.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.

Module 9: Configuring Network Access

Microsoft Windows NT 4.0 Authentication Protocols

Implementing Network Access Protection

Configuring and Troubleshooting Routing and Remote Access

Server-to-Client Remote Access and DirectAccess

Goals Introduce the Windows Server 2003 family of operating systems

Presentation transcript:

Module 9: Planning Network Access

Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy Selecting a Network Access Authentication Method Planning a Network Access Strategy

Lesson: Introducing Network Access Network Access Requirements Network Access Connections Network Access Authentication Protocols Connection Security Best Practices Security Hosts

Network Access Requirements Connectivity Protocol support Authentication Encryption Connectivity Protocol support Authentication Encryption Network Access Server IAS Server DHCP Server Domain Controller Dial-Up Client Wireless Access Point Wireless LAN Client VPN Client LAN Client

Network Access Connections Network Access Server IAS Server DHCP Server Domain Controller Dial-Up Client Wireless Access Point VPN Client LAN Wireless Clients

Network Access Authentication Protocols ProtocolDescription EAP EAP is a Point-to-Point Protocol (PPP)–based authentication mechanism that was adapted for use on point-to-point LAN segments PEAP PEAP is an EAP type that addresses a security issue in EAP by first creating a secure channel that is both encrypted and integrity-protected with TLS IEEE.802.1x IEEE 802.1x uses the physical characteristics of the switched LAN infrastructure to authenticate devices attached to a LAN port. Kerberos Kerberos authentication provides single sign on to resources within a domain and to resources residing in trusted domains.

Connection Security Best Practices Configure Ethernet network adapters  Smart card  Protected EAP  MD5-Challenge Support public key interactive logon Use IPSec Use a RADIUS infrastructure

Security Hosts Compare security hosts  Security host that performs authentication checks during a connection request  Security host that is called during the authentication process of the connection Use an interactive logon model

Lesson: Selecting Network Access Connection Methods LAN Solution Considerations VPN Solution Considerations Dial-Up Solution Considerations Multimedia: Planning for VPN and Dial-Up Clients Wireless Solution Considerations RADIUS Authentication Infrastructure Guidelines for Selecting Network Access Connection Methods

LAN Solution Considerations Administrator User Web Server Domain Controller LAN

VPN Solution Considerations VPN Tunnel Tunneling Protocols Tunneled Data VPN Tunnel Tunneling Protocols Tunneled Data VPN Client VPN Server Address and Name Server Allocation DHCP Server Domain Controller Authentication PPP Connection Transit Network

Dial-Up Solution Considerations Dial-Up Client Address and Name Server Allocation DHCP Server Domain Controller Authentication Remote Access Server Remote Access Server WAN Options: Telephone, ISDN, or X.25 WAN Options: Telephone, ISDN, or X.25 LAN and Remote Access Protocols LAN and Remote Access Protocols

Multimedia: Planning for VPN and Dial-Up Clients The objective of this presentation is to explain how to plan for VPN and dial-up clients You will learn how to:  Plan a server running Routing and Remote Access to provide dial-up or VPN services  Select a Routing and Remote Access configuration for dial-up or VPN services  Choose between a dial-up and a VPN solution

Wireless Solution Considerations DHCP Server IAS Server Domain Controller Wireless Client (Station) Wireless Client (Station) Wireless Access Point Address and Name Server Allocation Authentication Ports

RADIUS Authentication Infrastructure Internet RADIUS Server (IAS) RADIUS Server (IAS) RADIUS Client (RRAS) RADIUS Client (RRAS) Client Dials in to a local RADIUS client to gain network connectivity 1 1 Forwards requests to a RADIUS server 2 2 Authenticates requests and stores accounting information 3 3 Domain Controller Communicates to the RADIUS client to grant or deny access 4 4

Guidelines for Selecting Network Access Connection Methods Select network access connection methods for your enterprise Determine client requirements Determine infrastructure requirements

Practice: Selecting Network Access Connection Methods In this practice, you will select network access connection methods based on the provided scenario

Lesson: Selecting a Remote Access Policy Strategy Remote Access Policies Remote Access Policy Conditions User Account Dial-in Properties User Profile Options Guidelines for Selecting a Remote Access Policy Strategy

Remote Access Policies A remote access policy: Is stored locally, not in Active Directory Consists of:  Conditions  User permissions  Profile Is stored locally, not in Active Directory Consists of:  Conditions  User permissions  Profile

Remote Access Policy Conditions IP Addresses Authentication Type Authentication Type NAS-Port Type Time of Day Attributes Caller IDs User Groups

User Account Dial-in Properties Callback Options Apply Static Routes Apply Static Routes Remote Access Permission Remote Access Permission Verify Caller ID Assign a Static IP Address Dial-In Properties

User Profile Options ComponentDefines the… Authentication Authentication protocols that are to be used Encryption Level of MPPE encryption that is to be accepted Dial-in constraints Constraints that you would like to apply in the policy IP IP address that is assigned to the client, and what IP filters will be applied to the connection Multilink Allowable multilink connections where multiple ports can be combined for a connection Advanced Additional connection attributes (whether RADIUS or vendor-specific) that can be sent to the network access server to which the client is connecting

Guidelines for Selecting a Remote Access Policy Strategy Identify the remote access permissions that will be used Identify the remote access conditions that will be used Identify the remote access profile that will be used

Practice: Determining a Remote Access Policy Strategy In this practice, you will plan a remote access strategy by using the provided scenario to define the required remote access options

Lesson: Selecting a Network Access Authentication Method Server Authentication Models and Methods IAS as an Authentication Server Guidelines for Selecting IAS as an Authentication Provider

Server Authentication Models and Methods Windows Authentication RADIUS Wireless Dial-Up VPN 802.1x EAP Open system Shared key

IAS as an Authentication Server Central Office IAS Windows Server 2003 Domain Controller Windows Server 2003 Domain Controller Partner Network RRAS ISP RRAS Internet = RADIUS Client and Server Connection Centralized remote access policies Authentication provider Centralized remote access policies Authentication provider

Guidelines for Selecting IAS as an Authentication Provider Determine if you have a heterogeneous environment to support Determine if you have multiple access servers Determine if you have third-party Internet access providers Determine your authentication needs

Practice: Selecting Centralized Authentication for Network Access Using IAS In this practice, you will select a centralized authentication for network access by using IAS

Lesson: Planning a Network Access Strategy Network Access Connection Strategy Security-Based Authentication Methods Remote Access Policy Strategies Guidelines for Planning a Network Access Strategy

Network Access Connection Strategy Selecting a network access connection strategy includes: Evaluating enterprise requirements Creating a comprehensive network access plan Evaluating enterprise requirements Creating a comprehensive network access plan

Security-Based Authentication Methods Security-based authentication requirements Secure network access Strong authentication and encryption Secure network access Strong authentication and encryption

Remote Access Policy Strategies To determine a strategy: Determine connection request conditions that need policies Define policies to reflect requirements Determine connection request conditions that need policies Define policies to reflect requirements

Guidelines for Planning a Network Access Strategy Identify who will access the network and how they will access it Identify who will be allowed access to network resources Identify how the approved users will access the network Integrate your authentication strategy across all of the remote access methods

Lab A: Planning Network Access Exercise 1: Planning for the LAN and Wireless Environment Exercise 2: Planning for the WAN Environment

Course Evaluation