Section 11: Implementing Remote Connectivity CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE
Objectives Explain the capabilities and requirements for remote access Evaluate the current network and user environment Select an appropriate data transmission technology Design a secure remote access solution
Objectives (Con’t) Design optimal performance in a remote access solution Configure Windows 95/98 or Windows NT clients for remote access Connect remotely to a server using a modem-equipped Windows client
Remote Access Software (Server) Operates one or more modems connected to the server Provides network services to remote users Enforces network security across remote connections NetWare 5 Novell Internet Access Server (NIAS) Windows NT Server Remote Access Server (RAS)
Remote Network Services Login / Authentication Applications ( , database, etc.) Print documents remotely Connect to the Internet or intranet Obtain routing to distant network services Most other “locally” available services
Remote Access (Voice Line) Limitations Connection speed 28.8 – 56 K bps vs M bps (LAN) Connection security Phone lines allow an “in” for hackers to access your network Expense Long distance charges, or “measured rate” charges may apply
Implementing Remote Access Evaluate current network and user environment Select transmission media for use between server and remote workstation Prevent unauthorized remote users from accessing the network Tune remote client and server configurations for maximum performance Install and configure software to enable remote access
Evaluate current network and user environment Where is the best place to locate the remote access server? Is a server with enough capacity available somewhere? Is it located where inexpensive connections are possible? Where do remote users need to connect from, and what resources do they need to access? How many, how often, how many simultaneously?
Select transmission media ISDN Digital service Basic Rate Interface (BRI) Primary Rate (PRI) BRI has 2 B + 1 D channel B channel is 64 KB POTS Plain Old Telephone Service K
Transmission Media xDSL Dedicated Point-to-Point connections on existing copper wires Not available everywhere (like Payson) ADSL Mbps download / slower upload HDSL T1 speeds Mbps up/download Splitterless DSL <1 Mbps, no special equipment needed
Prevent unauthorized remote users from accessing the network Many remote access solutions by default have no security—they allow unrestricted access to any user by any port. Change this! Is your policy flexible enough to adapt to new or emerging security threats? What should be done when breaches are suspected? Who is notified? How do you test your security effectiveness?
Isolating a Remote Access Server Isolate the remote server, so if it is compromised, it does not compromise the entire network Demilitarized Zone Design All traffic from outside connects with the demilitarized server, which is connected to a screening router All traffic going to the screening router is considered insecure, and evaluated before access is granted
Tune remote configurations for maximum performance Low performance causes increased telco charges and lessens available links for other remote users Minimal login scripts Load frequently used apps on remote host Use shortcuts/menus to avoid directory lists Upgrade slower modems Train users to expect slower access remotely
Connecting Remotely Client usually initiates the session (calls the server) User is prompted for a username and password The modem becomes the slower equivalent of a NIC