Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

Published byCody Grant Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy."— Presentation transcript:

1 Module 9: Planning Network Access

2 Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy Selecting a Network Access Authentication Method Planning a Network Access Strategy

3 Lesson: Introducing Network Access Network Access Requirements Network Access Connections Network Access Authentication Protocols Connection Security Best Practices Security Hosts

4 Network Access Requirements Connectivity Protocol support Authentication Encryption Connectivity Protocol support Authentication Encryption Network Access Server IAS Server DHCP Server Domain Controller Dial-Up Client Wireless Access Point Wireless LAN Client VPN Client LAN Client

5 Network Access Connections Network Access Server IAS Server DHCP Server Domain Controller Dial-Up Client Wireless Access Point VPN Client LAN Wireless Clients

6 Network Access Authentication Protocols ProtocolDescription EAP EAP is a Point-to-Point Protocol (PPP)–based authentication mechanism that was adapted for use on point-to-point LAN segments PEAP PEAP is an EAP type that addresses a security issue in EAP by first creating a secure channel that is both encrypted and integrity-protected with TLS IEEE.802.1x IEEE 802.1x uses the physical characteristics of the switched LAN infrastructure to authenticate devices attached to a LAN port. Kerberos Kerberos authentication provides single sign on to resources within a domain and to resources residing in trusted domains.

7 Connection Security Best Practices Configure Ethernet network adapters  Smart card  Protected EAP  MD5-Challenge Support public key interactive logon Use IPSec Use a RADIUS infrastructure

8 Security Hosts Compare security hosts  Security host that performs authentication checks during a connection request  Security host that is called during the authentication process of the connection Use an interactive logon model

9 Lesson: Selecting Network Access Connection Methods LAN Solution Considerations VPN Solution Considerations Dial-Up Solution Considerations Multimedia: Planning for VPN and Dial-Up Clients Wireless Solution Considerations RADIUS Authentication Infrastructure Guidelines for Selecting Network Access Connection Methods

10 LAN Solution Considerations Administrator User Web Server Domain Controller LAN

11 VPN Solution Considerations VPN Tunnel Tunneling Protocols Tunneled Data VPN Tunnel Tunneling Protocols Tunneled Data VPN Client VPN Server Address and Name Server Allocation DHCP Server Domain Controller Authentication PPP Connection Transit Network

12 Dial-Up Solution Considerations Dial-Up Client Address and Name Server Allocation DHCP Server Domain Controller Authentication Remote Access Server Remote Access Server WAN Options: Telephone, ISDN, or X.25 WAN Options: Telephone, ISDN, or X.25 LAN and Remote Access Protocols LAN and Remote Access Protocols

13 Multimedia: Planning for VPN and Dial-Up Clients The objective of this presentation is to explain how to plan for VPN and dial-up clients You will learn how to:  Plan a server running Routing and Remote Access to provide dial-up or VPN services  Select a Routing and Remote Access configuration for dial-up or VPN services  Choose between a dial-up and a VPN solution

14 Wireless Solution Considerations DHCP Server IAS Server Domain Controller Wireless Client (Station) Wireless Client (Station) Wireless Access Point Address and Name Server Allocation Authentication Ports

15 RADIUS Authentication Infrastructure Internet RADIUS Server (IAS) RADIUS Server (IAS) RADIUS Client (RRAS) RADIUS Client (RRAS) Client Dials in to a local RADIUS client to gain network connectivity 1 1 Forwards requests to a RADIUS server 2 2 Authenticates requests and stores accounting information 3 3 Domain Controller Communicates to the RADIUS client to grant or deny access 4 4

16 Guidelines for Selecting Network Access Connection Methods Select network access connection methods for your enterprise Determine client requirements Determine infrastructure requirements

17 Practice: Selecting Network Access Connection Methods In this practice, you will select network access connection methods based on the provided scenario

18 Lesson: Selecting a Remote Access Policy Strategy Remote Access Policies Remote Access Policy Conditions User Account Dial-in Properties User Profile Options Guidelines for Selecting a Remote Access Policy Strategy

19 Remote Access Policies A remote access policy: Is stored locally, not in Active Directory Consists of:  Conditions  User permissions  Profile Is stored locally, not in Active Directory Consists of:  Conditions  User permissions  Profile

20 Remote Access Policy Conditions IP Addresses Authentication Type Authentication Type NAS-Port Type Time of Day Attributes Caller IDs User Groups

21 User Account Dial-in Properties Callback Options Apply Static Routes Apply Static Routes Remote Access Permission Remote Access Permission Verify Caller ID Assign a Static IP Address Dial-In Properties

22 User Profile Options ComponentDefines the… Authentication Authentication protocols that are to be used Encryption Level of MPPE encryption that is to be accepted Dial-in constraints Constraints that you would like to apply in the policy IP IP address that is assigned to the client, and what IP filters will be applied to the connection Multilink Allowable multilink connections where multiple ports can be combined for a connection Advanced Additional connection attributes (whether RADIUS or vendor-specific) that can be sent to the network access server to which the client is connecting

23 Guidelines for Selecting a Remote Access Policy Strategy Identify the remote access permissions that will be used Identify the remote access conditions that will be used Identify the remote access profile that will be used

24 Practice: Determining a Remote Access Policy Strategy In this practice, you will plan a remote access strategy by using the provided scenario to define the required remote access options

25 Lesson: Selecting a Network Access Authentication Method Server Authentication Models and Methods IAS as an Authentication Server Guidelines for Selecting IAS as an Authentication Provider

26 Server Authentication Models and Methods Windows Authentication RADIUS Wireless Dial-Up VPN 802.1x EAP 802.11 Open system Shared key

27 IAS as an Authentication Server Central Office IAS Windows Server 2003 Domain Controller Windows Server 2003 Domain Controller Partner Network RRAS ISP RRAS Internet = RADIUS Client and Server Connection Centralized remote access policies Authentication provider Centralized remote access policies Authentication provider

28 Guidelines for Selecting IAS as an Authentication Provider Determine if you have a heterogeneous environment to support Determine if you have multiple access servers Determine if you have third-party Internet access providers Determine your authentication needs

29 Practice: Selecting Centralized Authentication for Network Access Using IAS In this practice, you will select a centralized authentication for network access by using IAS

30 Lesson: Planning a Network Access Strategy Network Access Connection Strategy Security-Based Authentication Methods Remote Access Policy Strategies Guidelines for Planning a Network Access Strategy

31 Network Access Connection Strategy Selecting a network access connection strategy includes: Evaluating enterprise requirements Creating a comprehensive network access plan Evaluating enterprise requirements Creating a comprehensive network access plan

32 Security-Based Authentication Methods Security-based authentication requirements Secure network access Strong authentication and encryption Secure network access Strong authentication and encryption

33 Remote Access Policy Strategies To determine a strategy: Determine connection request conditions that need policies Define policies to reflect requirements Determine connection request conditions that need policies Define policies to reflect requirements

34 Guidelines for Planning a Network Access Strategy Identify who will access the network and how they will access it Identify who will be allowed access to network resources Identify how the approved users will access the network Integrate your authentication strategy across all of the remote access methods

35 Lab A: Planning Network Access Exercise 1: Planning for the LAN and Wireless Environment Exercise 2: Planning for the WAN Environment

36 Course Evaluation

Download ppt "Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy."

Similar presentations

1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.

MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.

Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Windows Server 2003 RRAS 安裝設定與管理維護 林寶森

Windows Server 2003 RRAS 安裝設定與管理維護 林寶森

Similar presentations

Ads by Google