Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

Similar presentations


Presentation on theme: "Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS."— Presentation transcript:

1 Module 8: Designing Network Access Solutions

2 Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS Authentication with Network Policy Services Designing Wireless Access

3 Lesson: Securing and Controlling Network Access Authentication Methods Encryption Methods Network Policies Network Policy Processing

4 Authentication Methods Authentication MethodDescription Unauthenticated access Does not provide security Password Authentication Protocol (PAP) Uses cleartext passwords Shiva Password Authentication Protocol (SPAP) Use for a SHIVA LAN rover remote access device Challenge Handshake Authentication Protocol (CHAP) Secures passwords, but MS-CHAPv2 is preferred. Microsoft Challenge Handshake Authentication Protocol (MS- CHAPv2) Stronger security than CHAP Extensible Authentication Protocol (EAP) Allows the use of plug-in modules for authentication. EAP-TLS requires certificates and is used for smart cards. Protected Extensible Authentication Protocol (PEAP) Supports wireless authentication through RADIUS

5 Encryption Methods IPSec (L2TP over IPSec):  Is used by L2TP connections  Requires additional authentication configuration Is used by PPTP connections MPPE: Is used by SSTP connections Is firewall friendly SSL:

6 Network Policies Network Policy component Description Conditions Determine whether this policy is used to evaluate a connection request. Access permission Determine whether access is allowed, denied, or determined by user dial-in properties. Authentication methods Determine the authentication methods that can be negotiated. Constraints Limits on the connection such as idle time or maximum connection time. Settings Set characteristics of the connection such as encryption or IP filters. Control remote access requests Replace remote access policies in previous versions of Windows Network Policies:

7 Network Policy Processing The default network policies deny access Policies are ordered for evaluation If a policy with matching conditions is found, no additional policies are processed The following process is used: 1. Locate the first policy with matching conditions 2. Allow or deny permission in the policy 3. If allowed, attempt to authenticate 4. Apply constraints to the connection, if a constraint cannot be met, then reject 5. Apply settings to the connection

8 Lesson 3: Designing Remote Access Services Remote Access Methods VPN Tunnelling Protocols

9 Remote Access Methods MethodAdvantagesLimitations Dial-up Networking Convenient direct dial-up connectivity A potential secure data path Expensive Subject to the maximum speed limit that is supported by the connection medium (typically 56 Kbps) VPN Reduced costs Sufficient security Flexibility Less private RPC over HTTP Allows RPC- based applications to traverse firewalls Applications must be specifically designed to use RPC over HTTP

10 VPN Tunnelling Protocols ProtocolDescription PPTP Allowed by most firewalls Supported by all Windows clients No data integrity L2TP Blocked by NAT in some cases Supported by Windows 2000/XP/Vista clients Provides data integrity and machine authentication SSTP Firewall friendly Supported by Windows Vista SP1 and Windows Server 2008 Provides data integrity

11 Lesson 4: Designing RADIUS Authentication with Network Policy Services What Is RADIUS? RADIUS Roles How RADIUS Works for Remote Access What Is a RADIUS Proxy?

12 What Is RADIUS? RADIUS Server RADIUS Client Remote Access Client Directory Server Directory Server Remote Access Server Remote Authentication Dial In User Service (RADIUS) is a protocol for controlling authentication, authorization, and accounting

13 RADIUS Roles RADIUS Client Routing and Remote Access Server can be configured as a: RADIUS Server RADIUS Proxy NPS can be configured as a:

14 What Is a RADIUS Proxy? RADIUS Client Remote Access Client RADIUS Proxy RADIUS Server Company A ISP RADIUS Server CompanyB A RADIUS proxy distributes RADIUS requests to the appropriate RADIUS server

15 Lesson 5: Designing Wireless Access Wireless Networking Standards Wireless Security Threats Strategies for Wireless Security

16 Wireless Networking Standards Standard Description 802.11 Original specification for wireless LANs Speed of either 1 or 2 megabits per second 802.11b 11 megabits per second Good range, but susceptible to radio signal interference 802.11a Transmissions speeds as high as 54 Mbps Works well in densely populated areas Is not interoperable with 802.11, 802.11b, 802.11g 802.11g Enhancement to and compatible with 802.11b 54 Mbps but at shorter ranges than 802.11b 802.11n Greater range and reduced interference Speed up to 248 Mbps

17 Wireless Security Threats Eavesdropping Interception and modification of data Spoofing Freeloading Denial of service Rogue WAPs Common wireless security threats are:

18 Strategies for Wireless Security TechnologyDescription Wired Equivalent Privacy (WEP) Original encryption method for wireless networks Considered insecure due to small key size and lack of key changes WiFi Protected Access (WPA) Stronger encryption than WEP and includes key changes Can use certificates Partial implementation of 802.11i specification WPA2 Full implementation of the 802.11i specification 802.1x Uses RADIUS to authenticate Can be used with WEP and WPA Restrict by MAC Limit connections by MAC address MAC addresses can be spoofed Monitoring Find rogue access points VPN Secure and authenticate communication on a wireless network


Download ppt "Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS."

Similar presentations


Ads by Google