Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.

Published byWesley Lawrence Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS."— Presentation transcript:

1 Module 8: Designing Network Access Solutions

2 Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS Authentication with Network Policy Services Designing Wireless Access

3 Lesson: Securing and Controlling Network Access Authentication Methods Encryption Methods Network Policies Network Policy Processing

4 Authentication Methods Authentication MethodDescription Unauthenticated access Does not provide security Password Authentication Protocol (PAP) Uses cleartext passwords Shiva Password Authentication Protocol (SPAP) Use for a SHIVA LAN rover remote access device Challenge Handshake Authentication Protocol (CHAP) Secures passwords, but MS-CHAPv2 is preferred. Microsoft Challenge Handshake Authentication Protocol (MS- CHAPv2) Stronger security than CHAP Extensible Authentication Protocol (EAP) Allows the use of plug-in modules for authentication. EAP-TLS requires certificates and is used for smart cards. Protected Extensible Authentication Protocol (PEAP) Supports wireless authentication through RADIUS

5 Encryption Methods IPSec (L2TP over IPSec):  Is used by L2TP connections  Requires additional authentication configuration Is used by PPTP connections MPPE: Is used by SSTP connections Is firewall friendly SSL:

6 Network Policies Network Policy component Description Conditions Determine whether this policy is used to evaluate a connection request. Access permission Determine whether access is allowed, denied, or determined by user dial-in properties. Authentication methods Determine the authentication methods that can be negotiated. Constraints Limits on the connection such as idle time or maximum connection time. Settings Set characteristics of the connection such as encryption or IP filters. Control remote access requests Replace remote access policies in previous versions of Windows Network Policies:

7 Network Policy Processing The default network policies deny access Policies are ordered for evaluation If a policy with matching conditions is found, no additional policies are processed The following process is used: 1. Locate the first policy with matching conditions 2. Allow or deny permission in the policy 3. If allowed, attempt to authenticate 4. Apply constraints to the connection, if a constraint cannot be met, then reject 5. Apply settings to the connection

8 Lesson 3: Designing Remote Access Services Remote Access Methods VPN Tunnelling Protocols

9 Remote Access Methods MethodAdvantagesLimitations Dial-up Networking Convenient direct dial-up connectivity A potential secure data path Expensive Subject to the maximum speed limit that is supported by the connection medium (typically 56 Kbps) VPN Reduced costs Sufficient security Flexibility Less private RPC over HTTP Allows RPC- based applications to traverse firewalls Applications must be specifically designed to use RPC over HTTP

10 VPN Tunnelling Protocols ProtocolDescription PPTP Allowed by most firewalls Supported by all Windows clients No data integrity L2TP Blocked by NAT in some cases Supported by Windows 2000/XP/Vista clients Provides data integrity and machine authentication SSTP Firewall friendly Supported by Windows Vista SP1 and Windows Server 2008 Provides data integrity

11 Lesson 4: Designing RADIUS Authentication with Network Policy Services What Is RADIUS? RADIUS Roles How RADIUS Works for Remote Access What Is a RADIUS Proxy?

12 What Is RADIUS? RADIUS Server RADIUS Client Remote Access Client Directory Server Directory Server Remote Access Server Remote Authentication Dial In User Service (RADIUS) is a protocol for controlling authentication, authorization, and accounting

13 RADIUS Roles RADIUS Client Routing and Remote Access Server can be configured as a: RADIUS Server RADIUS Proxy NPS can be configured as a:

14 What Is a RADIUS Proxy? RADIUS Client Remote Access Client RADIUS Proxy RADIUS Server Company A ISP RADIUS Server CompanyB A RADIUS proxy distributes RADIUS requests to the appropriate RADIUS server

15 Lesson 5: Designing Wireless Access Wireless Networking Standards Wireless Security Threats Strategies for Wireless Security

16 Wireless Networking Standards Standard Description 802.11 Original specification for wireless LANs Speed of either 1 or 2 megabits per second 802.11b 11 megabits per second Good range, but susceptible to radio signal interference 802.11a Transmissions speeds as high as 54 Mbps Works well in densely populated areas Is not interoperable with 802.11, 802.11b, 802.11g 802.11g Enhancement to and compatible with 802.11b 54 Mbps but at shorter ranges than 802.11b 802.11n Greater range and reduced interference Speed up to 248 Mbps

17 Wireless Security Threats Eavesdropping Interception and modification of data Spoofing Freeloading Denial of service Rogue WAPs Common wireless security threats are:

18 Strategies for Wireless Security TechnologyDescription Wired Equivalent Privacy (WEP) Original encryption method for wireless networks Considered insecure due to small key size and lack of key changes WiFi Protected Access (WPA) Stronger encryption than WEP and includes key changes Can use certificates Partial implementation of 802.11i specification WPA2 Full implementation of the 802.11i specification 802.1x Uses RADIUS to authenticate Can be used with WEP and WPA Restrict by MAC Limit connections by MAC address MAC addresses can be spoofed Monitoring Find rogue access points VPN Secure and authenticate communication on a wireless network

Download ppt "Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS."

Similar presentations

Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |

Ondřej Ševeček | GOPAS a.s. | MCM: Directory Services | MVP: Enterprise Security | | |
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Implementing Security for Wireless Networks Presenter Name Job Title Company.

Implementing Security for Wireless Networks Presenter Name Job Title Company.
Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.

Simple ways to secure Wireless Computers Jay Ferron, ADMT, CISM, CISSP, MCSE, MCSBA, MCT, NSA-IAM, TCI.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.

Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+

CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.

11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Wireless Network Security. Wireless Security Overview concerns for wireless security are similar to those found in a wired environment concerns for wireless.

Similar presentations

Ads by Google