Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 8

Chia sẻ: Nothing Nothing | Ngày: | Loại File: PPT | Số trang:38

Thêm vào BST

Báo xấu

48
lượt xem 4
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

Module 8: Configuring virtual private network access for remote clients and networks. This module explains how to provide access to the internal network for remote users while maintaining network security by implementing a virtual private network (VPN). The module shows how to configure ISA Server 2004 to provide a VPN solution.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 8

Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks
Overview Virtual Private Networking Overview Configuring Virtual Private Networking for Remote Clients Configuring Virtual Private Networking for Remote Sites Configuring VPN Quarantine Control Using ISA Server 2004
Lesson: Virtual Private Networking Overview What Is Virtual Private Networking? VPN Protocol Options VPN Authentication Protocol Options VPN Quarantine Control Virtual Private Networking Using Routing and Remote Access Virtual Private Networking Using ISA Server 2004 Benefits of Using ISA Server for Virtual Private Networking
What Is Virtual Private Networking? ISA Serv er Branch Office
VPN Protocol Options L2TP/IPSec PPTP advantages Factor advantages and and disadvantages disadvantages Windows 2000, Client Windows 2000, Windows XP, Windows Server operating Windows XP, or 2003, Windows NT systems Windows Server Workstation 4.0, supported 2003 Windows ME, or Windows 98 Requires a Requires a certificate Certificate certificate infrastructure only for EAP- support infrastructure or a TLS authentication pre-shared key Provides data Provides data encryption encryption, data confidentiality, data Security Does not provide data origin integrity authentication, and replay protection To locate L2TP/IPSec–based To locate PPTP-based VPN clients or servers clients behind a NAT, the NAT NAT support behind a NAT, both should include an editor that client and server
VPN Authentication Protocol Options Authenticat Considerations ion protocol Uses plaintext passwords and is the least PAP secure authentication protocol Uses a reversible encryption mechanism SPAP employed by Shiva Requires passwords stored by using reversible encryption CHAP Compatible with Macintosh and UNIX-based clients Data cannot be encrypted Does not require that passwords be stored by MS-CHAP using reversible encryption Encrypts data Performs mutual authentication MS-CHAPv2 Data is encrypted by using separate session keys for transmitted and received data Most secure remote authentication protocol EAP-TLS Enables multifactor authentication
VPN Quarantine Control VPN Quarantine Enables Control: screening of VPN client machines before granting them access to the organization’s network Uses a client script that analyzes the security configuration of the remote access client VPN clients connecting to ISA Server with approved security configurations are moved from the VPN Quarantine network to the VPN Clients network
Virtual Private Networking Using Routing and Remote Access RRAS supports: Remote access policies that define remote access connections and connection parameters Connection Manager components to simplify the configuration of remote access clients RADIUS servers for authentication and the centralization of remote access policies VPN quarantine control to restrict network access to quarantined clients Packet filtering for securing VPN and network quarantine connections
Virtual Private Networking Using ISA Server 2004 ISAIncluding Server enables VPN access: remote client VPN access for individual clients and site-to-site VPN access to connect multiple sites By enabling VPN-specific networks including: VPN Clients network Quarantined VPN Clients network Remote-site networks By using network and access rules to limit network traffic between the VPN networks and the other networks with servers running ISA Server By extending RRAS functionality
Benefits of Using ISA Server for Virtual Private Networking Benefits Explanation Connection ISA Server uses firewall access policies to inspect and filter all traffic from VPN security clients ISA Server is optimized to enforce complex Performance security requirements on VPN connections Quarantine VPN quarantine is not available in control for Windows 2000 RRAS but can be enabled Windows 2000 with ISA Server 2004 on Windows 2000 Logging and ISA Server can log all VPN connections and enables live monitoring of VPN monitoring connections IPSec tunnel- Enables stateful inspection to enforce user/group, site, computer, protocol, and mode stateful application-layer access controls for IPSec inspection tunnel-mode traffic Enhanced ISA Server is protected via firewall access protection policy on all interfaces
Lesson: Configuring Virtual Private Networking for Remote Clients VPN Client Access Configuration Options How to Enable and Configure VPN Client Access Default VPN Client Access Configuration How to Configure VPN Address Assignment How to Configure VPN Authentication How to Configure Authentication Using RADIUS How to Configure User Accounts for VPN Access How to Configure VPN Connections from Client Computers
VPN Client Access Configuration Options Click the Virtual Private Networks (VPN) node to access the VPN client access configurat ion options
How to Enable and Configure VPN Client Access Use user mapping is to apply firewall policies to users who do not use Windows authentication
Default VPN Client Access Configuration Component Default Configuration System policy System policy rule that allows the use of PPTP, L2TP, or both is rules enabled VPN access ISA Server will listen for VPN client connections only on the External network network Only PPTP is enabled for VPN client VPN protocols access A route relationship between the VPN Clients network and the Internal network Network rules A NAT relationship between the VPN Clients network and the External network Firewall access No firewall access rules are enabled rules
How to Configure VPN Address Assignment Configure DNS and WINS servers using DHCP or manually Configure static IP address assignment or DHCP
How to Configure VPN Authentication Accept default for secure authentication Configure EAP for additional security less Configure secure options only if required for client compatibility
How to Configure Authentication Using RADIUS Enable RADIUS for authentication and accounting, and then configure a RADIUS server
How to Configure User Accounts for VPN Access Configure dial-in and VPN access permissions
How to Configure VPN Connections from Client Computers
Practice: Configuring VPN Access for Remote Clients Configuring VPN access on ISA Server Configuring user account dial-in permissions Configuring and testing a VPN client configurationGen-Clt-01 Den-ISA-01 Internet Den-DC-01