Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 8

Module 8: Configuring virtual private network access for remote clients and networks. This module explains how to provide access to the internal network for remote users while maintaining network security by implementing a virtual private network (VPN). The module shows how to configure ISA Server 2004 to provide a VPN solution.
Nội dung trích xuất từ tài liệu:
Course 2824B: Implementing Microsoft internet security and acceleration server 2004 - Module 8Module 8: Configuring Virtual Private Network Access for Remote Clients and NetworksOverview Virtual Private Networking Overview Configuring Virtual Private Networking for Remote Clients Configuring Virtual Private Networking for Remote Sites Configuring VPN Quarantine Control Using ISA Server 2004Lesson: Virtual Private NetworkingOverview What Is Virtual Private Networking? VPN Protocol Options VPN Authentication Protocol Options VPN Quarantine Control Virtual Private Networking Using Routing and Remote Access Virtual Private Networking Using ISA Server 2004 Benefits of Using ISA Server for Virtual Private NetworkingWhat Is Virtual Private Networking? ISA Serv er Branch OfficeVPN Protocol Options L2TP/IPSec PPTP advantages Factor advantages and and disadvantages disadvantages Windows 2000, Client Windows 2000, Windows XP, Windows Server operating Windows XP, or 2003, Windows NT systems Windows Server Workstation 4.0, supported 2003 Windows ME, or Windows 98 Requires a Requires a certificate Certificate certificate infrastructure only for EAP- support infrastructure or a TLS authentication pre-shared key Provides data Provides data encryption encryption, data confidentiality, data Security Does not provide data origin integrity authentication, and replay protection To locate L2TP/IPSec–based To locate PPTP-based VPN clients or servers clients behind a NAT, the NAT NAT support behind a NAT, both should include an editor that client and serverVPN Authentication Protocol Options Authenticat Considerations ion protocol Uses plaintext passwords and is the least PAP secure authentication protocol Uses a reversible encryption mechanism SPAP employed by Shiva Requires passwords stored by using reversible encryption CHAP Compatible with Macintosh and UNIX-based clients Data cannot be encrypted Does not require that passwords be stored by MS-CHAP using reversible encryption Encrypts data Performs mutual authentication MS-CHAPv2 Data is encrypted by using separate session keys for transmitted and received data Most secure remote authentication protocol EAP-TLS Enables multifactor authenticationVPN Quarantine Control VPN Quarantine Enables Control: screening of VPN client machines before granting them access to the organization’s network Uses a client script that analyzes the security configuration of the remote access client VPN clients connecting to ISA Server with approved security configurations are moved from the VPN Quarantine network to the VPN Clients networkVirtual Private Networking Using Routingand Remote Access RRAS supports: Remote access policies that define remote access connections and connection parameters Connection Manager components to simplify the configuration of remote access clients RADIUS servers for authentication and the centralization of remote access policies VPN quarantine control to restrict network access to quarantined clients Packet filtering for securing VPN and network quarantine connectionsVirtual Private Networking Using ISAServer 2004 ISAIncluding Server enables VPN access: remote client VPN access for individual clients and site-to-site VPN access to connect multiple sites By enabling VPN-specific networks including: VPN Clients network Quar ...