Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Distributed firewall wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Wireless security wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Server Message Block wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
MCITP Guide to Microsoft Windows Server 2008 Server Administration (Exam #70-646) Chapter 10 Configuring Remote Access Learning Objectives • Understand Windows Server 2008 remote access services • Implement and manage a virtual private network • Configure a VPN server • Configure a dial-up remote access server • Troubleshoot virtual private network and dial-up remote access installations MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 2 Learning Objectives (cont’d.) • Install and configure Terminal Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 3 Introduction to Remote Access • Routing and Remote Access Services (RRAS) – Enable routing and remote access through virtual private networking and dialup networking • Virtual private network (VPN) – Tunnel through a larger network that is restricted to designated member clients only • Dial-up networking – Using a telecommunications line and a modem to dial into a network or specific computers on a network MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 4 Introduction to Remote Access (cont’d.) • Modem – Modulator/demodulator – Converts a transmitted digital signal to an analog signal for a telephone line – Converts a received analog signal to a digital signal for use by a computer • RRAS – Turns server into a dial-up Remote Access Services (RAS) server capable of handling hundreds of simultaneous connections MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 5 Figure 10-1 A VPN network Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 6 Implementing a Virtual Private Network • VPN – Uses LAN and tunneling protocols – Encapsulates data as it is sent across a public network • Benefits of using a VPN – Users can connect through a local ISP to the local network – Ensures that any data sent across a public network is secure – Encrypted tunnel MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 7 Using Remote Access Protocols • Function of the remote access protocol – Encapsulate a packet – TCP/IP is the most commonly used transport protocol • Encapsulated in a remote access protocol for transport over a WAN • Other legacy transport protocols – IPX for legacy NetWare networks – NetBEUI for legacy Microsoft networks – Not supported by Windows Server 2008 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 8 Using Remote Access Protocols (cont’d.) • Serial Line Internet Protocol (SLIP) – Originally designed for UNIX environments – Provides point-to-point communications using TCP/IP • Compressed Serial Line Internet Protocol (CSLIP) – Newer version of SLIP – Compresses header information in each packet • SLIP and CSLIP do not support – Network connection authentication MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 9 Using Remote Access Protocols (cont’d.) – SLIP and CSLIP do not support (cont’d.) • Automatic negotiation of the network connection through multiple network connection layers at the same time • Point-to-Point Protocol (PPP) – Has more capability than SLIP • Remote access protocols – Point-to-Point Tunneling Protocol – Layer Two Tunneling Protocol – Secure Socket Tunneling Protocol MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 10 Using Remote Access Protocols (cont’d.) • Point-to-Point Tunneling Protocol (PPTP) – Offers PPP-based authentication techniques – Encrypts data carried by PPTP through using Microsoft Point-to-Point Encryption • Microsoft Point-to-Point Encryption (MPPE) – Starting-to-ending-point encryption technique that uses special encryption keys varying in length from 40 to 128 bits MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 11 Using Remote Access Protocols (cont’d.) • Layer Two Tunneling Protocol (L2TP) – Works similarly to PPTP • IP Security (IPsec) – IP-based secure communications and encryption standards created through the Internet Engineering Task Force (IETF) • Secure Socket Tunneling Protocol (SSTP) – Employs PPP authentication techniques – Encapsulates data packet in the Hypertext Transfer Protocol (HTTP) MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 12 Using Remote Access Protocols (cont’d.) • Secure Sockets Layer (SSL) – Data encryption technique employed between a server and a client • PPP, PPTP, and L2TP are available in: – Windows 2000, Windows XP, Windows Vista, Windows 7 – Windows 2000 Server, Windows Server 2003, Windows Server 2008 • SSTP is available in: – Windows Server 2008, Windows Vista, Windows 7 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 13 Using Remote Access Protocols (cont’d.) Table 10-1 Communications technologies MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 14 Configuring a VPN Server • Install Network Policy and Access Services role • Configure a Microsoft Windows Server 2008 server as a network’s VPN server – Configure protocols to provide VPN access to clients • Configure a VPN server as a DHCP Relay Agent for TCP/IP communications • Configure the VPN server properties • Configure a remote access policy for security MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 15 Configuring a VPN Server (cont’d.) • Windows Server 2008 requires at least two network interfaces in the computer: – One for the connection to the LAN – One for a connection to the physical VPN network • Activity 10-1: Installing Network Policy and Access Services – Objective: Learn how to install Routing and Remote Access Services • Activity 10-2: Setting Up a VPN Server – Objective: Set up a VPN server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 16 Configuring a VPN Server (cont’d.) Table 10-2 Routing and remote access options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 17 Configuring a VPN Server (cont’d.) Table 10-3 Ports to open in the Windows Firewall for a VPN MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 18 Configuring a DHCP Relay Agent • DHCP Relay Agent – Broadcasts IP configuration information – Use Routing and Remote Access tool to configure VPN server as a DHCP Relay Agent • Activity 10-3: Configuring a DHCP Relay Agent – Objective: Set up a DHCP Relay Agent • Activity 10-4: Additional DHCP Relay Agent Configuration – Objective: Configure the DHCP Relay Agent hop count MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 19 Configuring VPN Properties • Routing and Remote Access tool – Right-click the VPN server in the tree – Click Properties Figure 10-9 Configuring the interface properties MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) Courtesy Course Technology/Cengage Learning 20 Configuring VPN Properties (cont’d.) Figure 10-10 VPN server properties Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 21 Configuring VPN Properties (cont’d.) Table 10-4 VPN server properties tabs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 22 Configuring Multilink and Bandwidth Allocation Protocol • Multilink – Combine or aggregate two or more communications channels so they appear as one large channel – Aggregated links • Multilink must be implemented in the client as well as in the server – Older connection technology compared with DSL or wireless metropolitan area networks • Bandwidth Allocation Protocol (BAP) – Ensure that a client’s connection has enough speed or bandwidth for a particular application MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 23 Configuring Multilink and Bandwidth Allocation Protocol (cont’d.) • Windows Server 2008 version of Multilink PPP – Supports Bandwidth Allocation Control Protocol (BACP) – Selects a preferred client when two or more clients vie for the same bandwidth • Activity 10-5: Using Multilink – Objective: Configure a VPN (or RAS) server to use Multilink MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 24 Configuring VPN Security • When a user accesses a VPN server: – Access is protected by the account access security that already applies • Through a group policy or the default domain security policy • Elements of a Remote Access Policy – – – – Access permission Conditions Constraints Settings MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 25 Configuring VPN Security (cont’d.) • Establishing a Remote Access Policy – Use Routing and Remote Access tool • Accessed via Administrative Tools or as an MMC snapin • Activity 10-6: Configuring a Remote Access Policy – Objective: Configure a remote access policy MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 26 Configuring VPN Security (cont’d.) Table 10-5 Authentication types MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 27 Figure 10-15 Encryption options Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 28 Configuring VPN Security (cont’d.) Table 10-6 RAS encryption options MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 29 Configuring a Dial-Up Remote Access Server • Dial-up remote access server compatible with: – – – – – – – – – – Asynchronous modems Synchronous modems Null modem communications Regular dial-up telephone lines Leased telecommunication lines ISDN lines (and digital ‘‘modems’’) X.25 lines DSL lines Cable modem lines Frame relay lines MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 30 Configuring a Dial-Up Remote Access Server (cont’d.) • Install RAS using Routing and Remote Access tool – Steps very similar to installing a VPN server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 31 Configuring Dial-Up Security • Callback security – Server calls back the remote computer – Verify telephone number in order to discourage a hacker • Options available in Windows Server 2008: – No Callback – Set by Caller (Routing and Remote Access Service only) – Always Callback to MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 32 Configuring Dial-Up Security (cont’d.) • Control network access permission – Allow access – Deny access – Control access through NPS Network Policy • Default selection MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 33 Configuring a Dial-Up Connection for a RAS Server • Create other connections through the Network and Sharing Center • Activity 10-7: Configuring a Dial-Up Network Connection – Objective: Configure a dial-up connection for a dial-up RAS server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 34 Configuring Clients to Connect to RAS Through Dial-Up Access • Common dial-up RAS clients – Windows 98, 2000, XP, Vista, and 7 • Access a dial-up RAS server from other operating systems – Configure a dial-up connection on those clients MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 35 Configuring Clients to Connect to RAS Through Dial-Up Access (cont’d.) Figure 10-17 Configuring a dial-up connection Courtesy Course Technology/Cengage Learning MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 36 Troubleshooting VPN and Dial-Up RAS Installations • Troubleshooting VPN or dial-up RAS server communications problem – Hardware and software troubleshooting tips MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 37 Hardware Solutions • Use Device Manager to check network adapters, WAN adapters, and modems • Make sure telephone line plugged in • For external modems: – Make sure the modem cable is properly attached, that you are using proper cable type • For internal modems or adapter cards: – Check connection inside computer MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 38 Hardware Solutions (cont’d.) • For a modem connection: – Test the telephone wall connection and cable • For an external DSL adapter or a combined DSL adapter and router: – Ensure device is properly configured and connected • Call your ISP to determine if problems are present on the ISP’s WAN MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 39 Software Solutions • Use the Computer Management tool or Server Manager to verify status of: – Routing and Remote Access – Remote Access Auto Connection Manager – Remote Access Connection Manager services • Ensure Windows Firewall is set up to allow remote access • Make sure VPN or dial-up RAS server is enabled • Check the remote access policy to be sure that access permission is granted MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 40 Software Solutions (cont’d.) • Verify VPN or dial-up RAS server is started • Check the network interface • Ensure IP parameters are correctly configured to provide an address pool for either a VPN or dial-up RAS server • If using a RADIUS server: – Ensure it is connected and working properly and that Internet Authentication Service (IAS) is installed • Ensure the remote access policy is consistent with the users’ access needs MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 41 Connecting Through Terminal Services • Terminal server – Enables clients to run services and software applications on Windows Server 2008 instead of at the client – Enables thin clients to perform most CPU-intensive operations on the server • Centralize control of how programs are used • Install different role services for specific purposes: – TS Web Access – TS Gateway MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 42 Connecting Through Terminal Services (cont’d.) Table 10-7 Terminal Services components MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 43 Connecting Through Terminal Services (cont’d.) Table 10-8 Role services available through Terminal Services MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 44 Connecting Through Terminal Services (cont’d.) • RemoteApp – New feature – Enables a client to run an application without loading a remote desktop on the client computer • TS Gateway – Provides a secure way to use Terminal Services over the Internet MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 45 Installing Terminal Services • Install TS Licensing role service – Manage terminal server user licenses obtained from Microsoft – Licenses can be purchased either per user account or by client device • Network Level Authentication (NLA) – Enables authentication to take place before the Terminal Services connection is established – Thwarts would-be attackers • Create groups of user accounts in advance – Add these groups during installation MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 46 Installing Terminal Services (cont’d.) • Activity 10-8: Installing Terminal Services – Objective: Learn how to install the Terminal Services role MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 47 Configuring Terminal Services • Activity 10-9: Configuring Terminal Services – Objective: Configure a terminal server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 48 Configuring Terminal Services (cont’d.) Table 10-11 Terminal Services permissions MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 49 Managing Terminal Services • Terminal Services Manager – Monitor the number of users connected to the terminal server – Add additional terminal servers to monitor – Determine if a user session is active – Determine which programs are running in a user’s session – Disconnect a user’s session or log off a user – Reset a connection that is having trouble – Send a message to a user MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 50 Managing Terminal Services (cont’d.) • Activity 10-10: Using Terminal Services Manager – Objective: Use Terminal Services Manager MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 51 Configuring Licensing • Activate Terminal Services licensing server • Configure licensing using TS Licensing Manager • Activity 10-11: Using the TS Licensing Manager – Objective: Use TS Licensing Manager MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 52 Accessing a Terminal Server from a Client • Remote Desktop Connection (RDC) – Client already installed in Windows 7, Windows Vista, Windows Server 2008, and Windows XP • Activity 10-12 (optional): Configuring Authentication in Windows Vista or Windows 7 – Objective: Configure NLA authentication in Windows Vista or Windows 7 MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 53 Installing Applications on a Terminal Server • Might need to reinstall some applications that were installed before Terminal Services role • Use Control Panel to uninstall them • Reinstall applications – In Control Panel Home view, click Programs – Click Install Application on Terminal Server MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 54 Summary • Routing and Remote Access Services includes – Virtual private network (VPN) and dial-up services • Remote access protocols include: – SLIP, CSLIP, PPP, PPTP, L2TP, and SSTP • Use Server Manager to install the Network Policy and Access Services role • VPN has many properties that can be configured – Configure a remote access policy to govern how a VPN server is accessed MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 55 Summary (cont’d.) • When you configure dial-up remote access – Also configure a DHCP Relay Agent, Multi-link (if used), and a remote access policy for security • Use Server Manager to install the Terminal Services role – Configure Terminal Services client access licenses MCITP Guide to Microsoft Windows Server 2008, Server Administration (Exam #70-646) 56