SlideShare une entreprise Scribd logo

Vp nwebcast williams_wallaboswell

Télécharger en tant que PPT, PDF
S
scetinkaya

VPN

InternetTechnologie
1  sur  33
WEBCAST SCHEDULEWEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expectedToday’s event will run one-hour long. Here are the expected times for each segment of the Webcast:times for each segment of the Webcast:  :00 – :05: Moderator introduces the speaker and discusses the:00 – :05: Moderator introduces the speaker and discusses the details of the Webcast.details of the Webcast.  :05- :35: Speaker delivers a PowerPoint presentation on the:05- :35: Speaker delivers a PowerPoint presentation on the Webcast topic.Webcast topic.  :35- :60: Moderator and speaker engage in a Q&A on the topic.:35- :60: Moderator and speaker engage in a Q&A on the topic.
TECHNICAL FAQsTECHNICAL FAQs Here are answers to the most common technical problems users encounter during aHere are answers to the most common technical problems users encounter during a Webcast:Webcast: Q: Why can’t I hear the audio part of the webcast?Q: Why can’t I hear the audio part of the webcast? A: Try increasing the volume on your computer.A: Try increasing the volume on your computer. Q: I just entered the webcast and do not see the slide that the speaker is referring to. WhatQ: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?should I do? A: The slides are constantly being pushed to your screen. You should refresh (hit F5) toA: The slides are constantly being pushed to your screen. You should refresh (hit F5) to view the latest slide.view the latest slide. Q. I can’t view some of the detail on the slides. How do I enlarge the slides for a better view?Q. I can’t view some of the detail on the slides. How do I enlarge the slides for a better view? A: Click the “Enlarge slide” link in the upper right corner of your presentation. This willA: Click the “Enlarge slide” link in the upper right corner of your presentation. This will open a new browser with a full view of the current slide.open a new browser with a full view of the current slide. You can also visit the Broadcast Help page for more information or to test your browserYou can also visit the Broadcast Help page for more information or to test your browser compatibility. Click here: http://audience.broadcast.yahoo.comcompatibility. Click here: http://audience.broadcast.yahoo.com If you still have technical questions or problems, send an e-mail toIf you still have technical questions or problems, send an e-mail to WebcastHelp@TechTarget.comWebcastHelp@TechTarget.com. A technical support person will respond to you within. A technical support person will respond to you within 24 hours.24 hours.
TechTarget Virtual Private Networks onVirtual Private Networks on Windows 2000 andWindows 2000 and Windows 2003 ServerWindows 2003 Server Bill BoswellBill Boswell Windows Consulting GroupWindows Consulting Group
Slide PresentationSlide Presentation Prepared ByPrepared By Mark WallaMark Walla Secure Logistix CorpSecure Logistix Corp Robert WilliamsRobert Williams Secure Logistix CorpSecure Logistix Corp
VPN Webcast ExpectationsVPN Webcast Expectations  Technical overview of VPN technology … this isTechnical overview of VPN technology … this is not intended to troubleshoot VPNsnot intended to troubleshoot VPNs  Provide tutorial on Virtual Private Networks basicsProvide tutorial on Virtual Private Networks basics  DefinitionsDefinitions  ProtocolsProtocols  ConfigurationConfiguration  ArchitectureArchitecture  Go through VPN implementation with theGo through VPN implementation with the Windows 2003 Server familyWindows 2003 Server family  Participants should have working knowledge ofParticipants should have working knowledge of computing networks and the Windows platformcomputing networks and the Windows platform
VPN DefinitionVPN Definition A Virtual Private Network is a connectionA Virtual Private Network is a connection between two communication endpointsbetween two communication endpoints that ensures privacy and authenticationthat ensures privacy and authentication VPN connections between offices createsVPN connections between offices creates a tunnel through which users can accessa tunnel through which users can access resources securely without dedicatedresources securely without dedicated point-to-point WAN linkspoint-to-point WAN links
VPN ConfigurationsVPN Configurations Two general VPN configurations:Two general VPN configurations: Site-to-SiteSite-to-Site RRAS servers acts as demand-dial VPN routersRRAS servers acts as demand-dial VPN routers Example: Branch office with Internet accessExample: Branch office with Internet access connects via VPN to corporate networkconnects via VPN to corporate network Remote accessRemote access RRAS server acts as endpoint for clientRRAS server acts as endpoint for client connectionsconnections Example: XP laptop connects through Internet toExample: XP laptop connects through Internet to main office from hotel roommain office from hotel room
Remote Access ViewRemote Access View
Router-to-Router ViewRouter-to-Router View
AuthenticationAuthentication VPNs use standard PPP for initialVPNs use standard PPP for initial authenticationauthentication Password-based authentication to RRASPassword-based authentication to RRAS serverserver X.509 certificates used to establish secureX.509 certificates used to establish secure connection for IP Security (IPSec)connection for IP Security (IPSec) Protocol selection dependent on client andProtocol selection dependent on client and serverserver Windows servers support all InternetWindows servers support all Internet standardsstandards
VPN/PPP AuthenticationVPN/PPP Authentication
PPP Authentication ProtocolsPPP Authentication Protocols  Password AuthenticationPassword Authentication Protocol (PAP)Protocol (PAP)  Sends password in clear textSends password in clear text  Shiva Password AuthenticationShiva Password Authentication  Sends encrypted password - canSends encrypted password - can be compromisedbe compromised  Challenge HandshakeChallenge Handshake Authentication ProtocolAuthentication Protocol (CHAP(CHAP))  Uses MD-5 hash of user’s plainUses MD-5 hash of user’s plain text password and challenge.text password and challenge. Requires reversible password.Requires reversible password.  Microsoft ChallengeMicrosoft Challenge Handshake AuthenticationHandshake Authentication Protocol (MS-CHAPProtocol (MS-CHAP))  One-way authentication (One-way authentication (notnot mutual) between client and server.mutual) between client and server. Challenge hashed with user’sChallenge hashed with user’s Windows password hashWindows password hash  MS-CHAP Version 2MS-CHAP Version 2  Stronger version of MS-CHAP thatStronger version of MS-CHAP that uses longer challenge, salteduses longer challenge, salted response, mutual authentication,response, mutual authentication, and a more secure passwordand a more secure password change mechanismchange mechanism  Extensible AuthenticationExtensible Authentication Protocol (EAPProtocol (EAP))  Allows for additional protocolsAllows for additional protocols within PPP authenticationwithin PPP authentication  IEEE 802.1X SupportIEEE 802.1X Support  EAP module that supportsEAP module that supports certificate-based authenticationcertificate-based authentication using RADIUSusing RADIUS
VPN Uses Encrypted TunnelVPN Uses Encrypted Tunnel Encrypted data encapsulated in additionalEncrypted data encapsulated in additional protocolprotocol Forms impenetrable pipe between endpointsForms impenetrable pipe between endpoints TCP and IP headers included in encryptedTCP and IP headers included in encrypted payload to prevent eavesdroppingpayload to prevent eavesdropping Only IP address of tunnel endpoints requiredOnly IP address of tunnel endpoints required to route packetsto route packets Window uses MPPE, L2TP and IPSec toWindow uses MPPE, L2TP and IPSec to encrypt data within VPNencrypt data within VPN
Point to Point Tunneling ProtocolPoint to Point Tunneling Protocol  Uses standard PPP authenticationUses standard PPP authentication  Authentication occurs prior to forming tunnelAuthentication occurs prior to forming tunnel  Makes PPTP subject to Man-in-the-Middle exploitsMakes PPTP subject to Man-in-the-Middle exploits  Encapsulates PPP frame inside Generic RoutingEncapsulates PPP frame inside Generic Routing Encapsulation (GRE) datagramEncapsulation (GRE) datagram  IP Type 47 (0x2f)IP Type 47 (0x2f)  Sometimes not supported through ISP firewallSometimes not supported through ISP firewall  Establishes connection and sends control trafficEstablishes connection and sends control traffic over TCP Port 1723over TCP Port 1723  Standard PPP controls piggybacked on GREStandard PPP controls piggybacked on GRE  GRE datagrams not signedGRE datagrams not signed
PPTP ConnectionPPTP Connection
PPTP EncryptionPPTP Encryption  PPTP usesPPTP uses MicrosoftMicrosoft Point-to-Point EncryptionPoint-to-Point Encryption (MPPE) to encrypt GRE(MPPE) to encrypt GRE payloadpayload  RC4 Streaming encryptionRC4 Streaming encryption with 128-bit keywith 128-bit key  RRAS server has copy ofRRAS server has copy of user PW hashuser PW hash  Obtains via secure channelObtains via secure channel from domain controllerfrom domain controller  MPPE keys based onMPPE keys based on user passwordsuser passwords  PW hashed using MD4PW hashed using MD4  First 16 bytes of PW hashFirst 16 bytes of PW hash are hashed to produceare hashed to produce PwHashHashPwHashHash  PwHashHash hashed withPwHashHash hashed with challenge to form masterchallenge to form master keykey  Send and Receive keysSend and Receive keys generated from master keygenerated from master key
GRE DatagramGRE Datagram
Layer 2 Tunneling ProtocolLayer 2 Tunneling Protocol  Works at Layer 2 (Data Link)Works at Layer 2 (Data Link) rather than at the applicationrather than at the application layerlayer  Encap entire PPP frame (L2)Encap entire PPP frame (L2) within datagramwithin datagram  Datagram protocol depends onDatagram protocol depends on L2TP implementationL2TP implementation  Windows uses IPSecWindows uses IPSec Encapsulating SecurityEncapsulating Security Payload (ESP)Payload (ESP)  IP Protocol 50IP Protocol 50  ESP uses variety of algorithmsESP uses variety of algorithms  W2K3 uses 3DES by defaultW2K3 uses 3DES by default and AES if FIPS140 selectedand AES if FIPS140 selected in Group Policyin Group Policy  IPSec Handles Key ExchangeIPSec Handles Key Exchange  Internet Security AssociationInternet Security Association and Key Managementand Key Management Protocol (ISAKMP)Protocol (ISAKMP) Endpoints exchange sessionEndpoints exchange session keys encrypted with publickeys encrypted with public key of partnerkey of partner Occurs over UDP Port 500Occurs over UDP Port 500  Superior to PPTP -Superior to PPTP - Authentication occurs insideAuthentication occurs inside encrypted tunnel – no MIMencrypted tunnel – no MIM exploit possibleexploit possible  IPSec also offers data integrityIPSec also offers data integrity  Each L2TP datagram digitallyEach L2TP datagram digitally signed within IPSecsigned within IPSec Authentication Header (AH)Authentication Header (AH)
L2TP ConnectionL2TP Connection
ESP DatagramESP Datagram
ISAKMP Key ExchangeISAKMP Key Exchange
L2TP Requires CertificatesL2TP Requires Certificates Deploy Windows PKIDeploy Windows PKI Refer to most current MSFT white papersRefer to most current MSFT white papers Use W2K3 CA to get maximum featuresUse W2K3 CA to get maximum features Can also use for EFS, S/MIME, SSLCan also use for EFS, S/MIME, SSL Configure group policy for autoenrollmentConfigure group policy for autoenrollment Feature available on W2K and W2K3Feature available on W2K and W2K3 Avoids manually obtaining ComputerAvoids manually obtaining Computer certificatescertificates
IPSEC TunnelingIPSEC Tunneling L2TP not firewall friendlyL2TP not firewall friendly TCP headers encrypted in ESP payloadTCP headers encrypted in ESP payload Standard IPSec suffers from same problemStandard IPSec suffers from same problem W2K3 and XP support IPSec tunnelW2K3 and XP support IPSec tunnel through NATthrough NAT Can use IPSec Tunnel when L2TP and PPTPCan use IPSec Tunnel when L2TP and PPTP not available on VPN servers or clientsnot available on VPN servers or clients Look for NAT-T support in your firewallLook for NAT-T support in your firewall
RRAS Server ConfigurationRRAS Server Configuration  Routing and remote access serviceRouting and remote access service  Installed by default but not enabledInstalled by default but not enabled  Configure for VPN to support individual usersConfigure for VPN to support individual users  Configure for VPN and router to support site-to-siteConfigure for VPN and router to support site-to-site tunnelstunnels  Configure PPTP ports for dial-in accessConfigure PPTP ports for dial-in access  LimitationsLimitations  W2K3 Web Edition only supports one inbound VPNW2K3 Web Edition only supports one inbound VPN connection at a timeconnection at a time  RRAS server must be domain member or useRRAS server must be domain member or use RADIUSRADIUS
VPN PortsVPN Ports RRASRRAS server hasserver has virtual portsvirtual ports for VPNfor VPN connectionsconnections
Remote Access PoliciesRemote Access Policies  Subset of RADIUSSubset of RADIUS policies in IASpolicies in IAS  By defaultBy default  7x24 access denied7x24 access denied  MS-RAS-Vendor =MS-RAS-Vendor = Microsoft deniedMicrosoft denied  First Policy WinsFirst Policy Wins  Lower precedentLower precedent policies not read ifpolicies not read if upper policy appliesupper policy applies
Policy Profiles Assign RestrictionsPolicy Profiles Assign Restrictions
Steps for PPTP ImplementationSteps for PPTP Implementation  Internet connection must support IP protocol 47Internet connection must support IP protocol 47 (GRE)(GRE)  Firewall must allow TCP Port 1723Firewall must allow TCP Port 1723  Configure RRAS ServiceConfigure RRAS Service  Configure for VPNConfigure for VPN  Configure L2TP ports for dial-in accessConfigure L2TP ports for dial-in access  Define Remote Access PolicyDefine Remote Access Policy  Denied by defaultDenied by default  VPN client configurationVPN client configuration  Create New Connection – Specify PPTP in NetworkCreate New Connection – Specify PPTP in Network
Steps for L2TP ImplementationSteps for L2TP Implementation  Internet connection must support IP protocol 50Internet connection must support IP protocol 50 (ESP)(ESP)  Firewall must allow TCP Port 500Firewall must allow TCP Port 500  Routing and remote access serviceRouting and remote access service  Configure for VPNConfigure for VPN  Configure L2TP ports for dial-in accessConfigure L2TP ports for dial-in access  Enroll for Computer CertificatesEnroll for Computer Certificates  Configure autoenroll policy in W2K and W2K3Configure autoenroll policy in W2K and W2K3  Define Remote Access PolicyDefine Remote Access Policy  Denied by defaultDenied by default  VPN client configurationVPN client configuration  Create New Connection – Specify L2TP in NetworkCreate New Connection – Specify L2TP in Network
Additional InformationAdditional Information  To receive a copy of Chapter 13: VPN andTo receive a copy of Chapter 13: VPN and IPSec fromIPSec from The Ultimate Windows 2003 ServerThe Ultimate Windows 2003 Server Administrator’s GuideAdministrator’s Guide (Addison Wesley 2003),(Addison Wesley 2003), contact Mark or Bob atcontact Mark or Bob at info@securelogistix.cominfo@securelogistix.com Mark WallaMark Walla Secure Logistix CorpSecure Logistix Corp Robert WilliamsRobert Williams Secure Logistix CorpSecure Logistix Corp
Additional QuestionsAdditional Questions For more details on W2K3 VPNs andFor more details on W2K3 VPNs and Windows security information in general,Windows security information in general, contact Bill Boswellcontact Bill Boswell bboswell@winconsultants.combboswell@winconsultants.com
Audience QuestionsAudience Questions Bill will be taking audience questions on this topic following the event. You can submit your specific questions for Bill by clicking the Ask a Question button in the lower left corner of your presentation screen.
FeedbackFeedback Thank you for your participationThank you for your participation Did you like this Webcast topic? Would you like us toDid you like this Webcast topic? Would you like us to host other events similar to this one? Send us yourhost other events similar to this one? Send us your feedback on this event and ideas for other topics atfeedback on this event and ideas for other topics at editor@searchWin2000.comeditor@searchWin2000.com..

Recommandé

Pass cisco 200 101
Pass cisco 200 101Pass cisco 200 101
Pass cisco 200 101
p4sco
 
Best practices of building data streaming API
Best practices of building data streaming APIBest practices of building data streaming API
Best practices of building data streaming API
Constantine Slisenka
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads poster
bigwalker
 
Pass4sure 352-001 Questions and Answers
Pass4sure 352-001 Questions and Answers Pass4sure 352-001 Questions and Answers
Pass4sure 352-001 Questions and Answers
p4sco
 
Certification exams 642 999
Certification exams 642 999Certification exams 642 999
Certification exams 642 999
adam_jhon
 
Phase 2
Phase 2Phase 2
Phase 2
CCBroomfield
 
150317 bilan-micop-axe1-vf-150417074826-conversion-gate02
150317 bilan-micop-axe1-vf-150417074826-conversion-gate02150317 bilan-micop-axe1-vf-150417074826-conversion-gate02
150317 bilan-micop-axe1-vf-150417074826-conversion-gate02
lstephan
 
Role of-q.c
Role of-q.cRole of-q.c
Role of-q.c
rezowan241
 

Recommandé

Pass cisco 200 101
Pass cisco 200 101Pass cisco 200 101
Pass cisco 200 101
p4sco
 
Best practices of building data streaming API
Best practices of building data streaming APIBest practices of building data streaming API
Best practices of building data streaming API
Constantine Slisenka
 
Microsoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads posterMicrosoft lync server 2010 protocol workloads poster
Microsoft lync server 2010 protocol workloads poster
bigwalker
 
Pass4sure 352-001 Questions and Answers
Pass4sure 352-001 Questions and Answers Pass4sure 352-001 Questions and Answers
Pass4sure 352-001 Questions and Answers
p4sco
 
Certification exams 642 999
Certification exams 642 999Certification exams 642 999
Certification exams 642 999
adam_jhon
 
Phase 2
Phase 2Phase 2
Phase 2
CCBroomfield
 
150317 bilan-micop-axe1-vf-150417074826-conversion-gate02
150317 bilan-micop-axe1-vf-150417074826-conversion-gate02150317 bilan-micop-axe1-vf-150417074826-conversion-gate02
150317 bilan-micop-axe1-vf-150417074826-conversion-gate02
lstephan
 
Role of-q.c
Role of-q.cRole of-q.c
Role of-q.c
rezowan241
 
Q1 Southern California Session Slides
Q1 Southern California Session SlidesQ1 Southern California Session Slides
Q1 Southern California Session Slides
Harold Wong
 
Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7
Gabe Akisanmi
 
Web Sockets are not Just for Web Browsers
Web Sockets are not Just for Web BrowsersWeb Sockets are not Just for Web Browsers
Web Sockets are not Just for Web Browsers
cjmyers
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
Louis Göhl
 
What Is New In Wpf 3.5 Sp1
What Is New In Wpf 3.5 Sp1What Is New In Wpf 3.5 Sp1
What Is New In Wpf 3.5 Sp1
rsnarayanan
 
Connect Remotely Using Windows® 7 Direct Access
Connect Remotely Using Windows® 7 Direct AccessConnect Remotely Using Windows® 7 Direct Access
Connect Remotely Using Windows® 7 Direct Access
Microsoft TechNet
 
Sommarkollo 2013 lync workshop
Sommarkollo 2013 lync workshopSommarkollo 2013 lync workshop
Sommarkollo 2013 lync workshop
Tommy Clarke
 
the grinder testing certification
the grinder testing certificationthe grinder testing certification
the grinder testing certification
Vskills
 
[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?
[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?
[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?
NWEXAM
 
Mike Taulty Beyond Silverlight With W P F
Mike Taulty Beyond Silverlight With W P FMike Taulty Beyond Silverlight With W P F
Mike Taulty Beyond Silverlight With W P F
ukdpe
 
Download PCNSE Dumps PDF - Pass4sureClub.com
Download PCNSE Dumps PDF - Pass4sureClub.comDownload PCNSE Dumps PDF - Pass4sureClub.com
Download PCNSE Dumps PDF - Pass4sureClub.com
llise7401
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
Amazon Web Services
 
Crossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationCrossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful Degradation
C4Media
 
Best practices for live streaming
Best practices for live streamingBest practices for live streaming
Best practices for live streaming
Alden Fertig
 
Ultimate PCNSE Practice Dumps by Test4Parctice.pdf
Ultimate PCNSE Practice Dumps by Test4Parctice.pdfUltimate PCNSE Practice Dumps by Test4Parctice.pdf
Ultimate PCNSE Practice Dumps by Test4Parctice.pdf
Mike Robert
 
L2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by stepL2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by step
Ahmed Abdelwahed
 
All levels of performance testing and monitoring in web-apps
All levels of performance testing and monitoring in web-appsAll levels of performance testing and monitoring in web-apps
All levels of performance testing and monitoring in web-apps
Andrii Skrypnychenko
 
Vpn 3 13_07
Vpn 3 13_07Vpn 3 13_07
Vpn 3 13_07
Rajiv Rony
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
RightScale
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
Aruba, a Hewlett Packard Enterprise company
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
kajalverma014
 

Contenu connexe

Similaire à Vp nwebcast williams_wallaboswell

Web Sockets are not Just for Web Browsers
Web Sockets are not Just for Web BrowsersWeb Sockets are not Just for Web Browsers
Web Sockets are not Just for Web Browsers
cjmyers
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
Louis Göhl
 
What Is New In Wpf 3.5 Sp1
What Is New In Wpf 3.5 Sp1What Is New In Wpf 3.5 Sp1
What Is New In Wpf 3.5 Sp1
rsnarayanan
 
Connect Remotely Using Windows® 7 Direct Access
Connect Remotely Using Windows® 7 Direct AccessConnect Remotely Using Windows® 7 Direct Access
Connect Remotely Using Windows® 7 Direct Access
Microsoft TechNet
 
Mike Taulty Beyond Silverlight With W P F
Mike Taulty Beyond Silverlight With W P FMike Taulty Beyond Silverlight With W P F
Mike Taulty Beyond Silverlight With W P F
ukdpe
 
Download PCNSE Dumps PDF - Pass4sureClub.com
Download PCNSE Dumps PDF - Pass4sureClub.comDownload PCNSE Dumps PDF - Pass4sureClub.com
Download PCNSE Dumps PDF - Pass4sureClub.com
llise7401
 
L2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by stepL2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by step
Ahmed Abdelwahed
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
RightScale
 

Similaire à Vp nwebcast williams_wallaboswell (20)

Q1 Southern California Session Slides
Q1 Southern California Session SlidesQ1 Southern California Session Slides
Q1 Southern California Session Slides
 
Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7Windows 2008 R2 & Windows7
Windows 2008 R2 & Windows7
 
Web Sockets are not Just for Web Browsers
Web Sockets are not Just for Web BrowsersWeb Sockets are not Just for Web Browsers
Web Sockets are not Just for Web Browsers
 
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
SVR402: DirectAccess Technical Drilldown, Part 2 of 2: Putting it all together.
 
What Is New In Wpf 3.5 Sp1
What Is New In Wpf 3.5 Sp1What Is New In Wpf 3.5 Sp1
What Is New In Wpf 3.5 Sp1
 
Connect Remotely Using Windows® 7 Direct Access
Connect Remotely Using Windows® 7 Direct AccessConnect Remotely Using Windows® 7 Direct Access
Connect Remotely Using Windows® 7 Direct Access
 
Sommarkollo 2013 lync workshop
Sommarkollo 2013 lync workshopSommarkollo 2013 lync workshop
Sommarkollo 2013 lync workshop
 
the grinder testing certification
the grinder testing certificationthe grinder testing certification
the grinder testing certification
 
[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?
[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?
[Latest] How to Prepare for Nuage Networks 4A0-N07 Certification?
 
Mike Taulty Beyond Silverlight With W P F
Mike Taulty Beyond Silverlight With W P FMike Taulty Beyond Silverlight With W P F
Mike Taulty Beyond Silverlight With W P F
 
Download PCNSE Dumps PDF - Pass4sureClub.com
Download PCNSE Dumps PDF - Pass4sureClub.comDownload PCNSE Dumps PDF - Pass4sureClub.com
Download PCNSE Dumps PDF - Pass4sureClub.com
 
AWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
 
Crossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationCrossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful Degradation
 
Best practices for live streaming
Best practices for live streamingBest practices for live streaming
Best practices for live streaming
 
Ultimate PCNSE Practice Dumps by Test4Parctice.pdf
Ultimate PCNSE Practice Dumps by Test4Parctice.pdfUltimate PCNSE Practice Dumps by Test4Parctice.pdf
Ultimate PCNSE Practice Dumps by Test4Parctice.pdf
 
L2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by stepL2 tp i-psec vpn on windows server 2016 step by step
L2 tp i-psec vpn on windows server 2016 step by step
 
All levels of performance testing and monitoring in web-apps
All levels of performance testing and monitoring in web-appsAll levels of performance testing and monitoring in web-apps
All levels of performance testing and monitoring in web-apps
 
Vpn 3 13_07
Vpn 3 13_07Vpn 3 13_07
Vpn 3 13_07
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid Clouds
 
EMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issuesEMEA Airheads- Troubleshooting 802.1x issues
EMEA Airheads- Troubleshooting 802.1x issues
 

Dernier

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
Asmae Rabhi
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
galaxypingy
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
ayvbos
 

Dernier (20)

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx75539-Cyber Security Challenges PPT.pptx
75539-Cyber Security Challenges PPT.pptx
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 

Vp nwebcast williams_wallaboswell

  • 1. WEBCAST SCHEDULEWEBCAST SCHEDULE Today’s event will run one-hour long. Here are the expectedToday’s event will run one-hour long. Here are the expected times for each segment of the Webcast:times for each segment of the Webcast:  :00 – :05: Moderator introduces the speaker and discusses the:00 – :05: Moderator introduces the speaker and discusses the details of the Webcast.details of the Webcast.  :05- :35: Speaker delivers a PowerPoint presentation on the:05- :35: Speaker delivers a PowerPoint presentation on the Webcast topic.Webcast topic.  :35- :60: Moderator and speaker engage in a Q&A on the topic.:35- :60: Moderator and speaker engage in a Q&A on the topic.
  • 2. TECHNICAL FAQsTECHNICAL FAQs Here are answers to the most common technical problems users encounter during aHere are answers to the most common technical problems users encounter during a Webcast:Webcast: Q: Why can’t I hear the audio part of the webcast?Q: Why can’t I hear the audio part of the webcast? A: Try increasing the volume on your computer.A: Try increasing the volume on your computer. Q: I just entered the webcast and do not see the slide that the speaker is referring to. WhatQ: I just entered the webcast and do not see the slide that the speaker is referring to. What should I do?should I do? A: The slides are constantly being pushed to your screen. You should refresh (hit F5) toA: The slides are constantly being pushed to your screen. You should refresh (hit F5) to view the latest slide.view the latest slide. Q. I can’t view some of the detail on the slides. How do I enlarge the slides for a better view?Q. I can’t view some of the detail on the slides. How do I enlarge the slides for a better view? A: Click the “Enlarge slide” link in the upper right corner of your presentation. This willA: Click the “Enlarge slide” link in the upper right corner of your presentation. This will open a new browser with a full view of the current slide.open a new browser with a full view of the current slide. You can also visit the Broadcast Help page for more information or to test your browserYou can also visit the Broadcast Help page for more information or to test your browser compatibility. Click here: http://audience.broadcast.yahoo.comcompatibility. Click here: http://audience.broadcast.yahoo.com If you still have technical questions or problems, send an e-mail toIf you still have technical questions or problems, send an e-mail to WebcastHelp@TechTarget.comWebcastHelp@TechTarget.com. A technical support person will respond to you within. A technical support person will respond to you within 24 hours.24 hours.
  • 3. TechTarget Virtual Private Networks onVirtual Private Networks on Windows 2000 andWindows 2000 and Windows 2003 ServerWindows 2003 Server Bill BoswellBill Boswell Windows Consulting GroupWindows Consulting Group
  • 4. Slide PresentationSlide Presentation Prepared ByPrepared By Mark WallaMark Walla Secure Logistix CorpSecure Logistix Corp Robert WilliamsRobert Williams Secure Logistix CorpSecure Logistix Corp
  • 5. VPN Webcast ExpectationsVPN Webcast Expectations  Technical overview of VPN technology … this isTechnical overview of VPN technology … this is not intended to troubleshoot VPNsnot intended to troubleshoot VPNs  Provide tutorial on Virtual Private Networks basicsProvide tutorial on Virtual Private Networks basics  DefinitionsDefinitions  ProtocolsProtocols  ConfigurationConfiguration  ArchitectureArchitecture  Go through VPN implementation with theGo through VPN implementation with the Windows 2003 Server familyWindows 2003 Server family  Participants should have working knowledge ofParticipants should have working knowledge of computing networks and the Windows platformcomputing networks and the Windows platform
  • 6. VPN DefinitionVPN Definition A Virtual Private Network is a connectionA Virtual Private Network is a connection between two communication endpointsbetween two communication endpoints that ensures privacy and authenticationthat ensures privacy and authentication VPN connections between offices createsVPN connections between offices creates a tunnel through which users can accessa tunnel through which users can access resources securely without dedicatedresources securely without dedicated point-to-point WAN linkspoint-to-point WAN links
  • 7. VPN ConfigurationsVPN Configurations Two general VPN configurations:Two general VPN configurations: Site-to-SiteSite-to-Site RRAS servers acts as demand-dial VPN routersRRAS servers acts as demand-dial VPN routers Example: Branch office with Internet accessExample: Branch office with Internet access connects via VPN to corporate networkconnects via VPN to corporate network Remote accessRemote access RRAS server acts as endpoint for clientRRAS server acts as endpoint for client connectionsconnections Example: XP laptop connects through Internet toExample: XP laptop connects through Internet to main office from hotel roommain office from hotel room
  • 10. AuthenticationAuthentication VPNs use standard PPP for initialVPNs use standard PPP for initial authenticationauthentication Password-based authentication to RRASPassword-based authentication to RRAS serverserver X.509 certificates used to establish secureX.509 certificates used to establish secure connection for IP Security (IPSec)connection for IP Security (IPSec) Protocol selection dependent on client andProtocol selection dependent on client and serverserver Windows servers support all InternetWindows servers support all Internet standardsstandards
  • 12. PPP Authentication ProtocolsPPP Authentication Protocols  Password AuthenticationPassword Authentication Protocol (PAP)Protocol (PAP)  Sends password in clear textSends password in clear text  Shiva Password AuthenticationShiva Password Authentication  Sends encrypted password - canSends encrypted password - can be compromisedbe compromised  Challenge HandshakeChallenge Handshake Authentication ProtocolAuthentication Protocol (CHAP(CHAP))  Uses MD-5 hash of user’s plainUses MD-5 hash of user’s plain text password and challenge.text password and challenge. Requires reversible password.Requires reversible password.  Microsoft ChallengeMicrosoft Challenge Handshake AuthenticationHandshake Authentication Protocol (MS-CHAPProtocol (MS-CHAP))  One-way authentication (One-way authentication (notnot mutual) between client and server.mutual) between client and server. Challenge hashed with user’sChallenge hashed with user’s Windows password hashWindows password hash  MS-CHAP Version 2MS-CHAP Version 2  Stronger version of MS-CHAP thatStronger version of MS-CHAP that uses longer challenge, salteduses longer challenge, salted response, mutual authentication,response, mutual authentication, and a more secure passwordand a more secure password change mechanismchange mechanism  Extensible AuthenticationExtensible Authentication Protocol (EAPProtocol (EAP))  Allows for additional protocolsAllows for additional protocols within PPP authenticationwithin PPP authentication  IEEE 802.1X SupportIEEE 802.1X Support  EAP module that supportsEAP module that supports certificate-based authenticationcertificate-based authentication using RADIUSusing RADIUS
  • 13. VPN Uses Encrypted TunnelVPN Uses Encrypted Tunnel Encrypted data encapsulated in additionalEncrypted data encapsulated in additional protocolprotocol Forms impenetrable pipe between endpointsForms impenetrable pipe between endpoints TCP and IP headers included in encryptedTCP and IP headers included in encrypted payload to prevent eavesdroppingpayload to prevent eavesdropping Only IP address of tunnel endpoints requiredOnly IP address of tunnel endpoints required to route packetsto route packets Window uses MPPE, L2TP and IPSec toWindow uses MPPE, L2TP and IPSec to encrypt data within VPNencrypt data within VPN
  • 14. Point to Point Tunneling ProtocolPoint to Point Tunneling Protocol  Uses standard PPP authenticationUses standard PPP authentication  Authentication occurs prior to forming tunnelAuthentication occurs prior to forming tunnel  Makes PPTP subject to Man-in-the-Middle exploitsMakes PPTP subject to Man-in-the-Middle exploits  Encapsulates PPP frame inside Generic RoutingEncapsulates PPP frame inside Generic Routing Encapsulation (GRE) datagramEncapsulation (GRE) datagram  IP Type 47 (0x2f)IP Type 47 (0x2f)  Sometimes not supported through ISP firewallSometimes not supported through ISP firewall  Establishes connection and sends control trafficEstablishes connection and sends control traffic over TCP Port 1723over TCP Port 1723  Standard PPP controls piggybacked on GREStandard PPP controls piggybacked on GRE  GRE datagrams not signedGRE datagrams not signed
  • 16. PPTP EncryptionPPTP Encryption  PPTP usesPPTP uses MicrosoftMicrosoft Point-to-Point EncryptionPoint-to-Point Encryption (MPPE) to encrypt GRE(MPPE) to encrypt GRE payloadpayload  RC4 Streaming encryptionRC4 Streaming encryption with 128-bit keywith 128-bit key  RRAS server has copy ofRRAS server has copy of user PW hashuser PW hash  Obtains via secure channelObtains via secure channel from domain controllerfrom domain controller  MPPE keys based onMPPE keys based on user passwordsuser passwords  PW hashed using MD4PW hashed using MD4  First 16 bytes of PW hashFirst 16 bytes of PW hash are hashed to produceare hashed to produce PwHashHashPwHashHash  PwHashHash hashed withPwHashHash hashed with challenge to form masterchallenge to form master keykey  Send and Receive keysSend and Receive keys generated from master keygenerated from master key
  • 18. Layer 2 Tunneling ProtocolLayer 2 Tunneling Protocol  Works at Layer 2 (Data Link)Works at Layer 2 (Data Link) rather than at the applicationrather than at the application layerlayer  Encap entire PPP frame (L2)Encap entire PPP frame (L2) within datagramwithin datagram  Datagram protocol depends onDatagram protocol depends on L2TP implementationL2TP implementation  Windows uses IPSecWindows uses IPSec Encapsulating SecurityEncapsulating Security Payload (ESP)Payload (ESP)  IP Protocol 50IP Protocol 50  ESP uses variety of algorithmsESP uses variety of algorithms  W2K3 uses 3DES by defaultW2K3 uses 3DES by default and AES if FIPS140 selectedand AES if FIPS140 selected in Group Policyin Group Policy  IPSec Handles Key ExchangeIPSec Handles Key Exchange  Internet Security AssociationInternet Security Association and Key Managementand Key Management Protocol (ISAKMP)Protocol (ISAKMP) Endpoints exchange sessionEndpoints exchange session keys encrypted with publickeys encrypted with public key of partnerkey of partner Occurs over UDP Port 500Occurs over UDP Port 500  Superior to PPTP -Superior to PPTP - Authentication occurs insideAuthentication occurs inside encrypted tunnel – no MIMencrypted tunnel – no MIM exploit possibleexploit possible  IPSec also offers data integrityIPSec also offers data integrity  Each L2TP datagram digitallyEach L2TP datagram digitally signed within IPSecsigned within IPSec Authentication Header (AH)Authentication Header (AH)
  • 22. L2TP Requires CertificatesL2TP Requires Certificates Deploy Windows PKIDeploy Windows PKI Refer to most current MSFT white papersRefer to most current MSFT white papers Use W2K3 CA to get maximum featuresUse W2K3 CA to get maximum features Can also use for EFS, S/MIME, SSLCan also use for EFS, S/MIME, SSL Configure group policy for autoenrollmentConfigure group policy for autoenrollment Feature available on W2K and W2K3Feature available on W2K and W2K3 Avoids manually obtaining ComputerAvoids manually obtaining Computer certificatescertificates
  • 23. IPSEC TunnelingIPSEC Tunneling L2TP not firewall friendlyL2TP not firewall friendly TCP headers encrypted in ESP payloadTCP headers encrypted in ESP payload Standard IPSec suffers from same problemStandard IPSec suffers from same problem W2K3 and XP support IPSec tunnelW2K3 and XP support IPSec tunnel through NATthrough NAT Can use IPSec Tunnel when L2TP and PPTPCan use IPSec Tunnel when L2TP and PPTP not available on VPN servers or clientsnot available on VPN servers or clients Look for NAT-T support in your firewallLook for NAT-T support in your firewall
  • 24. RRAS Server ConfigurationRRAS Server Configuration  Routing and remote access serviceRouting and remote access service  Installed by default but not enabledInstalled by default but not enabled  Configure for VPN to support individual usersConfigure for VPN to support individual users  Configure for VPN and router to support site-to-siteConfigure for VPN and router to support site-to-site tunnelstunnels  Configure PPTP ports for dial-in accessConfigure PPTP ports for dial-in access  LimitationsLimitations  W2K3 Web Edition only supports one inbound VPNW2K3 Web Edition only supports one inbound VPN connection at a timeconnection at a time  RRAS server must be domain member or useRRAS server must be domain member or use RADIUSRADIUS
  • 25. VPN PortsVPN Ports RRASRRAS server hasserver has virtual portsvirtual ports for VPNfor VPN connectionsconnections
  • 26. Remote Access PoliciesRemote Access Policies  Subset of RADIUSSubset of RADIUS policies in IASpolicies in IAS  By defaultBy default  7x24 access denied7x24 access denied  MS-RAS-Vendor =MS-RAS-Vendor = Microsoft deniedMicrosoft denied  First Policy WinsFirst Policy Wins  Lower precedentLower precedent policies not read ifpolicies not read if upper policy appliesupper policy applies
  • 27. Policy Profiles Assign RestrictionsPolicy Profiles Assign Restrictions
  • 28. Steps for PPTP ImplementationSteps for PPTP Implementation  Internet connection must support IP protocol 47Internet connection must support IP protocol 47 (GRE)(GRE)  Firewall must allow TCP Port 1723Firewall must allow TCP Port 1723  Configure RRAS ServiceConfigure RRAS Service  Configure for VPNConfigure for VPN  Configure L2TP ports for dial-in accessConfigure L2TP ports for dial-in access  Define Remote Access PolicyDefine Remote Access Policy  Denied by defaultDenied by default  VPN client configurationVPN client configuration  Create New Connection – Specify PPTP in NetworkCreate New Connection – Specify PPTP in Network
  • 29. Steps for L2TP ImplementationSteps for L2TP Implementation  Internet connection must support IP protocol 50Internet connection must support IP protocol 50 (ESP)(ESP)  Firewall must allow TCP Port 500Firewall must allow TCP Port 500  Routing and remote access serviceRouting and remote access service  Configure for VPNConfigure for VPN  Configure L2TP ports for dial-in accessConfigure L2TP ports for dial-in access  Enroll for Computer CertificatesEnroll for Computer Certificates  Configure autoenroll policy in W2K and W2K3Configure autoenroll policy in W2K and W2K3  Define Remote Access PolicyDefine Remote Access Policy  Denied by defaultDenied by default  VPN client configurationVPN client configuration  Create New Connection – Specify L2TP in NetworkCreate New Connection – Specify L2TP in Network
  • 30. Additional InformationAdditional Information  To receive a copy of Chapter 13: VPN andTo receive a copy of Chapter 13: VPN and IPSec fromIPSec from The Ultimate Windows 2003 ServerThe Ultimate Windows 2003 Server Administrator’s GuideAdministrator’s Guide (Addison Wesley 2003),(Addison Wesley 2003), contact Mark or Bob atcontact Mark or Bob at info@securelogistix.cominfo@securelogistix.com Mark WallaMark Walla Secure Logistix CorpSecure Logistix Corp Robert WilliamsRobert Williams Secure Logistix CorpSecure Logistix Corp
  • 31. Additional QuestionsAdditional Questions For more details on W2K3 VPNs andFor more details on W2K3 VPNs and Windows security information in general,Windows security information in general, contact Bill Boswellcontact Bill Boswell bboswell@winconsultants.combboswell@winconsultants.com
  • 32. Audience QuestionsAudience Questions Bill will be taking audience questions on this topic following the event. You can submit your specific questions for Bill by clicking the Ask a Question button in the lower left corner of your presentation screen.
  • 33. FeedbackFeedback Thank you for your participationThank you for your participation Did you like this Webcast topic? Would you like us toDid you like this Webcast topic? Would you like us to host other events similar to this one? Send us yourhost other events similar to this one? Send us your feedback on this event and ideas for other topics atfeedback on this event and ideas for other topics at editor@searchWin2000.comeditor@searchWin2000.com..