Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access...
-
Upload
cody-grant -
Category
Documents
-
view
217 -
download
3
Transcript of Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access...
![Page 1: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/1.jpg)
Module 9: Planning Network Access
![Page 2: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/2.jpg)
Overview
Introducing Network Access
Selecting Network Access Connection Methods
Selecting a Remote Access Policy Strategy
Selecting a Network Access Authentication Method
Planning a Network Access Strategy
![Page 3: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/3.jpg)
Lesson: Introducing Network Access
Network Access Requirements
Network Access Connections
Network Access Authentication Protocols
Connection Security Best Practices
Security Hosts
![Page 4: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/4.jpg)
Network Access Requirements
ConnectivityProtocol supportAuthenticationEncryption
ConnectivityProtocol supportAuthenticationEncryption
Network Access Server
IASServer
DHCP Server
DomainController
Dial-Up ClientWireless Access Point
Wireless LAN Client
VPN Client
LAN Client
![Page 5: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/5.jpg)
Network Access Connections
Network Access Server
IASServer
DHCP Server
DomainController
Dial-Up ClientWireless Access Point
VPN Client
LAN
Wireless Clients
![Page 6: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/6.jpg)
Network Access Authentication Protocols
Protocol Description
EAPEAP is a Point-to-Point Protocol (PPP)–based authentication mechanism that was adapted for use on point-to-point LAN segments
PEAP PEAP is an EAP type that addresses a security issue in EAP by first creating a secure channel that is both encrypted and integrity-protected with TLS
IEEE.802.1x IEEE 802.1x uses the physical characteristics of the switched LAN infrastructure to authenticate devices attached to a LAN port.
KerberosKerberos authentication provides single sign on to resources within a domain and to resources residing in trusted domains.
![Page 7: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/7.jpg)
Connection Security Best Practices
Configure Ethernet network adapters
Smart card
Protected EAP
MD5-Challenge
Support public key interactive logon
Use IPSec
Use a RADIUS infrastructure
![Page 8: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/8.jpg)
Security Hosts
Compare security hosts
Security host that performs authentication checks during a connection request
Security host that is called during the authentication process of the connection
Use an interactive logon model
![Page 9: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/9.jpg)
Lesson: Selecting Network Access Connection Methods
LAN Solution Considerations
VPN Solution Considerations
Dial-Up Solution Considerations
Multimedia: Planning for VPN and Dial-Up Clients
Wireless Solution Considerations
RADIUS Authentication Infrastructure
Guidelines for Selecting Network Access Connection Methods
![Page 10: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/10.jpg)
LAN Solution Considerations
Administrator
User
Web Server
DomainController
LAN
![Page 11: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/11.jpg)
VPN Solution Considerations
VPN TunnelTunneling Protocols
Tunneled Data
VPN TunnelTunneling Protocols
Tunneled Data
VPN ClientVPN Client
VPN ServerVPN Server
Address and Name Server AllocationAddress and Name Server AllocationDHCPServer
DomainController
AuthenticationAuthentication
PPP ConnectionPPP Connection
Transit NetworkTransit Network
![Page 12: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/12.jpg)
Dial-Up Solution Considerations
Dial-Up ClientDial-Up Client
Address and Name Server AllocationAddress and Name Server AllocationDHCPServer
DomainController
AuthenticationAuthentication
Remote AccessServer
Remote AccessServer
WAN Options:Telephone, ISDN,
or X.25
WAN Options:Telephone, ISDN,
or X.25
LAN and Remote AccessProtocols
LAN and Remote AccessProtocols
![Page 13: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/13.jpg)
Multimedia: Planning for VPN and Dial-Up Clients
The objective of this presentation is to explain how to plan for VPN and dial-up clients
You will learn how to:
Plan a server running Routing and Remote Access to provide dial-up or VPN services
Select a Routing and Remote Access configuration for dial-up or VPN services
Choose between a dial-up and a VPN solution
![Page 14: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/14.jpg)
Wireless Solution Considerations
DHCPServer
IAS Server
DomainController
Wireless Client(Station)
Wireless Client(Station)
Wireless Access Point
Wireless Access Point
Address and Name Server AllocationAddress and Name Server Allocation
AuthenticationAuthenticationPortsPorts
![Page 15: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/15.jpg)
RADIUS Authentication Infrastructure
InternetInternet
RADIUS Server(IAS)
RADIUS Server(IAS)
RADIUS Client(RRAS)
RADIUS Client(RRAS)
ClientClient
Dials in to a local RADIUS client to gain network connectivityDials in to a local RADIUS client to gain network connectivity
11
Forwards requests to a RADIUS serverForwards requests to a RADIUS server
22
Authenticates requests and stores accounting information
Authenticates requests and stores accounting information
33
Domain ControllerDomain
Controller
Communicates to the RADIUS client to grant or deny accessCommunicates to the RADIUS client to grant or deny access
44
![Page 16: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/16.jpg)
Guidelines for Selecting Network Access Connection Methods
Select network access connection methods for your enterpriseSelect network access connection methods for your enterprise
Determine client requirementsDetermine client requirements
Determine infrastructure requirementsDetermine infrastructure requirements
![Page 17: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/17.jpg)
Practice: Selecting Network Access Connection Methods
In this practice, you will select network access connection methods based on the provided scenario
![Page 18: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/18.jpg)
Lesson: Selecting a Remote Access Policy Strategy
Remote Access Policies
Remote Access Policy Conditions
User Account Dial-in Properties
User Profile Options
Guidelines for Selecting a Remote Access Policy Strategy
![Page 19: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/19.jpg)
Remote Access Policies
A remote access policy:A remote access policy:
Is stored locally, not in Active Directory
Consists of: Conditions User permissions Profile
Is stored locally, not in Active Directory
Consists of: Conditions User permissions Profile
![Page 20: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/20.jpg)
Remote Access Policy Conditions
IP AddressesIP Addresses
Authentication Type
Authentication Type
NAS-Port TypeNAS-Port Type
Time of DayTime of Day
AttributesAttributes
Caller IDsCaller IDs
User GroupsUser Groups
![Page 21: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/21.jpg)
User Account Dial-in Properties
Callback OptionsCallback Options
Apply Static Routes
Apply Static Routes Remote Access
PermissionRemote Access
Permission
Verify Caller IDVerify Caller ID
Assign a Static IP Address
Assign a Static IP Address
Dial-In PropertiesDial-In Properties
![Page 22: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/22.jpg)
User Profile Options
Component Defines the…
Authentication Authentication protocols that are to be used
Encryption Level of MPPE encryption that is to be accepted
Dial-in constraints Constraints that you would like to apply in the policy
IP IP address that is assigned to the client, and what IP filters will be applied to the connection
MultilinkAllowable multilink connections where multiple ports can be combined for a connection
AdvancedAdditional connection attributes (whether RADIUS or vendor-specific) that can be sent to the network access server to which the client is connecting
![Page 23: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/23.jpg)
Guidelines for Selecting a Remote Access Policy Strategy
Identify the remote access permissions that will be usedIdentify the remote access permissions that will be used
Identify the remote access conditions that will be usedIdentify the remote access conditions that will be used
Identify the remote access profile that will be usedIdentify the remote access profile that will be used
![Page 24: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/24.jpg)
Practice: Determining a Remote Access Policy Strategy
In this practice, you will plan a remote access strategy by using the provided scenario to define the required remote access options
![Page 25: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/25.jpg)
Lesson: Selecting a Network Access Authentication Method
Server Authentication Models and Methods
IAS as an Authentication Server
Guidelines for Selecting IAS as an Authentication Provider
![Page 26: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/26.jpg)
Server Authentication Models and Methods
Windows AuthenticationWindows AuthenticationRADIUSRADIUS
WirelessWireless
Dial-UpDial-Up
VPNVPN
802.1xEAP
802.11
Open system
Shared key
![Page 27: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/27.jpg)
IAS as an Authentication Server
CentralOffice
IASIAS
Windows Server 2003Domain Controller
Windows Server 2003Domain Controller
Partner Network
RRASRRAS
ISP
RRASRRAS
Internet
= RADIUS Client and Server Connection= RADIUS Client and Server Connection
Centralized remote access policies
Authentication provider
Centralized remote access policies
Authentication provider
![Page 28: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/28.jpg)
Guidelines for Selecting IAS as an Authentication Provider
Determine if you have a heterogeneous environment to supportDetermine if you have a heterogeneous environment to support
Determine if you have multiple access serversDetermine if you have multiple access servers
Determine if you have third-party Internet access providersDetermine if you have third-party Internet access providers
Determine your authentication needsDetermine your authentication needs
![Page 29: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/29.jpg)
Practice: Selecting Centralized Authentication for Network Access Using IAS
In this practice, you will select a centralized authentication for network access by using IAS
![Page 30: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/30.jpg)
Lesson: Planning a Network Access Strategy
Network Access Connection Strategy
Security-Based Authentication Methods
Remote Access Policy Strategies
Guidelines for Planning a Network Access Strategy
![Page 31: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/31.jpg)
Network Access Connection Strategy
Selecting a network access connection strategy includes:Selecting a network access connection strategy includes:
Evaluating enterprise requirements
Creating a comprehensive network access plan
Evaluating enterprise requirements
Creating a comprehensive network access plan
![Page 32: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/32.jpg)
Security-Based Authentication Methods
Security-based authentication requirementsSecurity-based authentication requirements
Secure network access
Strong authentication and encryption
Secure network access
Strong authentication and encryption
![Page 33: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/33.jpg)
Remote Access Policy Strategies
To determine a strategy:To determine a strategy:
Determine connection request conditions that need policies
Define policies to reflect requirements
Determine connection request conditions that need policies
Define policies to reflect requirements
![Page 34: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/34.jpg)
Guidelines for Planning a Network Access Strategy
Identify who will access the network and how they will access itIdentify who will access the network and how they will access it
Identify who will be allowed access to network resourcesIdentify who will be allowed access to network resources
Identify how the approved users will access the networkIdentify how the approved users will access the network
Integrate your authentication strategy across all of the remote access methodsIntegrate your authentication strategy across all of the remote access methods
![Page 35: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/35.jpg)
Lab A: Planning Network Access
Exercise 1: Planning for the LAN and Wireless Environment
Exercise 2: Planning for the WAN Environment
![Page 36: Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.](https://reader030.fdocuments.us/reader030/viewer/2022032803/56649e2b5503460f94b198cc/html5/thumbnails/36.jpg)
Course Evaluation