Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

Published byWarren Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design."— Presentation transcript:

1 1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design Optimization

2 2 RADIUS in Remote Access Designs Provides protocols that allow Remote access Remote user authentication Remote user auditing Remote user accounting Allows control of all security Includes RADIUS client and server

3 3 RADIUS Clients and Servers

4 4 RADIUS and Microsoft Windows 2000 RADIUS provided by Routing and Remote Access Internet Authentication Service (IAS) RADIUS client RADIUS server

5 5 RADIUS Design Review Determine the following: Amount of data transmitted Number of locations Connectivity and security capabilities Operating systems used Number of remote access clients Security needs

6 6 RADIUS Design Decisions RADIUS integration into existing network Number and placement of servers and clients Hardware requirements for clients Data protection methods User authentication methods Optimization methods

7 7 Outsourced Dial-Up Remote Access The most common design Dial-up outsourced to a third party Reduced dial-up costs Single set of logon credentials Enhanced security features

8 8 Outsourced Dial-Up Remote Access (Cont.)

9 9 In-House Remote Access Allows the organization to own the entire design Centralizes administration Avoids dependence on third-party vendors Places RADIUS clients Outside private network On screened subnets

10 10 In-House Remote Access (Cont.)

11 11 Partner Network Remote Access Provides remote access for partner’s users Centralizes administration Enhances security of partner’s access Places RADIUS client in partner’s network

12 12 Partner Network Remote Access (Cont.)

13 13 Number of RADIUS Clients and Servers RADIUS client Supports hundreds of remote access computers Requires same type of number decisions as for VPN RADIUS server Supports many RADIUS clients Requires one RADIUS server per user account database Provides for RADIUS authentication and accounting

14 14 Placing RADIUS Clients Make same type of placement decisions as for dial-up or VPN Place near remote users For dial-up, place geographically close For VPN, place near Internet connection

15 15 Placing RADIUS Servers Place near servers that manage user accounts For Active Directory directory service, place close to domain controllers Run IAS on a domain controller to reduce traffic

16 16 Connecting RADIUS Clients and Servers

17 17 Selecting Remote Access Client Support Make same type of design decisions as for VPN and dial-up. Specify a RADIUS realm, which Is a user account database Is the same as a domain in Microsoft Windows NT and Windows 2000 Specify a default realm for each RADIUS client.

18 18 Preventing Unauthorized Access Methods are the same as for VPN and dial-up. Shared secrets Identify authorized RADIUS clients and servers Use case-sensitive text strings Can be used to encrypt messages Must be configured on both client and server

19 19 Protecting Confidential Data Use same basic methods as for VPN and dial- up. Consider additional authentication methods. Encrypt data Between remote user and server within network Both ways between remote user and RADIUS clients Enforce remote access policies (RADIUS attributes) that are managed, stored, and replicated on RADIUS servers.

20 20 Enhancing RADIUS Availability Configure clients to use multiple servers. Works on all platforms Provides dynamic fault tolerance Servers must be manually added and deleted Use Network Load Balancing. Provides automatic reconfiguration Works only on RADIUS clients Requires extra resources Is not available for non–Microsoft operating systems

21 21 Improving RADIUS Performance Configure clients to use multiple servers. Works on all platforms Provides load balancing across multiple servers Servers must be manually added and deleted Use Network Load Balancing. Provides automatic reconfiguration Works only on RADIUS clients Requires extra resources Is not available for non–Microsoft operating systems

22 22 Chapter Summary RADIUS provides remote access solutions. RADIUS includes RADIUS clients and RADIUS servers. The design decisions for RADIUS depend on the configuration. Outsourced dial-up remote access designs In-house remote access designs Partner network remote access designs Protect data and improve availability and performance by using the same methods as for VPN and dial-up.

Download ppt "1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design."

Similar presentations

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.

Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 11: Dial-Up Connectivity in Remote Access Designs

Chapter 11: Dial-Up Connectivity in Remote Access Designs
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.

Similar presentations

Ads by Google