1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

Slides:



Advertisements
Similar presentations
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Advertisements

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Module 1: Microsoft Windows 2000 Networking Services Infrastructure Overview.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Chapter 7 HARDENING SERVERS.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Internet Protocol Security (IPSec)
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Chapter 11: Dial-Up Connectivity in Remote Access Designs
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Windows 2003 and 802.1x Secure Wireless Deployments.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Overview of Active Directory Domain Services Lesson 1.
Clinic Security and Policy Enforcement in Windows Server 2008.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Module 12: Designing an AD LDS Implementation. AD LDS Usage AD LDS is most commonly used as a solution to the following requirements: Providing an LDAP-based.
Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
INSTALLING MICROSOFT EXCHANGE SERVER 2003 CLUSTERS AND FRONT-END AND BACK ‑ END SERVERS Chapter 4.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Overview of Microsoft ISA Server Introducing ISA Server Protects resourcesProtects resources Connects directly to the Internet and your private.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 4: Planning, Optimizing, and Troubleshooting DHCP
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
Designing Authentication for a Microsoft Windows 2000 Network Designing Authentication in a Microsoft Windows 2000 Network Designing Kerberos Authentication.
5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
Page 1 TCP/IP Networking and Remote Access Lecture 9 Hassan Shuja 11/23/2004.
Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
IMPLEMENTING DHCP Chapter 1
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Module 13: Networking Service Designs. Overview Evaluating the Existing Configuration Identifying the Essential Design Decisions Providing Security Enhancing.
Introduction to Active Directory
1 Chapter 8: DHCP in IP Configuration Designs Designs That Include DHCP Essential DHCP Design Concepts Configuration Protection in DHCP Designs DHCP Design.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
HNC COMPUTING - Network Concepts 1 Network Concepts Network Concepts Network Operating Systems Network Operating Systems.
1 Welcome to Designing a Microsoft Windows 2000 Network Infrastructure.
Module 10: RADIUS As a Solution for Remote Access.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Overview of Active Directory Domain Services Lesson 1.
Basharat Institute of Higher Education
Chapter 1 Introduction to Networking
Module 9: Configuring Network Access
Overview of Active Directory Domain Services
Microsoft Windows NT 4.0 Authentication Protocols
Module Overview Installing and Configuring a Network Policy Server
Chapter 5 : Designing Windows Server-Level Security Processes
Overview of Active Directory Domain Services
Chapter 15: Networking Services Design Optimization
Goals Introduce the Windows Server 2003 family of operating systems
PLANNING A SECURE BASELINE INSTALLATION
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design Optimization

2 RADIUS in Remote Access Designs Provides protocols that allow Remote access Remote user authentication Remote user auditing Remote user accounting Allows control of all security Includes RADIUS client and server

3 RADIUS Clients and Servers

4 RADIUS and Microsoft Windows 2000 RADIUS provided by Routing and Remote Access Internet Authentication Service (IAS) RADIUS client RADIUS server

5 RADIUS Design Review Determine the following: Amount of data transmitted Number of locations Connectivity and security capabilities Operating systems used Number of remote access clients Security needs

6 RADIUS Design Decisions RADIUS integration into existing network Number and placement of servers and clients Hardware requirements for clients Data protection methods User authentication methods Optimization methods

7 Outsourced Dial-Up Remote Access The most common design Dial-up outsourced to a third party Reduced dial-up costs Single set of logon credentials Enhanced security features

8 Outsourced Dial-Up Remote Access (Cont.)

9 In-House Remote Access Allows the organization to own the entire design Centralizes administration Avoids dependence on third-party vendors Places RADIUS clients Outside private network On screened subnets

10 In-House Remote Access (Cont.)

11 Partner Network Remote Access Provides remote access for partner’s users Centralizes administration Enhances security of partner’s access Places RADIUS client in partner’s network

12 Partner Network Remote Access (Cont.)

13 Number of RADIUS Clients and Servers RADIUS client Supports hundreds of remote access computers Requires same type of number decisions as for VPN RADIUS server Supports many RADIUS clients Requires one RADIUS server per user account database Provides for RADIUS authentication and accounting

14 Placing RADIUS Clients Make same type of placement decisions as for dial-up or VPN Place near remote users For dial-up, place geographically close For VPN, place near Internet connection

15 Placing RADIUS Servers Place near servers that manage user accounts For Active Directory directory service, place close to domain controllers Run IAS on a domain controller to reduce traffic

16 Connecting RADIUS Clients and Servers

17 Selecting Remote Access Client Support Make same type of design decisions as for VPN and dial-up. Specify a RADIUS realm, which Is a user account database Is the same as a domain in Microsoft Windows NT and Windows 2000 Specify a default realm for each RADIUS client.

18 Preventing Unauthorized Access Methods are the same as for VPN and dial-up. Shared secrets Identify authorized RADIUS clients and servers Use case-sensitive text strings Can be used to encrypt messages Must be configured on both client and server

19 Protecting Confidential Data Use same basic methods as for VPN and dial- up. Consider additional authentication methods. Encrypt data Between remote user and server within network Both ways between remote user and RADIUS clients Enforce remote access policies (RADIUS attributes) that are managed, stored, and replicated on RADIUS servers.

20 Enhancing RADIUS Availability Configure clients to use multiple servers. Works on all platforms Provides dynamic fault tolerance Servers must be manually added and deleted Use Network Load Balancing. Provides automatic reconfiguration Works only on RADIUS clients Requires extra resources Is not available for non–Microsoft operating systems

21 Improving RADIUS Performance Configure clients to use multiple servers. Works on all platforms Provides load balancing across multiple servers Servers must be manually added and deleted Use Network Load Balancing. Provides automatic reconfiguration Works only on RADIUS clients Requires extra resources Is not available for non–Microsoft operating systems

22 Chapter Summary RADIUS provides remote access solutions. RADIUS includes RADIUS clients and RADIUS servers. The design decisions for RADIUS depend on the configuration. Outsourced dial-up remote access designs In-house remote access designs Partner network remote access designs Protect data and improve availability and performance by using the same methods as for VPN and dial-up.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.