Kategorie: Wszystkie - logging - quarantine - accounting - connections

przez sihui lau 16 lat temu

540

Remote Access

Remote Access

Remote Access Dial-InUser Services(RADIUS)

Managing & Logging Network Access Services

Specific Connections Logging
Connection Type: L2TP/IPSecLogfileName: Oakley logDescription: Records information about all Internet Key Exchange main-modeor quick-mode negotiation
Connection Type: L2TP/IPSecLogfile Name: Audit logDescription: Records information about IPSecrelated events
Connection Type: PPP Logfile Name:PPP logDescription: Records the series ot programmingfunctions and PPP control messages
Authentication & Accounting Logging
Isolate remote access policy issues
Maintain records for billing purposes
Track remote access usage and authentication attempts
Routing & Remote Access Logging
There are three types of logging-Event loggingRecords remote access server errors, warnings, and other information in thesystem event log-Local authentication and accounting loggingTracks usage and authentication attempts on the local remote access server-RADIUS-based authentication and accounting loggingTracks usage and authentication attempts on the RADIUS server

Network Access Quarantine

Connection Manager Profiles
Connection Manager Administration Kit-Used to create Connection Manager profiles-Can be installed from Add or Remove programs
Connection Manager profiles-Pre-package remote access connections for dial-up or VPN-Administrator-defined connection features-Simple client-side installation by using an executable-Post-connect script can be included to run Rqc.exe
Remote Access Policies
There are two important attributes used in NAQ policy profile-MS-Quarantine-Session-TimeoutThe amount of time a client can be connected to the remote access serverwhile quarantinedClient must validate its settings during this time-MS-Quarantine-IPFilterProvides access to quarantine resourcesConfigure input and output filters
Checklist for Network Access Quarantine
To prepare for NAQ-Enable Routing and Remote Access-Install the Remote Access Quarantine service-Create a validation script-Create quarantine resources-Create a remote access policy-Install the Connection Manager Administration Kit-Create a CM profile-Start the Remote Access Quarantine service
How Network Access Quarantine Works
NAQ process-Client connects using a CM profile-Routing and Remote Access validates the authentication request-MS-Quarantine-IPFilter and MS-Quarantine-Session-Timeoutsettings are applied to the connection-CM profile runs the post-connect script and executes Rqc.exe ifvalidation is successful-Rqs.exe on the server verifies the script version sent by Rqc.exe todetermine if it was valid-If Rqs.exe determines that the script version was valid, the remoteaccess client is removed from the quarantine
Requirements for Network Access Quarantine
What is Network Access Quarantine
Some of the standards that NAQ can be used to safeguard-Appropriate virus definition-Latest service packs and hotfixes-Routing disabled-Firewall installed-Password-protected screensaver
Network Access Quarantine can prevent remote accessclients from accessing resources until they conform to thecorporate IT policies

Centralizing Authentication Using IAS

Centralized Authentication & Policy Management
1.Dials in to a local RADIUS clientto gain network connectivity2.Forwards requests to a RADIUS server3.Authenticates requestsand stores accountinginformation4.Communicates to the RADIUSclient to grant or deny access
Windows Implementation of RADIUS
Configure IAS to support-Dial-up corporate access-Extranet access for business partners-Internet access-Outsourced corporate access through service providers
Internet Authentication Service (IAS) is the Microsoftimplementation of a RADIUS server
RADIUS Authentication
RADIUS can be used to-Centrally manage network access for VPN, dial-up, and wireless networks-Process connection requests or accounting messages from RADIUS clients or proxies
RADIUS is a protocol that enables centralized authentication,authorization, and accounting for network access