Transcript www.yorktech.com

1
Chapter 9
DESIGNING A STRATEGY
FOR NETWORK ACCESS
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
GATHERING AND ANALYZING INFORMATION

Business requirements

User requirements

Security requirements

Interoperability requirements
2
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
Business Requirements
3
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
4
USER AND SECURITY REQUIREMENTS

What tasks do employees and non-employees
need to perform remotely?

How long is each type of user connected remotely?

How many remote users are connected
concurrently?

What type of client computers must be supported?

Is encryption required to protect data
confidentiality?

Which portions of the network must remote users
access?
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
5
INTEROPERABILITY REQUIREMENTS

Determine the types of servers with which the RAS
server must interoperate.

Determine the types of clients the RAS server must
support.

In addition to TCP/IP, what other protocols must
the RAS server support?
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
REMOTE ACCESS CONNECTION METHODS

Network Access Server (NAS)

Dial-up networking

Public Switched Telephone Network (PSTN)

Integrated Services Digital Network (ISDN)

Basic Rate Interface (BRI)

Primary Rate Interface (PRI)
6
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
VIRTUAL PRIVATE NETWORKING
7
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
AUTHENTICATION METHODS
8
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
ENCRYPTION METHODS
9
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
10
INTEGRATING NAT WITH VPN
Considerations for NAT with PPTP
Considerations for NAT with L2TP
PPTP does not encrypt the IP header and
works with any NAT device.
L2TP and IPSec with ESP encryption does not work with
applications that require NAT translation tables.
The NAT device requires the appropriate
application tables
IPSec NAT-T must be used instead of the original IPSec
implementation in order for L2TP tunnels to function with
NAT. NAT-T allows IPSec traffic to pass through NAT
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
AUTHENTICATION USING RAS SERVER
11
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
PLACEMENT OF REMOTE ACCESS SERVERS
12
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
PLACEMENT OF VPN SERVERS
13
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
PLACEMENT OF RADIUS SERVERS
14
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
DESIGNING A REMOTE ACCESS POLICY
15
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
REMOTE ACCESS POLICY PROFILE
16
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
WIRELESS HARDWARE REQUIREMENTS
17
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
WIRELESS NETWORK ACCESS
18
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
POTENTIAL WIRELESS INTERFERENCE
19
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
WIRELESS ACCESS STANDARDS
20
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
WIRELESS ACCESS METHODS
21
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
WIRELESS SECURITY STRATEGIES
22
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
MANAGING WIRELESS ACCESS
23
Chapter 9:DESIGNING A STRATEGY FOR NETWORK ACCESS
24
SUMMARY

What information should you collect before designing a
remote access solution?

What are the remote access authentication methods?

When a client attempts a remote connection, are the
remote access policies or remote access profiles evaluated
first?

Which of the following can be a RADIUS client?

Dial-up server

VPN server

Wireless access point