1 / 18

MCTS: Configuring Windows 7(70-680)

MCTS: Configuring Windows 7(70-680). Chapter 10, Lesson 2 Remote Connections. Lesson 2 Objectives. Establishing VPN Connections Configuring VPN Authentication Setting Up VPN Reconnect Manage VPN Security Auditing Configure NAP Quarantine Remediation. Types of Data Protection.

meryl
Download Presentation

MCTS: Configuring Windows 7(70-680)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. MCTS: Configuring Windows 7(70-680) Chapter 10, Lesson 2 Remote Connections

  2. Lesson 2 Objectives • Establishing VPN Connections • Configuring VPN Authentication • Setting Up VPN Reconnect • Manage VPN Security Auditing • Configure NAP Quarantine Remediation

  3. Types of Data Protection • Data Confidentiality- The protocol encrypts your data so that third parties cannot read it as it crosses public networks • Data Integrity-You will know if a third party tampers with your data in transit. • Replay Protection- Ensures that the same data cannot be sent more than once. In a replay attack, an attacker captures and resends data • Data Origin- The sender and receiver can be sure of the origin of the transmitted and received data

  4. VPN Protocols • PPTP-least secure form of VPN. PPTP VPN’s do not receive Public Key Infrastructure (PKI). Provide data confidentiality, but do not provide data integrity or data origin authentication • L2TP/IPsec –are more secure than PPTP. Provides pre-packet data origin authentication, data replay protection and data confidentiality. Uses digital certificates. • SSTP- Tunnels use port 443, meaning traffic can pass across almost all firewalls that allow internet traffic. Something the other protocols do not do. Provides data origin authentication, data replay protection, data integrity and data confidentiality. • IKEv2- New to Windows 7 and is not present in previous versions of Windows. Supports IPv6 and the new VPN reconnect feature. Supports Extensible Application Protocol(EAP) and computer certificates for client side authentication. Provides data origin authentication, data replay protection, data integrity and data confidentiality.

  5. VPN Authentication Protocols 2 Broad Categories of authentication protocols 1) Password based authentication protocols 2) Certificate based authentication protocols • PAP-Password authentication protocol. Uses unencrypted passwords for authentication. Not enabled by default on Windows 7 and is not supported by RAS servers running Windows Server2008. • CHAP-Challenge Authentication Protocol. Password based protocol. Not supported by RAS servers running Windows 2008 server. Enabled by default in Windows 7 VPN connections for 3rd party VPN servers. • MS-Chapv2-is a password based authentication protocol. Uses the credentials of a currently logged on user for authentication. • PEAP/PEAP-TLS- Certificate based authentication protocol. Requires athe installation of a computer certificate on the VPN server. • EAP-MS-CHAPv2/PEAP-MS-CHAPv2-The most secure password based authentication protocol avaliable to VPN clients running Windows 7. Requires the installation of a computer certifiacte on the VPN server but does not require a client certificate. • Smart Card or Other Certificate- Use this protocol when users are authenticating VPN connections using a smart card or a certificate installed on the computer.

  6. VPN Reconnect • New feature of Windows 7. When you connect to a VPN server using PPTP, L2TP/IPSec or SSTP protocol and you lose your VPN connection. VPN Reconnect allows clients running Windows 7 to reconnect automatically, even if the disruption has lasted for 8 hours. • Also works if connecting to a new internet access point causes the disruption i.e. moving from one wireless hot spot to another. • All editions of Windows 7 support VPN Reconnect. • Uses the IKEv2 tunnel protocol with the Mobike extension. The Mobike extension allows VPN users to change Internet Address without having to renegotiate authentication with the VPN server. • Only VPN server running Window Server 2008 R2 support IKEv2. • Timeout can be configured see fig.10-15

  7. NAP Remediation • IS a Windows 2008 Server technology that restricts network access based on an assessment of a clients computer’s health. • If the client computer meets the health benchmark it is allowed on the network. If it does not it is non-compliant. NAP blocks non-compliant computers. • Can be used on the LAN, VPN, RD Gateway and Direct Access Clients. • Some NAP Criteria Are: • Anti-Virus Installed • Anti-Spyware Installed • Windows Firewall Enabled • Are auto updates enabled • Have all the software updates been installed on the Client computer • The Security Health Validator (SHV’s) is used to specify those criteria SHV is included with Windows server 2008 R2

  8. Remediation Network • Is a special network that hosts services that allow a client to come back into compliance. • Non-Compliant clients can communicate with the hosts on the remediation network but not other hosts on the internal corporate network • Could include a Windows Server Update Service (WSUS), so clients can be updated.

  9. Remote Desktop and Application Publishing • Allow people to connect using Remote Desktop Connection Client to a server on which they run applications. • RD Gateway formerly Terminal Services Gateway allows users on the internet to make remote desktop connections to servers on the internal network without the user having to initiate a VPN connection. • Use Group Policy to Configure RD Gateway • Set RD Gateway authentication method • Enable Connection through RD Gateway • Set RD Gateway server address

  10. Remote APP and Dial-up Connection • Remote App-Allows applications that reside on the RD Services servers to have their display output shown in RDP clients. • If you have MS-Excel published through the Remote Desktop Services server only the excel application appears. Not the whole desktop. • RemoteApp enables you to make programs that are accessed remotely through Remote Desktop Services appear as if they are running on the end user's local computer. • Dial-up Connection- Windows 7 supports dial ups to ISP’s as long as a compatible modem is available. • You can Configure Windows 7 to accept incoming VPN and dial-up connections. The client running Windows 7 is able to function as a VPN and dial-up server. • Supports VPN’s that use PPTP protocol and allows only one incoming connection at a time.

  11. Auditing Remote Connections • You can configure Event Viewer to audit incoming Dial-up or VPN connections. • Two types of auditing • Basic Audit-records all attempts to log on and off the computer to which the policy applies. • Advanced-More detailed auditing policy.

  12. Lesson 2 Review Which of the following VPN types support the VPN Reconnect feature of Windows 7? A . PPTP B. L2TP/IPSec C . SSTP D. IKEv2

  13. Lesson 2 Review You work as a consultant for a small business that has a Windows Server 2008 network infrastructure. Each person that works at this business has a laptop computer running Windows 7 Professional. Several of the employees regularly stay at small motels around the country, and some have complained that they are unable to establish VPN connections to the office even though they are able to browse the Web using the motel Internet connection. Which of the following VPN protocols should you configure to resolve this problem? A . SSTP B. IKEv2 C . PPTP D. L2TP/IPsec

  14. Lesson 2 Review Your organization’s Routing and Remote Access server has Windows Server 2003 R2 installed. Which of the following protocols can you use to connect to the VPN server? A . SSTP B. IKEv2 C . PPTP D. L2TP/IPsec

  15. Lesson 2 Review Which of the following authentication protocols can you use to connect to an IKEv2 VPN? (Choose all that apply.) A . PEAP B. EAP-MSCHAP v2 C . Microsoft Smart Card or Other Certificate D. CHAP

  16. Lesson 2 Review You have connected to a free Wi-Fi access point at the local library with your computer running Windows 7 Professional. You want to connect to the server remote-desktop. contoso.internal so that you can run some special line-of-business applications. Your organization has a remote desktop gateway server at the address rdgateway.contoso.com. There are currently no VPN connections configured on your computer. How can you connect to remote-desktop.contoso.internal? A . Configure a DirectAccess connection and then connect to remote-desktop.contoso.internal using Remote Desktop Connection. B. Configure Remote Desktop Connection to use the Remote Desktop Gateway at remote-desktop.contoso. internal and then connect to rdgateway.contoso.com. C . Configure Remote Desktop Connection to use the Remote Desktop Gateway at rdgateway.contoso.com and then connect to remote-desktop.contoso.internal. D. Configure a DirectAccess connection and then connect to rdgateway.contoso.com using Remote Desktop Connection

  17. Lesson 2 Summary • Clients running Windows 7 support the PPTP, L2TP/IPsec, SSTP, and IKEv2 VPN protocols. • The IKEv2 VPN protocol is required if you want to use the VPN Reconnect feature. VPN Reconnect also requires a VPN server running Windows Server 2008 R2. • The SSTP protocol allows users to access VPNs from behind most firewalls because it • uses the same port as HTTPS traffic. • RD Gateways allow Remote Desktop Connection access to Remote Desktop hosts on an organization’s internal network without requiring that the external client use a VPN connection. RD Gateway also allows RemoteApp applications to be published to clients on the Internet. • EAP-MS-CHAPv2 is the strongest password-based authentication protocol, and it is the only password-based authentication protocol that can be used with IKEv2. • You can create a VPN or dial-up connection using the Create New Connection Wizard, which is available from the Network And Sharing Center. • Windows 7 can function as a dial-up and VPN server if you configure incoming connections. • NAP can be used to block remote access connections made by clients running Windows 7 that do not meet designated health benchmarks. These clients can be redirected to remediation networks that contain resources that allow them to become compliant.

More Related