Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Network Access Security 133<br />
including Microsoft Windows 2003 Internet Authentication Services (IASes),<br />
Microsoft Windows 2008 Network Policy Server (NPS), and Linux systems using<br />
Kerberos or through non-OS implementations such as RSA Enterprise Single<br />
Sign-On (ESSO) solutions.<br />
Authentication Services<br />
Authentication services refer to the directory services accessed before the users<br />
are authenticated or services used to authenticate.<br />
REMOTE ACCESS SERVICES<br />
Remote access policies go beyond just authenticating the user. These policies<br />
define how the users can connect to the network. You may also grant or deny the<br />
permission to dial-in, based on the credentials presented by the remote users.<br />
A remote access policy defines the conditions, remote access permissions, and<br />
creates a profile for every remote connection made to the corporate network.<br />
Through remote access policies you can define the following:<br />
■ Grant or deny dial-in based on connection parameters such as type and<br />
time of the day<br />
■ Authentication protocols (Password Authentication Protocol (PAP), CHAP,<br />
EAP, MS-CHAP)<br />
■ Validation of the caller id<br />
■ Call back<br />
■ Apply connection restrictions upon successful authorization<br />
■ Create remote user/connection profile<br />
■ Assign a static IP or dynamic IP from the address pool defined for remote<br />
users<br />
■ Assign the user to a group to apply group policies<br />
■ Configure remote access permission parameters<br />
■ Define encryption parameters (for a remote access VPN client)<br />
■ Control the duration of the session including maximum time allowed and<br />
the idle time before the connection is reset<br />
Remote access policies can be configured in Microsoft Windows 2003 through<br />
IAS, in Windows 2008 through NPS and in Linux variants through Free Remote<br />
Authentication Dial-In User Service (RADIUS).<br />
REMOTE AUTHENTICATION DIAL-IN USER SERVICE AND BIOMETRICS<br />
When users dial into a network, RADIUS is used to authenticate usernames and<br />
passwords. A RADIUS server can either work alone or in a distributed environment,<br />
known as distributed RADIUS, where RADIUS servers are configured in a<br />
hierarchical structure. RADIUS supports a number of protocols including the<br />
following:<br />
■<br />
■<br />
■<br />
Point-to-Point Protocol (PPP)<br />
Password Authentication Protocol (PAP)<br />
Challenge Handshake Authentication Protocol (CHAP.)