Securing Remote Access Servers
To implement security for remote access servers, you must consider the configuration of servers running RRAS, IAS, and ISA Server. The combination of these servers and services provides the required security for remote access dial-up and VPN connections. Specifically, when designing security for remote access servers, consider taking the following measures:
Implement RADIUS authentication and accounting.
Secure RADIUS authentication traffic between the remote access server and the RADIUS server.
Configure a remote access policy.
If using L2TP/IPSec, deploy required certificates.
Restrict which servers can start or stop RRAS.
Implement remote access account lockout.
Implement a quarantine solution.
Implementing RADIUS ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.