Example Implementations for Remote Access
RAS is a complex technology that can be implemented in almost as many ways as there are customers to implement it. The scope of remote access configuration is far beyond what can be addressed within the security focus of this book. However, I can address some common configurations and examine the security-specific configurations and concerns.
Setting Up Remote Access Authentication for Dial-in Users
The most common use of RAS is for dial-up users to connect to the corporate network from remote locations with their modems. In this example, I’ll assume a third-party modem bank is used and configured to use a separate RADIUS server for authentication and accounting. This customer has allocated a Windows Server 2003 computer specifically to be used for IAS.
The written security requirements for remote users connecting to the corporate network include restriction on the hours allowed for dial-in connections to ensure the resources are used appropriately. In addition, security policy dictates that users must authenticate against an Active Directory domain.
To configure remote access to provide this functionality, follow these steps:
Install IAS on the server. You’ll find IAS in the Add or Remove Programs application on the Control Panel; just click Add/Remove Windows Components and select Internet Authentication Service from the Networking Services component’s Details list.
Open the Internet Authentication Service console from the Administrative Tools ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
