This section provides a summary of using network location profiles to identify network connection types. Details include:



Similar documents
VPN. VPN For BIPAC 741/743GE

Implementing and Managing Security for Network Communications

Understanding the Cisco VPN Client

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

DIRECTACCESS FEATURE IN WINDOWS 7

Configuring IPsec VPN with a FortiGate and a Cisco ASA

How To Set Up A Vpn Tunnel Between Winxp And Zwall On A Pc 2 And Winxp On A Windows Xp 2 On A Microsoft Gbk2 (Windows) On A Macbook 2 (Windows 2) On An Ip

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

1. Introduction to DirectAccess. 2. Technical Introduction. 3. Technical Details within Demo. 4. Summary

Chapter 4 Virtual Private Networking

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Administering Windows Server 2012

This module explains how to configure and troubleshoot DNS, including DNS replication and caching.

DirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team

MOC 20413C: Designing and Implementing a Server Infrastructure

Configuring Windows Server 2008 Network Infrastructure

IT SYSTEMS ADMINISTRATOR PROGRAM

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Chapter 8 Virtual Private Networking

COURSE 20411D: ADMINISTERING WINDOWS SERVER 2012

Designing and Implementing a Server Infrastructure

Course Administering Windows Server About this Course. Level: 200 Technology: Windows Server 2012

Designing and Implementing a Server Infrastructure

Windows Server 2012 R2 Certification

Administering Windows Server 2012

Build Your Knowledge!

Designing and Implementing a Server Infrastructure MOC 20413

IPv6 Security: How is the Client Secured?

Administering Windows Server 2012

Training Name Installing and Configuring Windows Server 2012

Administering Windows Server 2012

COURSE OUTLINE MOC 20413: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

NE-20411D Administering Windows Server 2012

How To Industrial Networking

Designing and Implementing a Server Infrastructure

Administering Windows Server 2012

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure)

Administering Windows Server 2012 Course M Day(s) 30:00 Hours

411-Administering Windows Server 2012

Administering Windows Server 2012

Administering Windows Server 2012

Designing and Implementing a Server Infrastructure

Chapter 6 Basic Virtual Private Networking

Course 20411D: Administering Windows Server 2012

GNAT Box VPN and VPN Client

Configure IPSec VPN Tunnels With the Wizard

MS 6421 Configuring and Troubleshooting a Windows Server 2008 Infrastructure

Networking with Windows Server vb. Day(s): 5. Version: Overview

VPN Consortium Scenario 1: Gateway-to-Gateway with Preshared Secrets

Administering Windows Server 2012

Administering Windows Server 2012

ISG50 Application Note Version 1.0 June, 2011

Designing and Implementing a Server Infrastructure

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure (6421B)

Microsoft Windows Server System White Paper

Administering Windows Server 2012

EXAM Recertification for MCSE: Server Infrastructure. Buy Full Product.

Using IPSec in Windows 2000 and XP, Part 2

Windows XP VPN Client Example

Lesson Plans Administering Security in a Server 2003 Network

Lesson Plans Managing a Windows 2003 Network Infrastructure

Quality is Advantage

Build Your Knowledge!

COURSE 20413C: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

Designing and Implementing a Server Infrastructure

Administering Windows Server 2012

Designing and Implementing a Server Infrastructure

20413C: Designing and Implementing a Server Infrastructure

This is a distance learning course.

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

VPN Wizard Default Settings and General Information

Designing and Implementing a Server Infrastructure 20413C; 5 days, Instructor-led

Course Outline. Course 6421B : Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

Configuring and Troubleshooting a Windows Server 2008 Network Infrastructure

LinkProof And VPN Load Balancing

AV-006: Installing, Administering and Configuring Windows Server 2012

Course 20413: Designing and Implementing a Server Infrastructure

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

Overview. Protocols. VPN and Firewalls

6421B - Windows Server 2008 R2 Network Infrastructure

Understanding Windows Server 2003 Networking p. 1 The OSI Model p. 2 Protocol Stacks p. 4 Communication between Stacks p. 13 Microsoft's Network

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Desingning and Implementing a Server Infrastructure

Configuring & Troubleshooting Windows 2008 Server 2008 Network Infrastructure

Planning and Implementing Windows Server 2008

Designing and Implementing a Server Infrastructure Course#20413B

Administrator's Guide

Configuring a FortiGate unit as an L2TP/IPsec server

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

ZyWALL 5. Internet Security Appliance. Quick Start Guide Version 3.62 (XD.0) May 2004

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Configuring Windows 2000/XP IPsec for Site-to-Site VPN

Creating a Gateway to Gateway VPN between Sidewinder G2 and Linux

Technical Document. Creating a VPN. GTA Firewall to WatchGuard Firebox SOHO 6 TD: GB-WGSOHO6

MS-6421A - Confgure and Troubleshoot a Windows Server 2008 Network Infrastructure

"Charting the Course... MOC D Administering Windows Server Course Summary

VPN Solutions. Lesson 10. etoken Certification Course. April 2004

STONEGATE IPSEC VPN 5.1 VPN CONSORTIUM INTEROPERABILITY PROFILE

Transcription:

Module 7 Network Access and Security In Module 7 students will learn several strategies for controlling network access and enhancing network security. These will include: controlling network location profiles, configuring a RADIUS client, server and proxy, configuring a DHCP server as an enforcement point, enforcing network authentication using Kerberos and NTLM, configuring a firewall, and configuring IPsec to protect IP packets during transmission. Section 7.1: Network Location Profiles This section provides a summary of using network location profiles to identify network connection types. Details include: Network profile types: o Domain o Public o Private Configuring profile settings manually Enforcing profile settings Change the location type on a client computer. Configure Network List Manager Policies to control client network connections profiles. 104. Configure Windows Firewall with Advanced Security. o Configure firewall by using Group Policy o Network location profiles 7.1.1 Network Location Profiles 1:31 7.1.2 Configuring Network List Manager Policies 6:00 Total 7:31

Total : About 10 minutes Section 7.2: RADIUS This section discusses using Remote Authentication Dial-In User Service (RADIUS) to consolidate network policies for multiple servers to authenticate remote access clients. Details include: Components of a RADIUS solution: o Remote access clients o RADIUS client o RADIUS server o RADIUS proxy o Remote RADIUS server group o Network policies o Connection request policies o RADIUS Accounting o NPS templates o User account databases o RADIUS messages Configuring the components to configure a RADIUS solution: o RADIUS server o RADIUS client o Remote access client o RDIUS proxy o RADIUS accounting Best practices for configuring NPS for RADIUS Configure a remote access server as a RADIUS client. Configure a RADIUS server. Configure a RADIUS proxy by configuring Remote RADIUS Server groups and Connection Request policies. 301. Configure remote access. 304. Configure Network Policy Server (NPS) o RADIUS accounting o Connection Request policies o RADIUS proxy o NPS templates

CIST2413 Microsoft Network Infrastructure 7.2.1 RADIUS 3:57 7.2.2 Installing the NPS Role 2:08 7.2.3 Configuring RADIUS 6:25 Total 12:30 Lab/Activity Configure a RADIUS Server Configure a RADIUS Client Configure a RADIUS Proxy Number of Exam Questions: 9 questions Total : About 40 minutes Section 7.3: Network Access Protection (NAP) This section examines how NAP can be used to regulate network access or communication based on a computer s compliance with health requirement policies. Details include: Features of NAP o Health state validation o Health policy compliance o Limited access network Components that comprise the NAP system: o NAP Client o NAP Server o Enforcement Server (ES) o Remediation Server Configuring NAP requires: o Configuring the NAP server o Configuring the client computer o Configuring the following enforcement points: DHCP VPN 802.1x Remote Desktop Gateway IPsec Configure a DHCP server as an enforcement point. Configure SHV settings, remediation server groups, health policies, and network policies for NAP.

Enable NAP enforcement on a client computer. 302. Configure Network Access Protection (NAP). o DHCP enforcement o VPN enforcement o Configure NAP health policies o IPsec enforcement o Multi-configuration System Health Validator (SHV) 7.3.1 Network Access Protection (NAP) 4:53 7.3.3 Configuring DHCP Enforcement 15:56 7.3.4 Configuring VPN Enforcement 13:03 7.3.5 NAP Enforcement Configuration 8:16 Total 42:08 Number of Exam Questions: 17 questions Total : About 65 minutes Section 7.4: Network Authentication In this section students will learn network authentication mechanisms for logging on to the server or domain. Details include: Kerberos authentication and authorization NTLM authentication and authorization Conditions of when to use different authentication methods: o Kerberos o NTLM v2 o NTLM or LM Best practices regarding configuring domain authentication Kerberos policy settings: o Enforce user logon restrictions o Maximum lifetime for service ticket o Maximum lifetime for user ticket o Maximum lifetime for user ticket renewal o Maximum tolerance for computer clock synchronization

Configure Group Policy to enforce the use of NTLMv2 for authentication. 7.4.1 LAN Authentication 1:49 7.4.2 Configuring LAN Authentication 2:41 Total 4:30 Lab/Activity Enforce NTLM v2 Number of Exam Questions: 1 question Total : About 15 minutes Section 7.5: Firewall This section discusses the specifics of managing a firewall. Details include: Tools you can use to manage the firewall: o Windows Firewall (in Control Panel) o Windows Firewall with Advanced Security Features of Windows Firewall with Advanced Security: o Profiles o Firewall rules o Connection security rules o Monitoring o Policies Use Window Firewall with Advanced Security to create the following types of inbound and outbound rules: o Program rule o Port rule o Predefined rule o Custom rule Types of connection security rules: o Isolation o Authentication exemption o Server-to-server o Tunnel o Custom Action options that apply to the traffic which meet the rule s conditions: o Allow the connection o Block the connection

o Allow the connection if it is secure Options that can be configured for network profiles: o Firewall state o Inbound connections o Outbound connections Tips for managing firewall settings Port numbers for common services Use the Basic Firewall to allow traffic based on port, protocol, or application. Use the Windows Firewall with Advanced Security to manage custom firewall rules. Use Group Policy to enforce firewall rules. 104. Configure Windows Firewall with Advanced Security. o Inbound and outbound rules o Custom rules o Authorized users o Authorized computers o Configure firewall by using Group Policy o Network location policies o Isolation policy o Connection security rules Log into LabSim and complete the tasks listed under Resources for each of the 7.5.1 Windows Firewall 4:04 7.5.3 Configuring Windows Firewall with Advanced Security 14:07 7.5.4 Configuring Firewall GPO Settings 2:39 Total 20:50 Number of Exam Questions: 11 questions Total : About 40 minutes Section 7.6: IPsec This section provides the details of how Internet Protocol Security (IPsec) protects IP packets during transmission. Details include: IPsec protocols:

o Authentication Header (AH) o Encapsulating Security Payload (ESP) o Internet Key Exchange (IKE) o Authenticated IP (AuthIP) Phases to establish the IPsec connection: o Phase 1 (Main Mode) o Phase 2 (Quick Mode) Protocols supported for configuring IPsec: o Integrity: SHA1 MD5 o Encryption: AES-256 AES-192 AES-128 3DES (Triple-DES) DES o Key exchange: Elliptic Curve Diffie-Hellman P-384 Elliptic Curve Diffie-Hellman P-256 Diffie-Hellman Group 14 Diffie-Hellman Group 2 Diffie-Hellman Group 1 Authentication: o Kerberos o NTLMv2 o Computer certificates, including health certificates o Preshared key Configuring IPsec through Windows Firewall with Advanced Security console Configure connection security rules by determining the rule type, requirements, authentication method, and profile(s) to which the rule applies. Monitor connection security rules and security associations. 104. Configure IPsec. o IPsec group policy 7.6.1 IPsec 6:14 7.6.3 IPsec Connection Security Rules 3:13

7.6.4 Configuring IPsec 7:17 7.6.6 IPsec Improvements 3:16 Total 20:00 Number of Exam Questions: 10 questions Total : About 40 minutes Section 7.7: DirectAccess This section discusses using DirectAccess as an automatic connectivity solution. Details include: A comparison of a VPN solution to a DirectAccess solution The support that DirectAccess provides DirectAccess connection methods: o Full enterprise network access (end-to-edge) o Selected server access (modified end-to-edge) o End-to-end The process that the DirectAccess client uses to connect to intranet resources DirectAccess requirements for the: o Infrastructure o Server o Client Configuration details for DirectAccess components: o Server o Client side 303. Configure DirectAccess. o IPv6 o IPsec o Server requirements o Client requirements 7.7.1 DirectAccess 9:00 Number of Exam Questions:13 questions : About 30 minutes

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information