...#7 | Implement a VPN Tunnel Between a Microsoft® Server and Microsoft® Client LAB #7 – ASSESSMENT WORKSHEET Implement a VPN Tunnel Between a Microsoft® Server and Microsoft® Client Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you configured a virtual private network (VPN) tunnel between a Windows server and client computers using RADIUS (Remote Authentication Dial-in User Service) authentication. Lab Assessment Questions & Answers 1. What is the name of the Windows Server 2008 role you need to deploy to provide remote access services to clients? Explain why this service is important in a corporate environment. 2. What was the IP host range that was allocated for the remote VPN client pool? 3. How many encryption settings are available from the remote access server? Which one is best? Which one provides backward compatibility? Assessment Worksheet 4. During a remote access session, how many times is a client asked to provide credentials? Is this an 101 example of multi-factor authentication? Explain. 5. Why is it important to use strong encryption in both authentication and communication protocols? Explain. 6. Name the available authentication methods (protocols) available when configuring the VPN. Which authentication method is considered stronger? Why? 7. What other type of connections are supported by Microsoft® Remote Access services in Server 2008? 7 Implement a VPN Tunnel...
Words: 318 - Pages: 2
...NT 1210 M1 Case studies # 9 Dear Mr. Sheehan: I would like to thank you for agreement regarding my recommendations to the company about deploying a SAN at each branch office, since each office uses data, audio, video and graphic files that are shared by staff at each location. The SAN may incorporate NAS devices which we have evaluated with different vendors. As we conducted a further research in order to provide you with more detail specifications on SAN and NAS solutions, we were able to come up with the following information design in a form of questions and answers. What is required to implement a SAN and /or NAS? Storage-area networks (SANs) are composed of computers and remote storage devices. The computers are typically connected to the remote storage devices using SCSI over Fibre Channel (see Figure 1). Other implementations of SAN exist, but this is the most common. In a SAN, all the storage appears local, just as if the remote disk were directly connected to the computer and physically located inside the computer chassis. Network-attached storage (NAS) devices appear to the user as a remote drive letter or are named remote storage device. Typically, the operating system employs a protocol such as Network File System (NFS) or Common Internet File System (CIFS) to discover, log in, and transfer content to and from a storage device. NFS and CIFS both communicate over Ethernet. The user typically enters a username and password, and then is granted access to a particular...
Words: 7132 - Pages: 29
...Contents I. Introduction ……………………………………………….. 1 - 2 II. VPN Topology……………………………………………... 2 - 3 III. Types of VPNs……………………………………………... 3 - 5 IV. Components of VPNs………………………………………. 5 - 7 V. Productivity and Cost Benefit…………………………….... 7 - 9 VI. Quality of Service………………………………………….. 9 VII. The Future of VPN……………………………………….... 9 - 11 VIII. Conclusion…………………………………………………. 11 IX. Bibliography………………………………………………...12 - 13 X. Questions……………………………………………………14 Introduction Virtual. Virtual means not real or in a different state of being. In a VPN, private communication between two or more devices is achieved through a public network the Internet. Therefore, the communication is virtually but not physically there. Private. Private means to keep something a secret from the general public. Although those two devices are communicating with each other in a public environment, there is no third party who can interrupt this communication or receive any data that is exchanged between them. Network. A network consists of two or more devices that can freely and electronically communicate with each other via cables and wire. A VPN is a network. It can transmit information over long distances effectively and efficiently. The term VPN has been associated in the past with such remote connectivity services as the (PSTN), Public Switched Telephone Network but VPN networks have finally started to be linked with IP-based data networking...
Words: 4870 - Pages: 20
...Contents I. Introduction ……………………………………………….. 1 - 2 II. VPN Topology……………………………………………... 2 - 3 III. Types of VPNs……………………………………………... 3 - 5 IV. Components of VPNs………………………………………. 5 - 7 V. Productivity and Cost Benefit…………………………….... 7 - 9 VI. Quality of Service………………………………………….. 9 VII. The Future of VPN……………………………………….... 9 - 11 VIII. Conclusion…………………………………………………. 11 IX. Bibliography………………………………………………...12 - 13 X. Questions……………………………………………………14 Introduction Virtual. Virtual means not real or in a different state of being. In a VPN, private communication between two or more devices is achieved through a public network the Internet. Therefore, the communication is virtually but not physically there. Private. Private means to keep something a secret from the general public. Although those two devices are communicating with each other in a public environment, there is no third party who can interrupt this communication or receive any data that is exchanged between them. Network. A network consists of two or more devices that can freely and electronically communicate with each other via cables and wire. A VPN is a network. It can transmit information over long distances effectively and efficiently. The term VPN has been associated in the past with such remote connectivity services as the (PSTN), Public Switched Telephone Network but VPN networks have finally started to be linked with IP-based data networking...
Words: 4870 - Pages: 20
...Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct. 3. What vulnerabilities are introduced by implementing a Remote Access Server? Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication. 5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access. Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control. 6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used...
Words: 1143 - Pages: 5
...Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 3.1 Document Revised: Document Published: November 25, 2013 August 9, 2012 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. Text Part Number: THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED...
Words: 126829 - Pages: 508
...Table of Contents Chapter 1 Evaluating the Cisco ASA VPN Subsystem .......................................3 Chapter 2 Deploying Cisco ASA IPsec VPN Solutions ............................. 42 Chapter 3 Deploying Cisco ASA AnyConnect Remote-Access SSL VPN Solutions..............................109 Chapter 4 Deploying Clientless RemoteAccess SSL VPN Solutions ................148 Chapter 5 Deploying Advanced Cisco ASA VPN Solutions .............................184 CCNP Security VPN 642-648 Quick Reference Cristian Matei ciscopress.com [2] CCNP Security VPN 642-648 Quick Reference About the Author Cristian Matei, CCIE No. 23684, is a senior security consultant for Datanet Systems, Cisco Gold Partner in Romania. He has designed, implemented, and maintained multiple large enterprise networks, covering the Cisco security, routing, switching, service provider, and wireless portfolios of products. Cristian started this journey back in 2005 with Microsoft technology and finished the MCSE Security and MCSE Messaging tracks. He then joined Datanet Systems, where he quickly obtained his Security and Routing & Switching CCIE, among other certifications and specializations, such as CCNP, CCSP, and CCDP. Cristian has been a Cisco Certified Systems Instructor (CCSI) since 2007, teaching CCNA, CCNP, and CCSP curriculum courses. In 2009, he received a Cisco Trusted Technical Advisor (TTA) award and became certified as a Cisco IronPort Certified Security Professional (CICSP) on E-mail...
Words: 52748 - Pages: 211
...VPN Concepts A virtual private network (VPN) is used to transport data from a private network to another private network over a public network, such as the Internet, using encryption to keep the data confidential. In other words, a VPN is an encrypted connection between private networks over a public network, most often the Internet. VPNs provide the following services: Confidentiality: VPNs prevent anyone in the middle of the Internet from being able to read the data. The Internet is inherently insecure as data typically crosses networks and devices under different administrative controls. Even if someone is able to intercept data at some point in the network they won’t be able to interpret it due to encryption. Integrity: VPNs ensure that data was not modified in any way as it traversed the re Internet. Authentication: VPNs use authentication to verify that the device at the other end of VPN is a legitimate device and not an attacker impersonating a legitimate device. Cost savings - VPNs enable organizations to use the global Internet to connect remote offices and remote users to the main corporate site, thus eliminating expensive, dedicated WAN links and modem banks. Security - VPNs provide the highest level of security by using advanced encryption and advanced authentication protocols that protect data from unauthorized access. Scalability - Because VPNs use the Internet infrastructure within ISPs and devices, it is easy to add new users. Corporations...
Words: 6523 - Pages: 27
...Network Design Proposal for Retail Technologies Corporation NETW410, Enterprise Network Design Team Leader: Juba Cochran Team Members: Brian Perez, Matthew Smith November 18, 2010 Table of Contents Executive Summary………………………………………………………………………….........2 Introduction……………………………………………………………….....................................3 Customer Introduction……………………………………………………………………….........4 Organizational Goals …………......5 Organizational Constraints...............................................................................................................6 Technical Goals of Existing Network..............................................................................................7 Technical Constraints of Existing Network.......………………………………………………..…8 Existing Network Design Analysis...……………………………………………………………...9 Technical Goals of New Network Design...……………………………………………………..10 Technical Constraints of New Network Design.....……………………………………………...11 New Network Design Analysis, Including Security………………………………….............12-19 Implementation Schedule……………………………………………………………….......…....20 Testing of The New Network……………………………………………………………............21 Budget............................................................................................................................................22 Detailed Summary.........................................................................................................................23 Detailed Components...
Words: 5466 - Pages: 22
... 2014 Table of Contents Abstract...........................................................................................Page 3 Introduction..................................................................................Page 4 Overview of the VPN …................................................................Page 4 1 A Brief History of Virtual Private Networks...............................................Page 4 2 Components of a Virtual Private Network..................................................Page 5 Current Uses for VPNs..................................................................Page 6 1 Why Virtual Private Networks are Advantageous..................................................Page 6 2 Virtual Private Networks Within Businesses...........................................................Page 6 3 Virtual Private Network Bypass Methods...............................................................Page 7 4 Privacy Concerns Addressed by Virtual Private Networks....................................Page 8 The Future of VPNs.......................................................................Page 9 5 Growing Concerns of Virtual Private Network Use..............................................Page 9 6 Evolution of Virtual Cloud Networks...................................................
Words: 2871 - Pages: 12
...Accounting. Allows all facets of user security to be defined on a central server. Abnormal END. Abnormal termination of software. 1.) In dealing with network security it is an all-encompassing term that refers to unauthorized data manipulation, system access, or privileged escalation. An all-encompassing term that refers to unauthorized data manipulation, system access, or privileged escalation. Unauthorized data retrieval is simply reading, writing, copying, or moving files that are not intended to be accessible to the intruder. Limiting the flow of information from the resources of a system to only the authorized persons or systems in the network. See ACE. access control Access Control Entry access control list See ACL. access device access layer Access Method Hardware component used in your signaling controller system: access server or mux. The point at which local end users are allowed into the network. 1.) Generally, the way in which network devices access the network medium. 2.) Software within an SNA processor that controls the flow of information through a network. Defines access rights and privileges for the network users. The access policy should provide guidelines for connecting external networks, connecting devices to a network, and adding new software to systems. The remote computer system which connects a personal computer to the Internet. Access Virtual Private Network. A Virtual Private Network (VPN) that provides remote access to a corporate intranet or extranet...
Words: 23221 - Pages: 93
...to create Network-attached storage (NAS) for a small company. This study was commissioned by Design Foundation Finland, aiming to improve the security and the management of the information. This research will be aiming to find the proper way to design and implement a network storage, which will be used as the main data storage within the company for creating an ideal solution for data maintenance, security and ease of access to all the data of the foundation. The outcome of the thesis is a solution, which is created from scratch, offering a design and implementation of an NAS in a small company with a relatively small budget. The case foundation is located in Lahti. The foundation was established in 2009, aimed to improve and support the education (of design), as well as research and development of design. Design Foundation Finland also has an own R&D group to improve the design of Finnish products in several industrial fields. The method used in this study is qualitative, based on the author’s own observation within the subject, interviews among the employees of the Design Foundation Finland and it is done by utilizing Design Science research methodology to develop an artifact. The study result offers a solution to implement and utilize an NAS device in a small company without huge investments...
Words: 10025 - Pages: 41
...Table of Contents Project Outline 3 Security Requirements 4 Perimeter Security 5 Client and Server Security 10 Database Security 10 Server Security 12 Wireless and Remote Access Security 15 Security Configuration Management 19 References 23 Project Outline Tiger Tees is a medium sized business with 4 locations across the eastern United States. This company produces and sells t-shirts for school systems, both locally and across the country via the internet. The organization’s headquarters is located in Beckley, West Virginia, and employs 25 people. The departments include the warehouse, human resources, accounting, sales, and administration. The second location of Tiger Tees is located in Columbus, Georgia, and employs 10 people full time, and 4 persons part time. The third location is located in Washington, DC, and employs 15 people. The fourth location located in Richmond, Virginia is the smallest of all the locations employing 5 persons full time. Tiger Tees is a fast growing company in dire need of a secure network that will ensure that the confidentiality, integrity, and availability of client information remain confidential. All transactions completed are sent to the organizational headquarters in Beckley, WV and processed there. In the past these orders and transactions have been completed by telephone and e-mail. A secure wide area network would streamline this process making the transactions more secure, and providing faster service to the customers...
Words: 5336 - Pages: 22
...Table of Contents INTRODUCTION 2 DESIGNING AND IMPLEMENTING AN AUTOMATIC IP-ADDRESSING MECHANISM 3 AUTOMATIC IP-ADDRESSING SCHEME FOR THE UWS NETWORK 3 INSTALLING AND AUTHORIZING A DHCP SERVER 4 CREATING AND CONFIGURATION OF DHCP SCOPES 8 CREATING AND TESTING DHCP CLIENT RESERVATIONS 10 IMPLEMENTING DHCP RELAY AGENTS 12 DOMAIN NAMING STRATEGY 16 DOMAIN NAME SERVICE INSTALLATION 17 DOMAIN NAME SERVICE LOOK UP ZONES 18 ZONE AUTHORITY DELEGATION 23 DNS DYNAMIC UPDATES 25 DNS RESOURCE RECORDS 25 NETBIOS NAME RESOLUTION 27 INSTALLATION OF WINS 27 STATIC WINS RECORD 28 CONFIGURING REPLICATION PARTNERS 30 ALTERNATIVE IP ADDRESSING STRATEGY 31 ALTERNATE NAME RESOLUTION TECHNIQUES 32 NETWORK PLAN FOR THE UWS GLASGOW SITE 32 NETWORK PLAN FOR THE UWS CLYDE SITE 33 NETWORK PLAN FOR THE UWS HEAD OFFICE SITE 33 OVERVIEW OF THE UWS NETWORK INFRASTRUCTURE AS A WHOLE 34 TROUBLESHOOTING STRATEGY FOR UWS NETWORK 34 BACK UP AND FAULT TOLERANCE STRATEGY FOR NETWORK SERVICES 38 NETWORK HEALTH MONITORING AND ANALYSES 38 CONNECTIVITY SOLUTIONS FOR MULTI-VENDOR -ENVIRONMENT 40 REMOTE CONNECTIVITY TO UWS NETWORK USING VPN 41 CONFIGURING INBOUND VPN CONNECTION 41 CONFIGURING REMOTE ACCESS POLICIES 45 CONFIGURING OUTBOUND VPN CONNECTION 48 NETWORK COUNTERACTIVE APPROACHES WITH REGARDS TO SECURITY THREATS 50 IMPLEMENTATION OF CERTIFICATE SERVICES 51 IPSEC IMPLEMENTATION 56 References 62 INTRODUCTION This is a case study about a company...
Words: 5792 - Pages: 24
...World-Wide Trading Company: Project Implementation Plan Group 3 Kristine Bird (AD Forest Domain OU, Groups and GPO Implementation) Ryan Bonisch (Contact list and LAN Implementation Tasks) Anthony Campo (Configuration of Routers, Switches, and VLANs) Gerald Casanada (Voice VLAN, Wireless, DHCP and DNS) Jennifer Coleman (AD Implementation and Tasks lists for AD Policies) Billie Jo Derouin (Security Implementation) Raymond Mack (Security Technology and Timeline) University of Maryland University College CMIT 495 Professor Sam Musa February 28, 2016 Table of Contents Introduction 2 Purpose 3 Implementation Requirements 3 Project Contact List 3 Tool List 3 Equipment Installation Plan 5 Project TimeLine 6 Lan Implementation task 7 Security Implementation task 11 Configuration Routers 41 Switches 46 VLAN Configurations 49 Voice VLAN and Wireless 51 DHCP and DNS 54 Active Directory Implementation Task 56 Active Directory Policies 58 AD Forest Domain OU formation/AD Group Formation/AD GPO Implementation 68 Security Technologies 88 Introduction The implementation of the WWTC is crucial to keep the business functioning and growing. To ensure that new office installation goes smooth group 3 will create a functional implementation plan from the design we proposed to WWTC over the last 7 weeks. Purpose The purpose of this plan is to provide a step by step guide on the network designed proposed...
Words: 13687 - Pages: 55
