Objectives
description
Transcript of Objectives
![Page 1: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/1.jpg)
1
Objectives
• Wireless Access
• IPSec
• Discuss Network Access Protection
• Install Network Access Protection
![Page 2: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/2.jpg)
Wireless Access Configuration in Windows Server 2008
• 802.1x standard– Developed by the Institute of Electrical and Electronics
Engineers (IEEE)
• On 802.1x networks– Network access control provides an authentication
mechanism to allow or deny network access based on port connection
– WPA2-EAP (Wi-Fi Protected Authentication 2 – EAP)
2
![Page 3: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/3.jpg)
Wireless Access Configuration in Windows Server 2008 (continued)
• Categories of EAP implementations– EAP over local area network (LAN)
• EAP-TLS
– EAP over wireless • PEAP: Protected Extensible Authentication Protocol
• 802.1x uses a three-component model for authenticating access to networks– Supplicant– Authenticator– Authentication server
3
![Page 4: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/4.jpg)
4
![Page 5: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/5.jpg)
Internet Protocol Security
• An open-standards framework for securing network communications
• IPSec meets three basic goals– Authentication– Integrity– Confidentiality
5
![Page 6: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/6.jpg)
IPSec Threats
• Depending on the configuration of IPSec, it provides protection from the following threats– Data tampering– Denial of service– Identity spoofing– Man-in-the-middle attacks– Repudiation– Network traffic sniffing
6
![Page 7: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/7.jpg)
How IPSec Works
• IPSec modes of operation– Transport mode– Tunnel mode
• Scenarios available when deploying IPSec– Site to site– Client to client– Client to site
7
![Page 8: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/8.jpg)
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration
8
![Page 9: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/9.jpg)
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration
9
![Page 10: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/10.jpg)
Using IPSec
![Page 11: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/11.jpg)
How IPSec Works (continued)
• IPSec security association modes– IPSec uses the Internet Key Exchange (IKE) to
negotiate security protocols – IKE generates the encryption and authentication
keys used by IPSec for the transaction– IPSec performs transactions in two phases
• Main mode/Phase 1
• Quick mode/Phase 2
11
![Page 12: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/12.jpg)
How IPSec Works (continued)
• IPSec security methods– IPSec uses two security services
• Encapsulating Security Payload
• Authentication Header
• IPSec policies– Can be managed with the following tools
• WFAS, IP Security Policy snap-in
• Netsh, GPME
12
![Page 13: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/13.jpg)
13
![Page 14: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/14.jpg)
14
![Page 15: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/15.jpg)
Network Access Protection
• NAP can be broken into three parts– Health policy validation– Health policy compliance– Access limitation
15
![Page 16: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/16.jpg)
NAP Terminology
• Enforcement Client
• Enforcement Server
• Host Credential Authorization Protocol
• Health Registration Authority
• Network Policy Server
• Remediation Server
• System Health Agent
• System Health Validator
16
![Page 17: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/17.jpg)
NAP Enforcement Methods
• The five types of NAP enforcement methods used by NAP– 802.1x-authenticated connections– Dynamic Host Configuration Protocol (DHCP)
address configurations– IPSec communications– Terminal Services Gateway (TS Gateway)
connections– Virtual Private Network (VPN) connections
17
![Page 18: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/18.jpg)
Implementing NAP
• NAP – Designed by Microsoft to allow you to customize it to
meet the unique needs of your networks– Implementing and configuring NAP differs from
network to network based on requirements and policies
18
![Page 19: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/19.jpg)
19
![Page 20: Objectives](https://reader035.fdocuments.in/reader035/viewer/2022070417/56815444550346895dc24fe2/html5/thumbnails/20.jpg)
Installing NAP
• NAP is part of the NPS role
• To install NAP components– Add the NPS role either through the Role Services
Wizard or from the command line using servermanagercmd.exe
20