Network Access Server A network access server is 70-291 a server that functions as a gateway to a network for remote clients. Routing and Remote Access service can be used to configure a Windows Server 2003 server as a remote access server, which will enable remote clients to create dialup connections, or as a VPN server.
Remote access MCDBA servers authenticate clients as they attempt to connect, or a centralized authentication server may be configured if there is a need for multiple remote access servers. IAS Server, which is Microsoft’s implementation of RADIUS, is such a server.
RADIUS is covered in Lesson 3. In configuring your remote access server, you are able to:
Restrict remote clients’ access to only the remote access 70-649 server or to the entire network.
With this option, you can allow certain users to access only what is on the remote access server. For example, you can have job announcements listed in a shared folder located on the remote access server that you want potential employees outside of your organization to have access to. However, you do not want these users to be able to access any other resources located on other servers on your network. By 70-297 restricting users to only the remote access server, you have less chance of an attacker penetrating your local area network.
Choose the authentication methods that will be used by the server. Authentication is the validation of a user’s credentials when he or she attempts to log on to the remote access server. In other words: “Are you who you say you are? Does your password match the one in my database?” A good analogy is the situation of an out-of-towner trying to pay a bill in a fancy restaurant with a personal check. The waiter or manager of the restaurant needs to 70-291 authenticate the person writing the check, usually by asking for two forms of a picture ID (credentials).
Authentication should not be confused with authorization. Authorization is the verification of the user’s right to be where he or she is. That is: “Yes, you are who you say you are (authentication), but you are not allowed access (authorized) to the CEO’s bank account records.” Authorization occurs after a user has logged on and has been authenticated.
Configure Point-to-Point Protocol (PPP) options. Point-to-Point Protocol is an industry-standard protocol that replaced Serial Line Internet Protocol (SLIP) because of SLIP’s limitation of only 70-646 supporting Internet Protocol (IP). PPP works with multiple protocols and also has better security features, such as encryption, mutual authentication, callback, and caller-ID.
Configure event-logging preferences. A network access server supports three types of logging:
Event logging, which is the recording of events in the system event log. There are four levels of event logging available:
Log errors only Log errors and warnings (the default) Log the maximum amount of information Disable event logging Local Authentication and accounting logging, which enables you to track remote access usage and authentication-attempt information.
RADIUS-based authentication and 70-270 account logging, which enables you to track remote access usage and authentication attempts from multiple remote access servers. RADIUS is a centralized auditing- and accounting-based server usually used by most Internet Service Providers.
Authentication Methods for Remote Access After the remote client, remote server, and network infrastructure are configured, a method must be implemented to authenticate the clients who will be connecting to the remote access server and gaining access to your company’s network resources. After all, you do not want unauthorized access to your company’s resources to occur onyour network. Table 10-3 illustrates the various methods of 70-294 authentication available for
remote access clients, including wireless access clients.
http://latoniakate.123log.de/2008/11/07/pass4sure-70-294-exam-question-training/
