Section 11: Implementing Remote Connectivity

1. Section 11: Implementing Remote Connectivity CSIS 479R Fall 1999 “Network +” George D. Hickman, CNI, CNE

2. Objectives • Explain the capabilities and requirements for remote access • Evaluate the current network and user environment • Select an appropriate data transmission technology • Design a secure remote access solution

3. Objectives (Con’t) • Design optimal performance in a remote access solution • Configure Windows 95/98 or Windows NT clients for remote access • Connect remotely to a server using a modem-equipped Windows client

4. Remote Access Software (Server) • Operates one or more modems connected to the server • Provides network services to remote users • Enforces network security across remote connections • NetWare 5 • Novell Internet Access Server (NIAS) • Windows NT Server • Remote Access Server (RAS)

5. Remote Network Services • Login / Authentication • Applications (Email, database, etc.) • Print documents remotely • Connect to the Internet or intranet • Obtain routing to distant network services • Most other “locally” available services

6. Remote Access (Voice Line) Limitations • Connection speed • 28.8 – 56 K bps vs. 10-100 M bps (LAN) • Connection security • Phone lines allow an “in” for hackers to access your network • Expense • Long distance charges, or “measured rate” charges may apply

7. Implementing Remote Access • Evaluate current network and user environment • Select transmission media for use between server and remote workstation • Prevent unauthorized remote users from accessing the network • Tune remote client and server configurations for maximum performance • Install and configure software to enable remote access

8. Evaluate current network and user environment • Where is the best place to locate the remote access server? • Is a server with enough capacity available somewhere? • Is it located where inexpensive connections are possible? • Where do remote users need to connect from, and what resources do they need to access? • How many, how often, how many simultaneously?

9. Select transmission media • ISDN • Digital service • Basic Rate Interface (BRI) Primary Rate (PRI) • BRI has 2 B + 1 D channel B channel is 64 KB • POTS • Plain Old Telephone Service • 33.6-56 K

10. Transmission Media • xDSL • Dedicated Point-to-Point connections on existing copper wires • Not available everywhere (like Payson) • ADSL 8.192 Mbps download / slower upload • HDSL T1 speeds 1.544 Mbps up/download • Splitterless DSL <1 Mbps, no special equipment needed

11. Prevent unauthorized remote users from accessing the network • Many remote access solutions by default have no security—they allow unrestricted access to any user by any port. Change this! • Is your policy flexible enough to adapt to new or emerging security threats? • What should be done when breaches are suspected? Who is notified? • How do you test your security effectiveness?

12. Isolating a Remote Access Server • Isolate the remote server, so if it is compromised, it does not compromise the entire network • Demilitarized Zone Design • All traffic from outside connects with the demilitarized server, which is connected to a screening router • All traffic going to the screening router is considered insecure, and evaluated before access is granted

13. Tune remote configurations for maximum performance • Low performance causes increased telco charges and lessens available links for other remote users • Minimal login scripts • Load frequently used apps on remote host • Use shortcuts/menus to avoid directory lists • Upgrade slower modems • Train users to expect slower access remotely

14. Connecting Remotely • Client usually initiates the session (calls the server) • User is prompted for a username and password • The modem becomes the slower equivalent of a NIC