configurare vpn e accesso remoto con small business server 2003 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Configurare VPN e Accesso remoto con Small Business Server 2003 PowerPoint Presentation
Download Presentation
Configurare VPN e Accesso remoto con Small Business Server 2003

Loading in 2 Seconds...

play fullscreen
1 / 45

Configurare VPN e Accesso remoto con Small Business Server 2003 - PowerPoint PPT Presentation


  • 210 Views
  • Uploaded on

Configurare VPN e Accesso remoto con Small Business Server 2003. 5 maggio 2005 - 10:30. Agenda. VPN Basics La protezione delle comunicazioni di rete Encryption overview VPN a confronto Client-to-LAN LAN-to-LAN VPN in dettaglio tunneling protocol authentication encryption

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Configurare VPN e Accesso remoto con Small Business Server 2003' - lilianna


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda
  • VPN Basics
    • La protezione delle comunicazioni di rete
    • Encryption overview
  • VPN a confronto
    • Client-to-LAN
    • LAN-to-LAN
  • VPN in dettaglio
    • tunneling protocol
    • authentication
    • encryption
  • Le tecnologie di Windows Small Business Server 2003 per VPN Client-to-LAN

Live Demo...

che cosa una vpn
Che cosa è una VPN ?
  • Dal sito di Windows Server 2003

“Microsoft defines a virtual private network as the extension of a private network that encompasses links across shared or public networks like the Internet.”

  • http://www.microsoft.com/windowsserver2003/techinfo/overview/vpnfaq.mspx
quali problemi abbiamo con una comunicazione di rete che usa connettivit pubblica come internet

IdentitySpoofing

Man-in-the-Middle

DataModification

NetworkMonitoring

Password-based

Quali problemi abbiamo con una comunicazione di rete che usa connettività pubblica come Internet?
la soluzione la cifratura dei dati trasmessi

Encrypted IP Packet

La soluzione: la cifratura dei dati trasmessi
  • Encrypts Data at the Application Layer
    • SSL
    • TLS
  • Encrypts Data at the Network Layer
    • Tunneling Protocol
    • IPSec
virtual private networks vpn

Virtual Private Networks (VPN)

una applicazione delle tecnologie di encryption

vpn basics
VPN Basics
  • Una tecnologia di encryption
  • Un metodo/protocollo di Tunneling
  • Una modalità di connessione e trasporto(Client-to-LAN, LAN-to-LAN)
  • Un insieme di definizioni per
    • IP Addressing
    • Authentication
    • Authorization
    • Auditing
crittografia
Crittografia
  • Encryption Keys & Algorithms
  • Una tecnologia molto antica

Encrypted IP Packet

utilizzi dell encryption
Utilizzi dell’encryption
  • implementa la riservatezza delle comunicazioni
  • fornisce delle tecniche per realizzare l’autenticazione dei soggetti della comunicazione
symmetric encryption

Symmetric encryption:

  • Usa la stessa chiave per cifrare e decifrare
  • E’ spesso referenziata come bulk encryption
  • E’ intrinsicamente vulnerabile per il concetto di “Shared secret”: la chiave è condivisa
Symmetric Encryption

Original Data

Cipher Text

Original Data

utilizzi della symmetric encryption
Utilizzi della symmetric encryption
  • Cifratura dei canali di trasmissione
  • Semplicità
  • Prestazioni
  • Gestione delle session-key dei protocolli sicuri
    • SSL
    • Kerberos
    • ...
utilizzi della asymmetric encryption
Utilizzi della Asymmetric encryption
  • Riservatezza delle comunicazioni (PK Encryption)
    • spesso in congiunzione con session key simmetriche
  • Identificazione degli estremi (soggetti) della comunicazione (PK Authentication)
  • Algoritmi più complessi
  • Meno efficente della symmetric
  • Per un uso libero richiede la distribuzione/pubblicazione delle chiavi pubbliche
public key encryption

2

Encrypted Message is Sent Over Network

3A78

1

Alice Encrypts Message with Bob’s Public Key.

Data

3

Bob Decrypts Message with Bob’s Private Key.

Public Key Encryption

Data

3A78

public key authentication

2

Message is Sent Over Network

~*~*~*~

1

Alice Signs Message with Her Private Key.

3

Bob Validates Message is From Alice with Alice’s Public Key.

Public Key Authentication

~*~*~*~

~*~*~*~

vpn client to lan connecting remote users to a corporate network

Internet

VPN Client-to-LAN:Connecting Remote Users to a Corporate Network

Corporate Network

VPN ServerComputer

VPN Tunnel

Remote User

vpn lan to lan connecting remote networks to a local network

Internet

VPN LAN-to-LAN:Connecting Remote Networks to a Local Network

Local Network

VPN ServerComputer

VPN Tunnel

VPN ServerComputer

Remote Network

vpn a confronto lan to lan
VPN a confronto: LAN-to-LAN
  • prevede l’utilizzo di apparati/server che gestiscono la comunicazione vpn e fanno da gateway tra le due reti
  • encryption applicata solo nelle comunicazioni tra i gateway (tunnel-endpoint)
  • encryption simmetrica di tipo “Shared-Key”
  • IP Addressing  progettare
vpn a confronto client to lan
VPN a confronto: Client-to-LAN
  • è una tipica connessione uno (gateway/Access Point) a molti (Client)
  • encryption applicata nelle comunicazioni tra il gateway ed N client
  • encryption di tipo “Shared-Key” non adeguata (distribuzione della chiave in N posti!)
  • può usare protocolli PPP-based (PPTP, L2TP)
  • per usare IPsec richiede tecniche di Asymmetric encryption (PKI, certificati, ...)
  • IP Addressing  semplice ed integrato
virtual private network protocols

Internetwork Must Be IP Based

No Header Compression

No Tunnel Authentication

Built-in PPP Encryption

Virtual Private Network Protocols

PPTP*

L2TP**

Internetwork Can Be IP, Frame Relay, X.25, or ATM Based

Header Compression

Tunnel Authentication

Uses IPSec Encryption

Internet

Client

Server

PPTP or L2TP

*PPTP: rfc 2637 - **L2TP: rfc 2661

selecting a tunneling protocol
Selecting a Tunneling Protocol

Features

Tunneling Protocol

L2TP/ IPSec

PPTP IPSec Tunnel Mode

authentication protocols
Authentication Protocols
  • Standard Authentication Protocols
  • Extensible Authentication Protocols
standard authentication protocols
Standard Authentication Protocols

Protocol

Security

Use when

PAP

Low

The client and server cannot negotiate using more secure validation

SPAP

Medium

Connecting a Shiva LANRover and Windows 2000–based client or a Shiva client and a Windows 2000–based remote access server

CHAP

High

You have clients that are not running Microsoft operating systems

MS-CHAP

High

You have clients running Windows NT version 4.0 and later or, Microsoft Windows 95 and later

MS-CHAP

v2

High

You have dial-up clients running Windows 2000, or VPN clients running Windows NT 4.0 or Windows 98

extensible authentication protocols
Extensible Authentication Protocols
  • Allows the Client and Server to Negotiate the Authentication Method That They Will Use
  • Supports Authentication by Using
    • MD5-CHAP
    • Transport Layer Security (TLS)
    • PEAP, Smartcard, ...
  • Ensures Support of Future Authentication Methods Through an API
encryption protocols
Encryption Protocols

Members of this group dial-in profile can use IPSec 56-bit Data Encryption Standard (DES) or MPPE 40-bit data encryption

Members of this group dial-in profile can use IPSec 56-bit DES or MPPE 56-bit data encryption

Members of this group dial-in profile can use IPSec Triple DES (3DES) or MPPE 128-bit data encryption

windows small business server 2003

Windows Small Business Server 2003

VPN setup & configuration

vpn client to lan

4

VPN server transfers

data

3

VPN server checks the

directory to authenticate

and authorize the caller

1

VPN client calls the

VPN server

2

VPN server

answers the call

VPN Client-to-LAN

A VPN extends the capabilities of a private network to encompass links across shared or public networks, such as the Internet, in a manner that emulates a point-to-point link

Windows Small

Business Server

VPN Client

VPN Server

architettura di deployment consigliata
Architettura di deployment consigliata

SBS è (anche) unF i r e w a l l ! ! !

Posizioniamolo come tale nella rete

Internet

rete pubblica(es: 193.205.245.24/29)

xDSL

Fibra ottica

ISDN

...

.2

Internet

Router

(ISP)

azienda.local

SBS

rete pubblica (con NAT)(es: 192.168.0.0/24)

rete privata

192.168.16.0/24

windows small business server remote access wizard
Windows Small Business Server Remote Access Wizard

This wizard provides on-screen instructions for configuring your server for:

VPN connections

Dial-up connections

Both VPN and dial-up connections

After clicking Finish, the wizard:

Configures the server according to your selected settings

Creates the Client Connection Manager configuration file

Configures the remote access policy to allow members of the Mobile Users group to use remote access

slide40
RASW
  • Client config (RWW)
  • RRAS configuration overview
sicurezza e controllo
Sicurezza e controllo
  • Remote Access Account Lockout (KB816118)
  • Authorizing VPN Connections (Dial-in)
  • Remote Access Policy Profile Packet Filtering
  • Accounting, Auditing, and Monitoring
riferimenti e risorse
Riferimenti e risorse
  • Risorse tecniche per Windows Small Business Server 2003http://www.microsoft.com/italy/windowsserver2003/sbs/techinfo/default.mspx
  • MOC Course 2395: Design, Deploy, and Manage a Network Solution for a Small and Medium Businesshttp://www.microsoft.com/traincert/syllabi/2395AFinal.asp
  • Exam 70-282: Design, Deploy, and Manage a Network Solution for a Small- and Medium-Sized Businesshttp://www.microsoft.com/learning/exams/70-282.asp
riferimenti e risorse1
Riferimenti e risorse
  • Virtual Private Networks for Windows Server 2003http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
  • Virtual Private Networking with Windows Server 2003: Deploying Remote Access VPNshttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndeplr.mspx
  • Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNshttp://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/networking/vpndpls2.mspx
https msevents eu microsoft com cui welcomepage aspx event
https://msevents-eu.microsoft.com/cui/WelcomePage.aspx?Event...https://msevents-eu.microsoft.com/cui/WelcomePage.aspx?Event...
slide45

© 2004 Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.