Eicon Networks S92 Manuel d'utilisateur télécharger pdf (Page 133)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 133

ConfiguringtheR ASServer

TheRAS_NetRASserverisa“backdoor”tothenetwork. Itallowsthecompany

staffstoremoteaccessingtheserverresourcesinInternal_Serversaswellastoaccess

thecompany’sPublic_Servicesservers.Userswithoutformalaccountsinthedomain

controllerarenotallowedtologinviaRAS.

SecurityPolicy:

1. Onlylegitimateuserswiththevalidcredentialsandfromthevaliddialing

locationsareallowedtologin.

2. Disalloweverythingelse.

RASConfiguration:

ThisRASserverwillbeconfiguredwithapoolof 5modemsand5clientIPaddresses

(thatbelongstotheRAS_Netsubnet)forallocationtothedialinclients. Theseclients

areforcedtotakeandusetheseaddresses.Thecorrespondingfirewallfiltersat

VisNetic_1areconfiguredbasedtomakefilteringdecisionsbasedon theseaddresses.

TomakesurethatthisRASserverdoesnotconstituteasecurityhole,wemust:

n Takestepstoharden this Windows2000system.Refertothe“Products

Preparation”sectionforinformationonhowtoproceed.

n ConfigurethecorrespondingRemoteAccessPoliciesandrequiresstrong

encryptionaswellasstrongauthentication.

n Configureaccountlockoutpolicy torestrictthenumberofloginattempts

allowed.

n Configurethesystemtoacceptincomingcallsonlyfrompredefinednumbers,

andusecallbacksecuritytoensurethatonlythe“trueemployees”andnoone

elsecandialin.

Withremoteaccesspolicies,aconnectionisauthorizedonlyifthesettingsofthe

connectionattempttomatchatleastoneoftheremoteaccesspolicies.Accordingto

1 2 ... 128 129 130 131 132 133 134 135 136 137 138 ... 208 209

Pas de commentaire

Eicon Networks S92 Manuel d'utilisateur Page 133