Eicon Networks S92 Manual de usuario descargar pdf (Pagina 133)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 133

ConfiguringtheR ASServer

TheRAS_NetRASserverisa“backdoor”tothenetwork. Itallowsthecompany

staffstoremoteaccessingtheserverresourcesinInternal_Serversaswellastoaccess

thecompany’sPublic_Servicesservers.Userswithoutformalaccountsinthedomain

controllerarenotallowedtologinviaRAS.

SecurityPolicy:

1. Onlylegitimateuserswiththevalidcredentialsandfromthevaliddialing

locationsareallowedtologin.

2. Disalloweverythingelse.

RASConfiguration:

ThisRASserverwillbeconfiguredwithapoolof 5modemsand5clientIPaddresses

(thatbelongstotheRAS_Netsubnet)forallocationtothedialinclients. Theseclients

areforcedtotakeandusetheseaddresses.Thecorrespondingfirewallfiltersat

VisNetic_1areconfiguredbasedtomakefilteringdecisionsbasedon theseaddresses.

TomakesurethatthisRASserverdoesnotconstituteasecurityhole,wemust:

n Takestepstoharden this Windows2000system.Refertothe“Products

Preparation”sectionforinformationonhowtoproceed.

n ConfigurethecorrespondingRemoteAccessPoliciesandrequiresstrong

encryptionaswellasstrongauthentication.

n Configureaccountlockoutpolicy torestrictthenumberofloginattempts

allowed.

n Configurethesystemtoacceptincomingcallsonlyfrompredefinednumbers,

andusecallbacksecuritytoensurethatonlythe“trueemployees”andnoone

elsecandialin.

Withremoteaccesspolicies,aconnectionisauthorizedonlyifthesettingsofthe

connectionattempttomatchatleastoneoftheremoteaccesspolicies.Accordingto

1 2 ... 128 129 130 131 132 133 134 135 136 137 138 ... 208 209

Sin comentarios

Eicon Networks S92 Manual de usuario Pagina 133