| Author |
Remote access policies
|
|
| seastwood 2002-12-09, 8:03 pm |
| I have a few questions.
1. Does anyone know of a good online resource explaining remote access policies?
2. Can anyone explain how to answer the following question?
Your company has branch offices in London and San Francisco. Branch offices will support their own routing and remote access server. To centralize admin you implement a RADIUS server. You remove the default remote access policy. You need to implement one company policy to require all dial-up communications to use 40-bit encryption. The network requires secure communications. You want to accomplish these goals using the least amount of administrative effort. What should you do? (Choose 2)
A. Enable the Server IPSec policy on the RADIUS server
B. Create one remote access policy on the RADIUS server
C. Enable the Secure Server IPSec policy on the RADIUS server
D. Set encryption to Basic for the remote access policy or policies.
E. Set encryption to Strong for the remote access policy or policies.
F. Create one remote access policy on each of the Routing and Remote access servers.
Thanks
Sean | |
|
| read the Win2K help files on IAS -- MS' RADIUS server. Your answers are all there. | |
| Slinky 2002-12-09, 10:27 pm |
| I recommend reading the help files also, but to answer your question you will need to do B & D. You'll want to do B because RADIUS is all about centralized administration, and reating policys on every domain controller isn't very centralized, is it?  Basic encryption will give you a 40-bit strength, strong will be 56-bit and strongest will be 128-bit. IPSec is out the window because it can use either DES (56-bit) or 3DES both of which are stronger than basic. | |
|
| quote:
Originally posted by Slinky
I recommend reading the help files also, but to answer your question you will need to do B & D. You'll want to do B because RADIUS is all about centralized administration, and reating policys on every domain controller isn't very centralized, is it? Basic encryption will give you a 40-bit strength, strong will be 56-bit and strongest will be 128-bit. IPSec is out the window because it can use either DES (56-bit) or 3DES both of which are stronger than basic.
Yup. RADIUS is for centralized administration of RAS and Basic encryption is 40 Bit. B and D are your answers as Slinky stated.  | |
| Kidvegas19 2002-12-11, 1:06 am |
| quote:
Originally posted by seastwood
You need to implement one company policy to require all dial-up communications to use 40-bit encryption. The network requires secure communications.
quote:
Originally posted by Slinky
IPSec is out the window because it can use either DES (56-bit) or 3DES both of which are stronger than basic.
Interesting factoid: There is a one line special note in my training kit that reads "For dial-up networking connections, Windows 2000 uses MPPE"
Hmmmm... missed that the first 127 times I went over that page. I like how Slinky reasoned it out better IMHO. | |
| Slinky 2002-12-11, 9:09 am |
| L2TP uses DES or 3DES and PPTP uses MPPE. |
|
|
|