La presentazione è in caricamento. Aspetta per favore

La presentazione è in caricamento. Aspetta per favore

Configurare VPN e Accesso remoto con Small Business Server 2003

Presentazioni simili


Presentazione sul tema: "Configurare VPN e Accesso remoto con Small Business Server 2003"— Transcript della presentazione:

1 Configurare VPN e Accesso remoto con Small Business Server 2003
5 maggio :30

2 Agenda Live Demo... VPN Basics VPN a confronto VPN in dettaglio
La protezione delle comunicazioni di rete Encryption overview VPN a confronto Client-to-LAN LAN-to-LAN VPN in dettaglio tunneling protocol authentication encryption Le tecnologie di Windows Small Business Server 2003 per VPN Client-to-LAN Live Demo...

3 Che cosa è una VPN ? Dal sito di Windows Server 2003 “Microsoft defines a virtual private network as the extension of a private network that encompasses links across shared or public networks like the Internet.”

4 Quali problemi abbiamo con una comunicazione di rete che usa connettività pubblica come Internet?
Network Monitoring Data Modification Identity Spoofing Man-in- the-Middle Password- based

5 La soluzione: la cifratura dei dati trasmessi
Encrypted IP Packet Encrypts Data at the Application Layer SSL TLS Encrypts Data at the Network Layer Tunneling Protocol IPSec

6 Virtual Private Networks (VPN)
una applicazione delle tecnologie di encryption

7 VPN Basics Una tecnologia di encryption
Un metodo/protocollo di Tunneling Una modalità di connessione e trasporto (Client-to-LAN, LAN-to-LAN) Un insieme di definizioni per IP Addressing Authentication Authorization Auditing

8 Crittografia Encryption Keys & Algorithms Una tecnologia molto antica
Encrypted IP Packet

9 Encryption Keys Key type Description Symmetric Asymmetric
La stessa chiave è usata per cifrare e decifrare i dati Protegge i dati dall’intercettazione Asymmetric Consiste in una chiave pubblica e una privata La chiave privata è protetta e confidenziale, la chiave pubblica è liberamente distribuibile Se viene usata la chiave privata per cifrare dei dati, gli stessi possono essere decifrati esclusivamente con la corrispondente chiave pubblica, e vice versa

10 Utilizzi dell’encryption
implementa la riservatezza delle comunicazioni fornisce delle tecniche per realizzare l’autenticazione dei soggetti della comunicazione

11 Symmetric Encryption Symmetric encryption:
Original Data Cipher Text Original Data Symmetric encryption: Usa la stessa chiave per cifrare e decifrare E’ spesso referenziata come bulk encryption E’ intrinsicamente vulnerabile per il concetto di “Shared secret”: la chiave è condivisa

12 Utilizzi della symmetric encryption
Cifratura dei canali di trasmissione Semplicità Prestazioni Gestione delle session-key dei protocolli sicuri SSL Kerberos ...

13 Asymmetric (Public Key) Encryption
Requirement Process 1. The recipient’s public key is retrieved 2. The data is encrypted with a symmetric key 3. The symmetric key is encrypted with the recipient’s public key 4. The encrypted symmetric key and encrypted data are sent to the recipient 5. The recipient decrypts the symmetric key with her private key 6. The data is decrypted with the symmetric key

14 Utilizzi della Asymmetric encryption
Riservatezza delle comunicazioni (PK Encryption) spesso in congiunzione con session key simmetriche Identificazione degli estremi (soggetti) della comunicazione (PK Authentication) Algoritmi più complessi Meno efficente della symmetric Per un uso libero richiede la distribuzione/pubblicazione delle chiavi pubbliche

15 Public Key Encryption 2 Encrypted Message is Sent Over Network Data
Alice Encrypts Message with Bob’s Public Key. 1 3A78 Data Bob Decrypts Message with Bob’s Private Key. 3

16 Public Key Authentication
~*~*~*~ Message is Sent Over Network 2 ~*~*~*~ Alice Signs Message with Her Private Key. 1 ~*~*~*~ Bob Validates Message is From Alice with Alice’s Public Key. 3

17 Dalla teoria alla pratica...

18 VPN Client-to-LAN: Connecting Remote Users to a Corporate Network
VPN Server Computer Internet VPN Tunnel Remote User

19 VPN LAN-to-LAN: Connecting Remote Networks to a Local Network
VPN Server Computer Internet VPN Tunnel VPN Server Computer Remote Network

20 VPN a confronto: LAN-to-LAN
prevede l’utilizzo di apparati/server che gestiscono la comunicazione vpn e fanno da gateway tra le due reti encryption applicata solo nelle comunicazioni tra i gateway (tunnel-endpoint) encryption simmetrica di tipo “Shared-Key” IP Addressing  progettare

21 VPN a confronto: Client-to-LAN
è una tipica connessione uno (gateway/Access Point) a molti (Client) encryption applicata nelle comunicazioni tra il gateway ed N client encryption di tipo “Shared-Key” non adeguata (distribuzione della chiave in N posti!) può usare protocolli PPP-based (PPTP, L2TP) per usare IPsec richiede tecniche di Asymmetric encryption (PKI, certificati, ...) IP Addressing  semplice ed integrato

22 Virtual Private Network Protocols
PPTP* L2TP** Internetwork Must Be IP Based No Header Compression No Tunnel Authentication Built-in PPP Encryption Internetwork Can Be IP, Frame Relay, X.25, or ATM Based Header Compression Tunnel Authentication Uses IPSec Encryption Internet Client Server PPTP or L2TP *PPTP: rfc **L2TP: rfc 2661

23 Selecting a Tunneling Protocol
Features Tunneling Protocol L2TP/ IPSec PPTP IPSec Tunnel Mode Support for NAT X User Authentication Machine Authentication Multi-Protocol Support Stronger Security Support for Non–Windows 2000–based Clients

24 Authentication Protocols
Standard Authentication Protocols Extensible Authentication Protocols

25 Standard Authentication Protocols
Security Use when PAP Low The client and server cannot negotiate using more secure validation SPAP Medium Connecting a Shiva LANRover and Windows 2000–based client or a Shiva client and a Windows 2000–based remote access server CHAP High You have clients that are not running Microsoft operating systems MS-CHAP High You have clients running Windows NT version 4.0 and later or, Microsoft Windows 95 and later MS-CHAP v2 High You have dial-up clients running Windows 2000, or VPN clients running Windows NT 4.0 or Windows 98

26 Authentication

27 Extensible Authentication Protocols
Allows the Client and Server to Negotiate the Authentication Method That They Will Use Supports Authentication by Using MD5-CHAP Transport Layer Security (TLS) PEAP, Smartcard, ... Ensures Support of Future Authentication Methods Through an API

28 Encryption Protocols Members of this group dial-in profile can use IPSec 56-bit Data Encryption Standard (DES) or MPPE 40-bit data encryption Members of this group dial-in profile can use IPSec 56-bit DES or MPPE 56-bit data encryption Members of this group dial-in profile can use IPSec Triple DES (3DES) or MPPE 128-bit data encryption

29 Windows Small Business Server 2003
VPN setup & configuration

30 To Do List

31 VPN Client-to-LAN A VPN extends the capabilities of a private network to encompass links across shared or public networks, such as the Internet, in a manner that emulates a point-to-point link Windows Small Business Server VPN Client VPN Server VPN client calls the VPN server 1 3 VPN server checks the directory to authenticate and authorize the caller 2 VPN server answers the call 4 VPN server transfers data

32 Architettura di deployment consigliata
SBS è (anche) un F i r e w a l l ! ! ! Posizioniamolo come tale nella rete Internet rete pubblica (es: /29) xDSL Fibra ottica ISDN ... .2 Internet Router (ISP) azienda.local SBS rete pubblica (con NAT) (es: /24) rete privata /24

33 Windows Small Business Server Remote Access Wizard
This wizard provides on-screen instructions for configuring your server for: VPN connections Dial-up connections Both VPN and dial-up connections After clicking Finish, the wizard: Configures the server according to your selected settings Creates the Client Connection Manager configuration file Configures the remote access policy to allow members of the Mobile Users group to use remote access

34

35

36

37

38

39

40 RASW Client config (RWW) RRAS configuration overview

41 Sicurezza e controllo Remote Access Account Lockout (KB816118)
Authorizing VPN Connections (Dial-in) Remote Access Policy Profile Packet Filtering Accounting, Auditing, and Monitoring

42 Riferimenti e risorse Risorse tecniche per Windows Small Business Server 2003 MOC Course 2395: Design, Deploy, and Manage a Network Solution for a Small and Medium Business Exam : Design, Deploy, and Manage a Network Solution for a Small- and Medium-Sized Business

43 Riferimenti e risorse Virtual Private Networks for Windows Server 2003 Virtual Private Networking with Windows Server 2003: Deploying Remote Access VPNs Virtual Private Networking with Windows Server 2003: Deploying Site-to-Site VPNs

44 https://msevents-eu.microsoft.com/cui/WelcomePage.aspx?Event...

45 © 2004 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.


Scaricare ppt "Configurare VPN e Accesso remoto con Small Business Server 2003"

Presentazioni simili


Annunci Google