|
IT Interview Questions: What types or authentication can a Windows 2003 based RRAS work with?
Information Technology (IT) Interview Questions and Answers
(Continued from previous question...)
IT Interview Questions: What types or authentication can a Windows 2003 based RRAS work with?
Routing and Remote Access Service (RRAS) and Internet Authentication Service (IAS), specifically:
Support for L2TP/IPSec over NAT
Network Access Quarantine
NetBIOS-related enhancements
EAP-TLS improvements
Improved remote access client support
IAS Proxy RRAS was introduced as a built-in component in Windows 2000 Server (but it is alsoavailable as an add-on for Windows NT 4.0 Server). As its name indicates, it combines routing and remote access functionality into a single administrative interface, allowing the server to be turned into a secure, software-based router or a remote access server, or both. IAS (which first appeared in Windows 2000 server) is Microsoft's implementation of Remote Authentication Dial-In User Service (RADIUS), and its primary purpose is to provide authentication, authorization, and accounting functionality for remote access. Because of its role, it closely interacts with RRAS. Hence, this article describes both.
Windows 2003 RRAS has a number of new, nonsecurity-related features. It supports Point-to- Point Protocol over Ethernet (PPPoE), reflecting the growing popularity of broadband communication. It can also function as a bridge, combining separate, mixed media segments into a single networking subnet. What might also be a bit of surprise is the dependency between RRAS and Internet Connection Firewall (ICF), since this component was not available in Windows 2000.
Like its Windows XP equivalent, the new version of ICF operates as a stateful firewall (intended for protecting Internet Connection Sharing), which means it tracks sessions initiated from the internal network and, by default, permits inbound traffic only if it constitutes part of these sessions. In addition, ICF selectively permits incoming traffic based on the targeted port and redirects it to any of internal IP addresses (on the same or a different port). Since the same functionality can be provided by RRAS (configurable from the NAT/Basic firewall tab of the interface properties dialog box in IP Routing node of the Routing and Remote Access MMC console snap-in), Microsoft decided to make them mutually exclusive. However, ICF must be disabled to activate RRAS to take full advantage of the security-related features detailed below.
(Continued on next question...)
Other Interview Questions
| 