【 Weak current College 】 Windows network services summary (4)---Power By 【 China power house network 】

Chapter 5, configuring the remote access service
Remote Access service (RemoteAccessService, RAS) allow clients to connect through dial-up or virtual private network linked landing.
Remote Access service (RAS) provides two connection methods
1. dial-up network
2. virtual private networks


Dial-up network
1. dial-up networking client
2. the remote access server
3.WAN structure
Link type:
1) public switched telephone network (PSTN PublicSwitchTeliphoneNetwork,)
2) integrated services digital network (ISDN IntegratedServicesDigitalNetwork,)
3) asymmetric digital subscriber line (ADSL AsymmetricDigitalSubscriberLine,)
4. Remote Access Protocol
1) point-to-point protocol (PPP Point-to-PointProtocol,)
2) serial line Internet Protocol (SLIP SerialLineInternetProtocol,)
3) MicrosoftRAS Protocol
5.LAN Protocol
LAN Protocol remote access clients to access the connection to the remote access server's network resources are used in the agreement
VPN components
1.VPN client
2.VPN server
3. the tunnel
4.VPN connection
5. the Tunneling Protocol
6. transfer of the Internet



Configure the remote access service
1. activate the Routing and remote access service
2. configure the remote access server
3. configure client network connection



Configure the remote access server
Server properties
General, security, IP, PPP and log
Configure ports
PPTP encapsulates PPP protocol is used
IPsec L2TP encapsulation is used
Configure user dial-in properties



The composition of the remote access policy
Remote access policies are a set of definitions allow or deny connections ordered rules
1. conditions
A) "indicates that the user Windows-Groups" belongs to a group
B) "weekly Day-And-Time-Restrictions" that allow users to connect to a date and time
2. remote access
A) 【 grant remote access permission 】 or 【 deny remote access permission 】
3. configuration file
Edit the configuration file
1. dial-in constraints
2.IP
3. multiple links,
4. authentication
a)PAP
b)CHAP
5. encryption
I. no encryption
Ii. Basic encryption
Iii. the enhanced encryption
Iv. the strongest encryption
6. Advanced
Remote access policy rules for the application of



Chapter VI PKI and Certificate Services application
PKI (PublicKeyInfrastructure, public key infrastructure) is through the use of public key technology and digital certificates to ensure that the system of information security and is responsible for the validation of digital certificates, the identity of the holder of a system.
PKI public key encryption technology by, digital certificates, certification authorities (CA), the registration authority (RA), and other common components
1. digital certificates for user authentication
2.CA is a trusted entity, are responsible for issuing, renewal and revocation of certificates
3.RA accept user requests, and other functions
PKI system to achieve the functions of a
4. authentication
5. data integrity
6. data confidentiality
7. operation of non-repudiation
Public key encryption: symmetric, asymmetric, one-way encryption
Public key (PublicKey) and private key (PrivateKey)
1. the key is generated in pairs, two keys are different, two keys to encrypt and decrypt
2. under one key to another key extrapolated
3. public key publicly; private key only the private key holder personnel know
4. private key should be the holder of the key safekeeping
Data encryption
1. the sender uses the receiver's public key to encrypt data
2. when the receiver use their private key to decrypt the data
3. data encryption to ensure the confidentiality of the data sent by



Digital signature
1. the sender uses its own private key encryption
2. the recipient uses the sender's public key to decrypt the
3. authentication, data integrity, operation, non-repudiation of origin



What is a certificate
1.PKI system short certificate a digital certificate
2. the public and have the corresponding private key of the principal's identity information (such as name, e-mail, social security number, etc.) bundled
3. the certificate's subject can be users, computers, services, etc.
4. the certificate can be used in many ways
A) Web user authentication
B) Web server authentication
C) secure e-mail
D) Internet Protocol security (IPSec)
5. digital certificates are the authoritative fairThird-party agencies issued by the CA
6. the certificate contains the following information
A) the consumer's public key value
B) consumer identifying information (such as name and email address)
C) validity period (the time the certificate is valid)
D) issuer identification information
E) of the issuer's digital signature
The role of CA
1.CA core functions is to issue and manage digital certificates
2. the following specific description
1) processing certificate requests
2) identification of whether the applicant is eligible to receive certificate
3) issuance of a certificate
4) certificate of update
5) receive the end user query, revocation of digital certificates
6) produce and publish a certificate revocation list (CRL)
7) digital archive
8) key archiving
9) historical data archiving



Certificate issuance process
1. certificate request
A) user personal information filled in according to request the certificate information and submit a certificate request information
2.RA confirm users
A) in the intranet, the general use of manual validation, it cannot guarantee the security of user information and the authenticity
3. certificate policy processing
A) if the verification request is successful, then the system for the specified policy is applied to this request, such as the name ofthe constraint, constraints, and other key length
Submit a user application information 4.RA to CA
A) RA private key with its own user application information signature, providing the user application information is submitted to the CA's RA
5.CA generate the key pair for the user, and the CA's signing key on the user's public key and user ID information, generate e-Cert
In this way, the CA will users of information and public key tied together, and then, CA digital certificates for the user and the user's public key is published to the directory
6.CA will send the electronic certificate the user of the RA
7.RA will send the electronic certificate the user (or the user actively retrieve)
8. user verification of CA certificate
A) to ensure that your information in the signature process has not been tampered with, but also through the CA's public key to verify the certificate is determined by the trusted CA authority


The enterprise CA's main features:
1. the enterprise CA requires AD service, namely, computer in Active Directory before they can
2. When you install an enterprise root CA, for all users in the domain and the computer, it will be automatically added to the trusted root certification authorities certificate store.
3. must be a domain administrator, or on AD administrator with write access, you can install an enterprise root CA
Main features: a stand-alone CA
1. the stand-alone CA does not require the use of AD directory services
2. to submit a certificate request to a stand-alone CA, a certificate applicant must explicitly in the certificate request for all identifying information about yourself as well as the certificate request for the desired certificate type.
3. by default, sent to the stand-alone CA certificate request for all are set to pending until the administrator of the stand-alone CA verifies the identity of applicants and approval.
In the SSL Web server settings
1. generate a certificate request
2. submit a certificate request
3. issuance of certificate
4. install the certificate on a Web server
5. enabling a secure channel (SSL)
6. use the HTTPS protocol to access a Web site