Secure RASs

Widespread use of the Internet has led to the creation of the ISP . ISPs deploy a variety of network and security technologies designed to provide Internet and business-to-business connectivity to organizations and consumers around the world.

Today, ISP customers can establish a secure connection into their corporate networks using the ISP's shared IP network. This capability is called a VPN. For example, VPNs enable a mobile user, who uses his or her laptop on the road, to dial a local ISP and access critical business information and applications over the public Internet using secure encryption and authentication techniques. VPNs are quickly becoming the standard approach to connect mobile users, branch offices, and SOHOs to corporate networks. The cost savings achieved by deploying VPNs are tremendous, and organizations no longer need to be in the business of managing large modem pools and complex security systems and support processes.

Figure 16.1 illustrates a typical VPN. Keep in mind that a VPN is not a type of transmission service, such as analog, ISDN, or ADSL. VPNs apply secure connection technologies, such as L2TP or PPTP, to connect two or more entities together using a shared IP network and the Internet.

VPNs enhance data security over shared IP networks by authenticating remote users, and by encrypting authentication credentials and data. Both PPTP and L2TP support encrypted and plain text authentication. If a remote user is using L2TP and IPSec, authentication involves an exchange of certificates that prevents an unknown computer from falsifying themselves as an authorized network computer. Windows 2000 Active Directory provides native support for L2TP/IPSec and PPTP; these core components enable remote users to access corporate network resources over the Internet.

Another important aspect for VPN remote access is domain name system DNS. Active Directory uses DNS for a service location. If a remote VPN user requests access to information located on a corporate network over the Internet, they use the DNS name to authenticate with Active Directory, and they use encrypted certificates to establish a private "tunnel" to the desired information resource being requested.