VPN Windows 2016 en Windows 10 Education

Questions and Answers

Wat zijn de onderdelen van een Site-to-Site VPN-verbinding?

Tussen twee VPN-servers/routers

Welke authenticatiemethode is minder veilig bij VPN-verbindingen?

PPTP

Welke Windows-besturingssystemen ondersteunen de meeste functionaliteiten voor VPN?

Windows 7 Ultimate

Op basis waarvan kan de Network Policy Server gebruikers blokkeren of toestaan?

Gebruikersaccount

Wat is een VPN?

Een methode om veilig toegang te krijgen tot een netwerk via een internetverbinding

Welke protocollen zijn gebaseerd op Point-to-Point Protocol (PPP)?

PPTP en L2TP

Wat voegt L2TP toe aan de beveiliging?

Dual authentication en packet-level encryptie

Wat is de standaardactie van Network Policy Server (NPS) ten opzichte van externe clients?

Toegang weigeren voor externe clients

Welke configuratiecomponenten kunnen worden gebruikt in NPS en de Remote Access Server?

Voorwaarden, toestemmingen, en versleutelingsopties

Welke methode kan worden gebruikt naast NPS voor toegangsservercommunicatie?

HCAP

Welke eigenschappen kunnen geconfigureerd worden voor de VPN-client?

IP-adres, authenticatietype, en toegestane EAP-types

Welke voordelen bieden server-naar-client remote access oplossingen in Windows Server 2016?

Ondersteuning voor directe toegang, NAT64 en DNS64

Welke authenticatieprotocollen worden ondersteund door Remote Access Services (RAS) in Windows Server 2016?

PPTP en MS-CHAPv2

Welk protocol voor Virtual Private Network (VPN) wordt beschouwd als minder veilig vanwege het gebruik van Pre-Shared key's?

PPTP

Wat is een nadeel van het gebruik van PPTP voor VPN-verbindingen?

Biedt geen encryptie van de gegevens

Welk Windows-besturingssysteem biedt de meeste functionaliteiten voor VPN?

Windows Server 2016

Welke services zijn afzonderlijk geworden sinds Windows Server 2008?

Network Policy and Access Service

Op basis waarvan kan de Network Policy Server gebruikers blokkeren of toestaan?

IP-instellingen

Welk authenticatieprotocol wordt niet ondersteund door Remote Access Services (RAS) in Windows Server 2016?

PAP

Welke methode kan worden gebruikt naast de Network Policy Server (NPS) voor toegangsservercommunicatie?

RADIUS

Wat voegt L2TP toe aan beveiliging bij VPN-verbindingen?

End-to-end encryptie

Welk protocol is gebaseerd op Point-to-Point Protocol (PPP)?

PPTP

Welke groepen kunnen gebruikt worden om gebruikers te blokkeren of toestaan met behulp van de Network Policy Server?

Beveiligingsgroepen

Welk protocol voegt extra beveiliging toe door het gebruik van IPSec en biedt pakketniveau-encryptie, dual authenticatie en bescherming tegen onderschepte pakketten tijdens gebruikersniveau-authenticatie?

L2TP

Welk protocol biedt voordelen zoals per-pakket gegevensauthenticiteit, gegevensintegriteit, herhaalbescherming en gegevensvertrouwelijkheid binnen een Windows Server 2016 netwerkomgeving?

L2TP/IPSec

Wat is de standaardactie van Network Policy Server (NPS) voor externe clients?

Toegang weigeren

Welke methode kan worden gebruikt naast NPS voor toegangsservercommunicatie?

HCAP

Welk protocol biedt basisversleuteling, sterke versleuteling, en de optie voor geen versleuteling?

PPTP

Welke authenticatiemethode is het meest veilig bij VPN-verbindingen?

EAP

Welke VPN-protocollen bieden verschillende voordelen en nadelen wanneer ze worden gebruikt binnen een Windows Server 2016 netwerkomgeving?

L2TP/IPSec

Naar welke componenten moet worden gekeken in een VPN-scenario?

IP-adressering, certificaat automatisch inschrijven, configuratie van NPS, instelling van de RAS-server, en configuratie van de client

Study Notes

• VPN (Virtual Private Network) is a voluntary, user-initiated connection method for securely accessing a network over the internet. It operates at the OSI model layers 2 to 7.

• Two well-known VPN variants are PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) over IPSec.

  • PPTP and L2TP are based on the Point-to-Point Protocol (PPP), which supports user authentication, data compression, and encryption.
  • L2TP adds extra security through the use of IPSec, offering packet-level encryption, dual authentication, and protection against intercepted packets during user-level authentication.

• A VPN can be used as a gateway for remote access clients or for site-to-site connections between Remote Access Server (RAS) servers.

  • RAS servers can be virtual or physical machines, and they support multiple VPN connections and user authentication methods.

• Network Policy Server (NPS) plays a key role in managing VPN access.

  • By default, NPS denies access for remote clients.
  • NPS enforces policies for network access, authentication, authorization, client health, and more.

• NPS and the Remote Access Server can facilitate various configurations.

  • Policies consist of conditions, permissions, constraints, and settings.
  • Group conditions and constraints can be used to provide access to specific groups.

• Host Credential Authorization Protocol (HCAP) is a third-party access server communication protocol that can be used alongside NPS.

• Connection properties can be configured for the VPN client, such as IP address, authentication type, and allowed EAP types.

• VPN settings include basic encryption, strong encryption, and the option for no encryption. Different protocols, such as PPTP and L2TP, have varying encryption capabilities.

• Server-to-client remote access solutions in Windows Server 2016 offer several benefits, including support for direct access, NAT64, DNS64, and high-availability.

• Remote Access Services (RAS) in Windows Server 2016 support various authentication protocols, such as PPTP, PPP Authentication Protocols (MS-CHAP, MS-CHAPv2, EAP, and PEAP), and Microsoft Point-to-Point Encryption (MPPE).

• Choosing the best authentication protocol depends on the requirements of your network. EAP is the most secure, while MS-CHAPv2 is the least secure but easier to implement.

• PPTP and SSTP (Secure Socket Tunneling Protocol) are both VPN protocols, but they have different strengths and weaknesses.

• IP addressing, certificate auto-enrollment, and network policies are essential configurations for VPN connections.

• The RAS server, NPS server, and Certificate Authority (CA) can be virtual or physical machines or hosted on Azure.

• RAS system authentication protocols include PPP Authentication Protocols (PPTP, MS-CHAP, MS-CHAPv2, EAP, and PEAP), and Microsoft Point-to-Point Encryption (MPPE).

• EAP and PEAP Authentication Protocols offer additional security through the use of certificates and mutual authentication.

• Choosing the best authentication protocol depends on the security requirements and compatibility of your network. EAP is the most secure, while MS-CHAPv2 is the least secure but easiest to implement.

• VPN protocols, such as L2TP/IPSec, PPTP, and SSTP, offer different advantages and disadvantages when used within a 2016 network environment.

• When choosing between VPN protocols, consider the advantages of L2TP/IPSec, such as per-packet data authenticity, data integrity, replay protection, and data confidentiality.

• Ports can affect the VPN connection, so it's essential to understand the implications of various ports and configure them accordingly.

• In a VPN scenario, consider IP-addressing, certificate auto-enrollment, configuring NPS, setting up the RAS server, and setting up the client.

• To configure a VPN client, consider the use of PPTP and SSTP, and follow the steps for configuring the RRAS server.

• VPN (Virtual Private Network) is a voluntary, user-initiated connection method for securely accessing a network over the internet. It operates at the OSI model layers 2 to 7.

• Two well-known VPN variants are PPTP (Point-to-Point Tunneling Protocol) and L2TP (Layer 2 Tunneling Protocol) over IPSec.

  • PPTP and L2TP are based on the Point-to-Point Protocol (PPP), which supports user authentication, data compression, and encryption.
  • L2TP adds extra security through the use of IPSec, offering packet-level encryption, dual authentication, and protection against intercepted packets during user-level authentication.

• A VPN can be used as a gateway for remote access clients or for site-to-site connections between Remote Access Server (RAS) servers.

  • RAS servers can be virtual or physical machines, and they support multiple VPN connections and user authentication methods.

• Network Policy Server (NPS) plays a key role in managing VPN access.

  • By default, NPS denies access for remote clients.
  • NPS enforces policies for network access, authentication, authorization, client health, and more.

• NPS and the Remote Access Server can facilitate various configurations.

  • Policies consist of conditions, permissions, constraints, and settings.
  • Group conditions and constraints can be used to provide access to specific groups.

• Host Credential Authorization Protocol (HCAP) is a third-party access server communication protocol that can be used alongside NPS.

• Connection properties can be configured for the VPN client, such as IP address, authentication type, and allowed EAP types.

• VPN settings include basic encryption, strong encryption, and the option for no encryption. Different protocols, such as PPTP and L2TP, have varying encryption capabilities.

• Server-to-client remote access solutions in Windows Server 2016 offer several benefits, including support for direct access, NAT64, DNS64, and high-availability.

• Remote Access Services (RAS) in Windows Server 2016 support various authentication protocols, such as PPTP, PPP Authentication Protocols (MS-CHAP, MS-CHAPv2, EAP, and PEAP), and Microsoft Point-to-Point Encryption (MPPE).

• Choosing the best authentication protocol depends on the requirements of your network. EAP is the most secure, while MS-CHAPv2 is the least secure but easier to implement.

• PPTP and SSTP (Secure Socket Tunneling Protocol) are both VPN protocols, but they have different strengths and weaknesses.

• IP addressing, certificate auto-enrollment, and network policies are essential configurations for VPN connections.

• The RAS server, NPS server, and Certificate Authority (CA) can be virtual or physical machines or hosted on Azure.

• RAS system authentication protocols include PPP Authentication Protocols (PPTP, MS-CHAP, MS-CHAPv2, EAP, and PEAP), and Microsoft Point-to-Point Encryption (MPPE).

• EAP and PEAP Authentication Protocols offer additional security through the use of certificates and mutual authentication.

• Choosing the best authentication protocol depends on the security requirements and compatibility of your network. EAP is the most secure, while MS-CHAPv2 is the least secure but easiest to implement.

• VPN protocols, such as L2TP/IPSec, PPTP, and SSTP, offer different advantages and disadvantages when used within a 2016 network environment.

• When choosing between VPN protocols, consider the advantages of L2TP/IPSec, such as per-packet data authenticity, data integrity, replay protection, and data confidentiality.

• Ports can affect the VPN connection, so it's essential to understand the implications of various ports and configure them accordingly.

• In a VPN scenario, consider IP-addressing, certificate auto-enrollment, configuring NPS, setting up the RAS server, and setting up the client.

• To configure a VPN client, consider the use of PPTP and SSTP, and follow the steps for configuring the RRAS server.