3.4. Configuring a Remote Connection
Remote connectivity to a network involves connecting to the network through another network or series of networks, such as the Internet. Many organizations allow their employees to connect to their networks from home or on the road from a hotel. When this is allowed, the job of the administrator is to provide a connection that works in roughly the same way for the user but provides security for the organization. One of the main factors with remote connectivity is authentication. You need to make sure that the users who are connecting to your network are really who they say they are. Authentication can be accomplished using many different methods and many different protocols. Basically speaking, users can prove their identity through a network with one of the following three pieces of information:
Something that they know; for example, a password or a PIN number from a secure ID card
Something that they have; for example, a smart card or other type of ID card that can be read through a network
Something that they are; for example, a fingerprint, retina scan, or other type of biometric authentication
In this section, we will examine the remote protocols and authentication mechanisms that are available with each of the main server systems.
3.4.1. Critical Information
You should understand remote connectivity in regard to protocols used and authentication methods available for each of the following operating systems.
3.4.1.1. Unix/Linux/Mac OS X Server
As we discussed earlier, one of the advantages of Unix is its tremendous flexibility. This being the case, you can use a Unix-based server as a remote access server. In fact, many devices are available that can use the Unix platform and the TCP/IP protocol. You can configure these devices for many authentication protocols and for SSL connections as well. The main disadvantage of using these devices is that you will have to do most, if not all, of the configuring on the commandline interface. You can find more information about available devices by searching the Internet for "Unix remote access."
Access to Linux servers is typically provided through the main console or through a remote access package, such as Telnet. The main problem with Telnet is that the authentication to a Telnet server (entering the username and password) is transmitted in clear text. Since this is not a secure form of communication, we recommend that you use SSH instead of Telnet. SSH operates in a similar manner to Telnet, but the user credentials are automatically encrypted during authentication. You can obtain SSH on the Web at www.freessh.org. Linux clients can use the TCP/IP protocol and SSH to gain remote access to Linux servers.
Mac OS X Servers can also use SSH to provide a secure remote connection through the Internet. You can use the TCP/IP protocol with a secure logon provided by SSH to give users access to the servers. You should use the secure protocols that we discussed in Chapter 2, such as SCP or SFTP, to transfer data in encrypted form as opposed to FTP, which transfers the data in clear text.
3.4.1.2. NetWare
Remote connectivity to NetWare servers can be provided to Novell clients by adding a special NetWare Loadable Module (NLM) that provides the remote connectivity to the servers. This product was originally released in 1995 and has been enhanced by Novell over the last few years. NLMs now support all of the latest remote access protocols, such as CHAP. Microsoft clients can also gain remote connectivity to a NetWare server through a Gateway and Client Services for NetWare (GSNW) server installed in a Microsoft network. In addition, clients can access resources on web-based NetWare servers with their browsers.
3.4.1.3. Microsoft Windows
Microsoft Windows servers provide remote access connections for clients through Remote Access Server (RAS) on Windows NT 4.0 and through Routing and Remote Access Server (RRAS) on Windows 2000 Server and Windows Server 2003. Microsoft clients can use the New Connection Wizard to quickly configure dialup and VPN connections to a Microsoft server. Clients can choose from many authentication protocols, as we discussed in Chapter 2. Figure 3.7 shows the New Connection Wizard on a Windows XP Professional client computer.
Figure 3.7. The New Connection Wizard
3.4.1.4. Appleshare IP (Internet Protocol)
Appleshare IP servers have been available from Apple since the mid-1990s. They are specifically developed for secure remote access services for Macintosh clients. They provide secure intranet access as well as secure access from the Internet. Appleshare IP products can also filter IP addresses and provide a proxy service for clients.
NOTE
You can find more information about Appleshare IP products by visiting Apple's web pages at www.apple.com.
3.4.2. Exam Essentials
Be familiar with remote connectivity recommendations with Unix-based servers. You should know the remote connectivity options with Unix-based servers such as Unix itself, Linux, and Mac OS X server. Unix servers will likely require configuration from a command line, whereas Linux and Mac OS X provide some GUI input. A protocol such as SSH should be used to secure the remote login to the servers; you can obtain SSH on the www.freessh.org website. You should use a secure protocol such as SCP or SFTP to transfer files between servers and clients.
Know how to configure remote connectivity for NetWare servers. Remote connectivity from client computers running Novell Client to servers running NetWare was first established in 1995 with the release of an NLM designed specifically for remote access services. Remote access services to NetWare services have been enhanced over the years, and they now support all of the latest remote access protocols, such as CHAP. Web-based NetWare servers can be accessed and used by all authorized clients using their browsers.
Understand remote connectivity with Microsoft Windows servers. All Microsoft Windows servers, including Windows NT 4.0, provide builtin remote access services. Microsoft clients can be quickly configured for dialup as well as VPN connections using the New Connection wizard on the client. Microsoft clients can be configured with a large variety of encryption and authentication protocols to meet the needs of your organization.
Understand remote connectivity with Appleshare IP. Appleshare IP is a product of Apple Computer that was developed specifically for remote access and web-based solutions. Apple-share IP server products are built primarily to provide Apple Macintosh clients with secure access to Mac OS X servers. Appleshare IP products include IP filtering services as well as proxy services.