Nt2580 Unit 3 Assignment 1 Remote Access Control Policy Def
VPN access control model for a large scale company. * This policy will support remote access control for systems, applications, and data access.
Remote access Defined
Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings.
The following diagram shows the VPN server that provides remote access VPN connections.
Domain/Network Config:
For each employee that is allowed VPN access: * The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy. * The user account is added to the VPN_Users group in Active Directory.
To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS): * Policy name: Remote Access VPN Clients * Conditions: * NAS Port Type is set to Virtual (VPN) * Windows Groups is set to VPN_Users * Calling Station ID is set to 207.209.68.1 * Permission is set to Grant access.
NPS policy settings: * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2
Access control model/ policy:
This model would support Role based access controls and allow mandatory access control to be governed by remote access. The IS Dept. is responsible for maintaining the access and access rights and prividgles and restricted as needed by user roles in the organization. All data is encrypted and transmitted via remote and encrypted and used by the vpn tunnel. VPN access will be terminated on a 3 month basis and must be renewed by revisiting based on your access role and
Remote access Defined
Remote access for employees is deployed by using remote access VPN connections across the Internet based on the settings configured for the VPN Server, and the following additional settings.
The following diagram shows the VPN server that provides remote access VPN connections.
Domain/Network Config:
For each employee that is allowed VPN access: * The network access permission on the dial-in properties of the user account is set to Control access through NPS Network Policy. * The user account is added to the VPN_Users group in Active Directory.
To define the authentication and encryption settings for remote access VPN clients, the following remote access network policy is created in Network Policy Server (NPS): * Policy name: Remote Access VPN Clients * Conditions: * NAS Port Type is set to Virtual (VPN) * Windows Groups is set to VPN_Users * Calling Station ID is set to 207.209.68.1 * Permission is set to Grant access.
NPS policy settings: * On the Constraints tab, under Authentication Methods, for EAP Types select Microsoft: Smart Card or other certificate. Also enable Microsoft Encrypted Authentication version 2 (MS-CHAP v2). * Or SSTP, L2tp/IPsec, PPTP, IKEv2
Access control model/ policy:
This model would support Role based access controls and allow mandatory access control to be governed by remote access. The IS Dept. is responsible for maintaining the access and access rights and prividgles and restricted as needed by user roles in the organization. All data is encrypted and transmitted via remote and encrypted and used by the vpn tunnel. VPN access will be terminated on a 3 month basis and must be renewed by revisiting based on your access role and