When Windows Server 2003 is released this month Microsoft will make up for some of the shortcomings of the built-in VPN technology making the software more useful for users who want to save money and connect to remote sites through the Internet is attractive.
Although Microsoft built VPN technology on the PC platform for free as early as the Windows 98 era but other vendors including Check Point Cisco NetScreen Nokia Nortel are selling VPN tools All surpassed Microsoft. The upgrade in Windows Server 2003 takes advantage of the VPN functions of Microsoft's client and server. In particular if the PC connected to it is not properly configured with firewall and anti-virus software the new software introduces the 'reject VPN access'. And other functions. In addition the new software also expands the ability of VPN data traffic to pass through the firewall making it possible to implement more powerful authentication methods.
Since many manufacturers already support these functions the popularity of Microsoft software is an advantage that other manufacturers do not have . Windows NT 2000 and 2003 can all be used as VPN gateways to terminate VPN conversations while Windows 98 ME 2000 Professional and XP Professional Editions provide client support. The VPN gateway products of Cisco Enterasys Nortel NetScreen and other companies also support the VPN terminals of Microsoft. Check Point also said that it will provide similar VPN gateways soon.
For small companies whose servers act as both internal servers and WAN gateways Microsoft's VPN server software can save money. It is very attractive for small businesses that use Windows 2000 in remote offices have good Microsoft product experience and a good Active Directory implementation.
Analysts pointed out that the VPN function in the Windows Server platform is very attractive but not enough. For example the function of completing network address translation (NAT) to allow VPN data traffic to pass through a firewall is a common function in most VPN dedicated servers and clients but Microsoft is currently developing this function. Microsoft’s technical manager for VPN products Mike said that the company has hired SafeNet to develop upgraded versions of VPN software for Windows 98 2000 and ME and is developing NAT upgrade software for Windows 2000 and Windows XP.
Although NAT is the key to establishing a VPN users need to find a more secure way to ensure that remote users log in to the VPN safely. In Windows Server 2003 Microsoft can use PKI more conveniently making the system difficult to break.
Users can use a pair of public and private keys instead of a set of keys to encrypt and decrypt data traffic. To make this process more secure the computer used must be authorized. Windows Server 2003 adds a certificate authority that issues certificates to computers so that they can be authenticated before they are allowed to access the VPN.
VPN vendor Intermate’s support engineer said that having its own certificate authority is an improvement on the way Microsoft’s servers now support certificates. If you want to use certificates users must install a Windows 2000 certificate server which will make the network more complicated.
Windows Server 2003 supports more methods of authenticating computers and users. By adding support for 'Extensible Authentication Protocol' (EAP) Windows Server 2003 enables users to use methods like smart cards. This two-factor authentication is considered to be much safer than simply using a username and password. EAP is a framework that allows discussion of which authentication mechanism to use.
Quarantine is another security measure added in Windows Server 2003 to protect the VPN before the user allows access. If the configuration is incorrect Quarantine will deny the remote computer's VPN access. Therefore if the anti-virus software installed on the computer is not upgraded or the firewall software is not turned on the server will reject the VPN dialogue and the user will be prompted to upgrade the computer or be automatically Go to a website where you can download the required upgrade package.
Quarantine needs to use the deployment of Windows Server 2003 named Connection Manager Management Toolkit (CMAK) Wizard CMAK requires the IP address of the VPN server the name of the connection the type of authentication used and some other parameters. It creates an executable file named connectoid which is transmitted to the remote via the Internet a floppy disk or Microsoft’s system management server Computer connectoid is a self-installing file compatible with Windows 98 and later VPN clients.
Microsoft’s VPN architecture is different from vendors that take \u0026ldquo;IP Security\u0026rdquo; (IPSec) as its core technology. Microsoft only uses standard technologies. Microsoft's software supports PPTP IPSec L2TP/IPSec and each protocol has a different purpose. PPTP is suitable for small organizations that want to establish remote access conveniently and quickly; L2TP/IPSec is a safer way to create remote access VPNs; L2TP provides a standard method for authenticating users and IPSec tunnels are used to transmit encrypted data flow.
There are many other VPN-related functions in Windows Server 2003: It stores VPN logs in XML format which makes it easier to format and classify data in different ways It adds a functional cluster called “Internet Authentication Service” (IAS) “Remote Authentication Dial-Up User Service Server”. IAS can be installed on a separate hardware platform even if a computer crashes the VPN’s The authentication mechanism will not collapse. It integrates the technologies of IAS remote access server and Active Directory etc. allowing the system to allow \u0026ldquo;guest\u0026rdquo; VPN users to access limited networks and establish temporary services for business partners.
Microsoft also plans to add a second type of VPN to its handheld client. The current client only supports PPTP VPN clients. But the new version of the software will add L2TP/IPSec support on the Pocket PC platform.?Microsoft strengthens its own antivirus software Windows Defender