VPN or Virtual Private Network isn't much of a mystery at all. It is a series of hoops to jump through to let the companies network know that you are supposed to be there and it's ok to let you in.
For this example (refer to picture at the bottom) I have set a RAP rule (remote access policy) illustrated by security guards, in honor of my youngest brother, with 4 questions... lets go through this step by step.
- User "dials in"
- Rule number 1 asks "is it between 6am and 6pm?" lets assume it's is... go to the next rule
- Rule number 2 asks "are you a member of our ADUC (active directory)?" lets again assume yes... go to the next rule
- Rule number 3 asks "are you authorized for dial-in / vpn access?" lets again assume yes... go to the next rule (NOTE: many times this question becomes a stumbling block because the system admin or other IT personnel forgot to check the dial-in access in the users active directory profile)
- Rule number 4 asks "are you using the right security protocol?" (ie. MS-ChapV1 or EAP ect.) lets assume yes again... access is granted!!!
If at any time one or more of those questions are answered with a no, the user is denied access and should call their local helpdesk for help troubleshooting their access denial.
Hopefully this article was an interesting primer on VPN Access. RAP rules are as various as Group Policies in Active Directory but also just as easy to implement.
If you are interested in different security protocols or any other item touched in this article please let me know in the comments and I may write a follow up article.
No comments:
Post a Comment