Guidelines for Designing Client Access to Internal Resources

Designing client access to internal resources is only one part of designing access to internal 70-291 resources. The later part of the process consists of many activities. An appropriate design might not include all the following processes, but all these actions should be considered:
Determine the types of access that will be allowed, and design access specific to the users and remote access clients.
Design infrastructure to support secure remote access.
Design the use of managed VPN Client Connections.
Analyze the client authentication infrastructure.
Develop guidelines for client security, and train users.
Analyze remote access servers such as RRAS and IAS.
Analyze the need for Network Access Quarantine Control.
Design remote access policies to provide secure access and reject unauthorized access.
Many of these processes have been discussed in previous Network+ certification chapters and earlier in this chapter. The client authentication infrastructure is discussed in Lesson 1. Remote access policies are analyzed in the "How to Design Remote Access Policies" section. The use of VPNs, remote access servers, and Network Access Quarantine Control are discussed in Chapter 7 and in the "Considerations for Designing Authentication and Accounting for Remote Network Access Using IAS" section later in this chapter. Chapters 2 and 3 present information about network infrastructure design. This section will discuss the use of managed client connections and securing client connections.
Each remote access attempt can be a desired connection or an attack. Each remote access can expose sensitive data. Each remote access can be crucial to the survival of the organization. You must design a secure remote access strategy that allows and pro?tects authorized connections and blocks attacks. To do so requires more than just meeting the authentication requirements of clients and of the organization's security policy. A secure remote access strategy also includes a wide range of constraints and data-protection specifications. This lesson describes how to design secure access to internal resources by using Microsoft remote access products.
Educate users on remote access security and the necessity of using antivirus products, keeping antivirus products up to date, using a personal firewall, not attempting to change security configuration, not sharing company-provided computers,and establishing password-controlled access to their home computers.
Use Network Access Quarantine Control to enforce MCITP certification as many of these restrictions as possible.