My interesting

Identifying the Sources of Risk: It’s Not as Simple as It Seems
Many risk management experts caution that we should look for all sources of risk. They identify the sources of risk as people, processes, and technology. Other experts include things beyond our control, such as your ISP’s lax password policy that could be a risk to the security of your organization’s data. Identifying the sources of risk, however, is not always simple. SY0-101 70-272 70-630

In 1998, a small Midwestern consulting firm’s telephone system was rendered inoperable in the middle of a business day when the system administrator changed the account used to run the service for the software-based Private Branch Exchange (PBX) system. The change was made, in accordance with the PBX system documentation, to facilitate the delivery of voice mail directly to the employees’ mailboxes. However, when the PBX system was brought back on line, the phones were all dead. Fortunately, the administrator was able to determine that the problem could be rectified by granting the new account appropriate permissions on the database. Nowhere in the PBX system documentation was that step listed or even alluded to.

It is easy to see, after a loss occurs, how it happened. Yet if you had been evaluating the risks associated with the PBX, which source of risk would you have identified?

Was the source of the risk people related? The systems administrator has to make changes to systems configuration from time to time—did she make a mistake or proceed without all the information? Did the administrator make a change to the configuration without thinking of the possible consequences? If she had reviewed the process with others, she might have questioned why permissions were not being reassigned.

Was the source of the risk technical? The system might have failed because its configuration was in error. Wouldn’t a better design have warned the administrator that a change in accounts might cause a problem? New error messages in Microsoft Windows Server 2003 and Windows XP Professional seek to warn users and administrators of nonreversible operations, such as password resets, that might damage the ability to access critical data such as encrypted files. 70-297 70-640 mb2-631

Was the source of the risk process related? Should the operational procedures have been required to be tested or at least reviewed before they were implemented? Or, perhaps such a major change should have been made during less critical business hours.

Threats to Security Introduced by Security Maintainability Issues
Any operations design must satisfy maintainability goals, and this is even more important with security design. If security cannot be maintained, it might be eliminated. The following threats to security can result when security designers forget to consider maintainability:

If a security design has a high reliance on people following a written policy that cannot be enforced via technical controls, it is unlikely that adherence to the policy will continue over time.

If a technical control is difficult to maintain, its enforcement might weaken over time. If there is no way, for example, to prevent the introduction of modems into the network and strict restrictions on Internet access are enforced via the local area network (LAN) connection, users might use modems as alternative paths to access the Internet. In doing so, they breach security by avoiding filters, access controls, and logging.

When controls must be renewed and it is difficult to do so, business productivity will be disrupted. Can certificates be automatically reissued before they expire, or must new certificates be manually obtained? Who will manage the intrusion detection systems when the person who received training and cared for the intrusion detection systems for three years leaves the company?

Important Support for security maintainability is important. In Windows Server 2003, functions such as Group Policy can be used to reapply security settings on a periodic basis. Computer and user certificates can be automatically deployed. Security templates can be reapplied to stand-alone systems and used to audit security compliance. 70-294 70-647 70-291

Legal Requirements that Influence Security Design 70-643 156-215.1 70-631 642-811
To make time spent with legal advisors efficient and productive, the security framework should include a living document that includes concise, IT-friendly statements about each law that might affect IT projects. Here is an example of current laws that might be examined for their relevance to projects. The review of such a list might point out, for example, the need for better technical controls on access to patient or employee data, or the need for discussion on improving integrity controls on financial data. Any discussion of whether the law might affect how the project should be designed should ultimately involve the organization’s legal advisors. This short list of laws to be explored is not intended to be a comprehensive list:
Graham Leach Bliley. Financial institutions (that is, any company that provides financial products or services) have their own set of legislation that controls how they must manage the privacy of customer financial information. It restricts use and disclosure of non-public personal information.
Sarbanes-Oxley Act of 2002 (Public Company Accounting Reform and Investor Protection Act). This act targets publicly traded or registered companies. Private firms are also complying. Many restrictions are related to the operation of public accounting firms, and the act also includes strict requirements for records retention to prevent document destruction. For example, if a firm is engaged by a company to do an audit, that firm cannot also provide development of financial services or accounting software for the company. The CEO and CFO must sign a statement that accompanies the company’s annual report stating that all information in the report is correct. This might sound tangential to information security until you consider the question, “How can they attest to accuracy if they are not prepared to defend the security of their financial computer programs and attest to the integrity of the data?” The act also requires that internal controls be reported. Internal controls = security infrastructure. MB7-515 MB7-517 70-299

Homeland Security Act of 2002 (Provision Computer Security Enhancement Act). This act provides increased surveillance powers for law enforcement agencies, including surveillance conducted on the Internet. The act includes provisions to make it easier for federal agencies to obtain customer information from Internet service providers (ISPs).

USA Patriot Act. This act was established to deter and punish acts of terrorism. The act includes a directive for the U.S. Secret Service to develop a national network or electronic crime task force; amends the federal criminal code to allow wire, oral, and electronic communications when the case includes terrorism offenses, chemical weapons, and computer fraud and abuse; amends federal criminal code to include surveillance and interception of computer trespassing; and amends federal criminal code to include wiretaps to intercept teleconferences. In one famous case quoted to support passage of the act, a hacker stole teleconference services from a company and used them to plan and execute hacking attacks. Law enforcement agencies could not get authority to tap into the teleconferencing session. The act now gives investigators the ability to request that authority. The act also extends definitions to include cable companies, who, during the passage of earlier bills, were not providing Internet access services but who now are.

California law SB 1836. This law is an amendment to the California Information Practices Act that says if you do business with residents of California, have their unencrypted information in your databases, and are then hacked, you must notify each of those California residents that their personal information might have been compromised. This law is a California law that affects every state in the U.S. XK0-002 70-536 70-284

Guidelines for Mitigating the Cost of Security
Follow these guidelines to minimize the cost of security: 70-293 70-431 70-236 70-642

Always insist on a clear and complete statement of the cost that security adds to any project. Whether the cost is prepared by vendors, internal IT staff, management, or the security designer, it must be complete.

Look at security solutions that reduce cost. Are there security technologies suitable for this project that can reduce overall cost and thus improve profitability? An example of such technologies is the use of Secure Sockets Layer (SSL) encryption accelerator cards in e-commerce projects. People rarely doubt the need for secure servers to protect the transmission of sensitive customer or partner financial information during an e-commerce transaction. However, SSL encryption does reduce the number of transactions that can be processed per minute. Slowing the processing of monetary transactions is not a good thing, but removing SSL encryption is not an acceptable solution. SSL-encryption accelerator cards are the answer. Although these cards add cost to a security project, they pay for themselves because they allow the number of possible SSL-encrypted transactions to increase and provide the required care of customer information as it traverses the Internet.

Look for security technologies that, if not employed, absolutely will result in the failure of the project or will result in large, unnecessary expenses. No one today can imagine running an e-mail gateway without antivirus protection. However, it was not long ago that the purchase of such products was seen only as an expense that might be useful. Many organizations learned the hard way that not providing and frequently updating antivirus protection on both the gateway and the end-user machine leads to business interruptions and larger expenses than the cost of providing protection in the first place.

Look for other tangential business drivers that, if not analyzed, can lead to increased expense. For example, confidentiality and integrity—or perhaps the lack of confidentiality and integrity—are becoming increasingly larger legal issues. Ignorance of relevant laws and regulations is not an excuse not to follow them. Potentially large fines and lawsuits can be the result of failure to follow current laws. Another example is that although designing and deploying security can be expensive and require significant expertise, the lack of security can cost even more. The hard costs of the security design—such as costs for equipment, training, and so on—should always be a part of the project cost-benefit analysis. In some cases, it can be shown that adding security reduces the cost of doing business.

Guidelines for Managing Legal Requirements
Follow these guidelines to manage legal requirements: 70-271 770-445 70-237 NS0-201
Have the organization’s legal team review each security design.
Improve the security design team’s awareness of current legal requirements.
Require the security design team to prepare legal compliance as part of its design.
Have a frank discussion with IT-knowledgeable attorneys early in each product or process development cycle.

When it comes to managing the security for the systems on a network, many administrators are tempted to install service packs and hotfixes the moment that they are released. Although such a strategy can keep you on the cutting edge of security, following the strategy blindly will eventually lead to cutting yourself. 70-284 70-272 70-630 70-297
Although Microsoft has excellent processes in place for testing its service packs and hotfixes, from time to time an update is withdrawn because it has unintended consequences that severely impact upon some customer’s systems. It is also possible that you may work in an environment that has a unique mix of applications. Microsoft cannot test for all eventualities and it is possible that a released hotfix or service pack may disable an important customized business application that your organization is dependent on. An ounce of prevention is worth a pound of cure, and a strategy of thoroughly testing hotfixes and service packs before you roll them out to your organization can save you hours, perhaps days, of mopping up operations if something goes wrong. It is also worth remembering that even though a hotfix may be able to be installed on a system, this does not mean that the hotfix should be installed on a system. Careful judgments should be made as to whether or not the hotfix is applicable and relevant for the environment that it might be deployed in. Finally, it is important to know how to get back from a position once you have arrived there. Even with thorough testing something can be missed, and having an effective rollback strategy before a service pack or hotfix is rolled out is much better than attempting to develop such a strategy once a hotfix is installed on production systems and is causing unforeseen problems.
IP Security (IPSec) is a network layer technology that is used to secure communications. IPSec encrypts the information carried by Internet Protocol (IP) datagrams. This means that even if these packets are captured, the data contained within the packets exists only in an encrypted form and cannot be read by the interceptor. IPSec has been supported natively since Microsoft Windows 2000. Microsoft Windows Server 2003 ships with three default IPSec policies that can be applied by means of Group Policy objects (GPOs) or local policy. These policies are as follows:

Client (Respond Only). When this policy is configured, the computer will use IPSec only if its communication partner requests that such a connection be established. The client itself will not request that IPSec be used.

Server (Request Security). When this policy is configured, the computer will request that its communication partner use IPSec. If the communication partner is unable to service this request, communication will continue in an insecure manner.

Secure Server (Require Security). When this policy is configured, the computer will communicate only with partners that support IPSec.

On top of this set of IPSec policies, specific policies can be created that are more specific. These policies can be restricted to specific hosts, subnets, and protocols. Custom policies can also be deployed by means of GPOs or local policy. 70-640 70-647 70-270 70-291

IPSec is considered by many to be the future of communication. Without IPSec, transmissions across a network are unencrypted. Such transmissions can be intercepted by packet sniffing utilities. This could potentially lead to valuable information falling into the hands of unauthorized parties. With IPSec, even if communication is intercepted, it cannot be read because the content is encrypted

Performing Bulk Copy Operations 640-801 HP0-145 70-646
This lesson describes how to copy large amounts of data quickly, using the SqlBulkCopy object provided by the System.Data.SqlClient namespace and the BULK INSERT SQL statement in SQL Server. In addition to performing an individual bulk copy operation, you will also learn how to perform a set of bulk copy operations wrapped within a transaction.
Why Perform Bulk Copies?
Copying large amounts of data from one database table to another (or from a file to a database table) can take a lot of time and resources if you simply create an application that reads individual rows out of the original data source and then insert the individual rows into the destination data source. To accomplish the task of moving many records (or entire tables) of data, use the .NET Framework and SQL Server bulk copy features, which perform the transfer of the bulk copies more efficiently than transferring individual records.
Lab: Bulk Copying
In this lab you will bulk copy data from one table to another.
Creating Tables to Copy Data into
To demonstrate how to perform a bulk copy operation, you need tables to copy data into. A quick way to create the tables is to use Server Explorer and the Visual Database Tools to do some cutting and pasting! Use the following steps to create CustomerHistory and OrderHistory tables, which you will use to bulk copy the Customer and Order table data into. 70-291 1D0-510 MB6-508
1.In Server Explorer, expand the Tables node for the Northwind database.
2.Right-click the Customers table and select Open Table Definition.
3.Select the first row by clicking the box with the key icon.
4.Press Ctrl+A to select all the rows.
5.Press Ctrl+C to copy them to the clipboard.
6.Right-click the Tables node in Server Explorer and select Add New Table.
7.Select the empty row (not a cell but the entire row) and press Ctrl+V to paste the table definition into the row.
8.Select only the CustomerID row. Right-click the CustomerID row and select Set Primary Key.
9.Save the table and name it CustomerHistory.
10.Repeat these steps with the Orders table, set the OrderID as the primary key, and save the table with the name OrderHistory.
Lesson Summary
Bulk copying provides an efficient way to copy large amounts of data.
The SqlBulkCopy object provides a .NET Framework class to perform bulk copy operations in your application.
The SQL BULK INSERT statement provides a way to perform bulk copy operations using the resources in SQL Server.
Bulk copy operations can be performed from within a transaction.
Lesson Review 190-802 70-290 70-649
The following questions are intended to reinforce key information presented in this lesson. The questions are also available on the companion CD if you prefer to review them in electronic form.

ToolStrip controls can host a wide range of functionality. ToolStripItems duplicate the functionality of several other Windows Forms controls as well as combine some Windows Forms functionality with menu functionality.000-297 ex0-103 190-801
Tool strips support rafting, merging, rearrangement of controls, and overflow of controls.
MenuStrip controls are used to create menus for forms and host ToolStripMenu-Item controls, which represent menu entries and commands.
The ContextMenuStrip control is used for creating context menus. You can associate a context menu with a control by setting the ContextMenuStrip property.
The Properties window can be used to create default event handlers or to assign preexisting methods to handle events.
A variety of mouse and keyboard events are raised in response to user actions. The MouseEventArgs parameter in many of the mouse events provides detailed information regarding the state of the mouse, and the KeyEventArgs and KeyPressEvent-Args parameters provide information regarding the state of the keyboard.
Event handlers can be created at run time and used to dynamically associate events with methods.
Typically, most real-world applications use databases as a store for the data in that application. For example, inventory systems, contact management systems, and airline reservation systems store data in a database and then retrieve the necessary records into the application as needed. In other words, the data used by an application is stored in a database external to the actual application, and it is retrieved into the application as required by the program.
When creating applications that work with data, the Microsoft .NET Framework provides many classes that aid in the process. The classes that you use for common data tasks such as communicating, storing, fetching, and updating data are all located in the System.Data namespace. The classes in the System.Data namespace make up the core data access objects in the .NET Framework. These data access classes are collectively known as ADO.NET.
Before you can begin working with data in an application, you must first establish and open a connection and communicate with the desired data source. This chapter describes how to create the various connection objects that are used to connect applications to different data sources and sets the basis for working with data in the following chapters. After learning to establish connections to databases in this chapter, we will move on to Chapter 6, “Working with Data in a Connected Environment,” which provides instructions for running queries, saving data, and creating database objects directly between your application and a database. Chapter 7, “Create, Add, Delete, and Edit Data in a Disconnected Environment,” describes how to create DataSet and DataTable objects that allow you to temporarily store data while it is being used in a running application. Finally, Chapter 8, “Implementing Data-Bound Controls,” provides information on binding data to be displayed and worked with in Windows Forms controls.
Typically, data sources are relational databases such as Microsoft SQL Server and Oracle, but, additionally, you can connect to data in files such as Microsoft Office Access (.mdb) and SQL Server (.mdf) database files. The connection object you use is based on the type of data source your application needs to communicate with. 190-712 640-553 190-623

The ToolStrip control is a host for ToolStripMenuItem controls that can be used to create toolbar-style functionality for your forms. Toolbars provide support for item reordering, rafting, and overflow of items onto the overflow button.646-204 225-030 000-253

Many tool strip items duplicate functionality of full-size Windows Forms controls such as ToolStripLabel, ToolStripButton, ToolStripTextBox, ToolStripComboBox, and ToolStripProgressBar. Tool strip controls that do not have analogous Windows Forms controls include ToolStripSeparator, ToolStripDropDownButton, and Tool-StripSplitButton.
You can display images on the ToolStripItems control with the Image property.
The ToolStripContainer control allows you to create forms that include support for rafting toolbars.

The ToolStripManager class is a static class that exposes methods for tool strip management. You can use the ToolStripManager.Merge method to merge tool strips.
Lesson Review
You can use the following questions to test your knowledge of the information in this lesson. The questions are also available on the companion CD if you prefer to review them in electronic form.

Creating and Configuring Menus 190-803 BI0-122 640-863
Menus have always been a part of Windows Forms applications. They give the user quick and easy access to important application commands in an easy-to-understand, easy-to-browse interface. The .NET Framework version 2.0 introduced MenuStrips, which allow the rapid creation of Forms menus as well as context menus (also known as shortcut menus, which appear when the user right-clicks an object). In this lesson, you will learn how to create menus and context menus and configure them for use in your application.

Creating Access Keys
Access keys enable you to access menu items by defining keys that, when pressed in combination with the Alt key, will execute the menu command. For example, if a File menu defines the F key as an access key, when Alt+F is pressed, the File menu will open. Menus that contain sub-menus open when the access key combination is pressed, and menus that invoke commands will invoke those commands. Note that the menu item must be visible for the access key to function. Thus, if you define an access key for an Open menu item that exists in the File sub-menu, the File menu must be opened first for the access key combination to function.
You can create an access key for a menu by preceding the letter you want to define the access key for with an ampersand (&) symbol. For example, to create an Alt+F access key combination for the File menu, you would set the FileToolStripMenuItem’s Text property to &File.
Creating Shortcut Keys
Unlike access keys, shortcut keys are a combination of keystrokes that allow direct invocation of a menu item whether the menu item is visible or not. For example, you might define the Ctrl+E key combination to be a shortcut key for the Exit menu command in the File menu. Even if the File menu is not open, Ctrl+E will cause the Exit menu command to be executed. Also, unlike access keys, you cannot create shortcut keys for top-level menus—you can create them only for items in sub-menus. 000-731 ex0-100 70-620
You can create a shortcut key at design time by setting the ShortcutKeys property in the Properties window. Clicking the ShortcutKeys property launches a visual interface than enables you to define a key combination. This interface is shown in Figure 4-5.
If you want to display the shortcut key combination next to the menu item, you can set the ShowShortcutKeys property of the ToolStripMenuItem control to True. You can also define a custom text to be shown instead of the key combination. If you want to define a custom text, you can set it in the ShortcutKeyDisplayString property.

Product Description

Exam Number/Code: 190-720
Exam Name: IBM Lotus Notes Domino 7 SysAdmin Operating Fundamentals
“IBM Lotus Notes Domino 7 SysAdmin Operating Fundamentals”, also known as 190-720 exam, is a Lotus certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 90 questions to your 190-720 Exam preparation. In the 190-720 exam resources, you will cover every field and category in CLP helping to ready you for your successful Lotus Certification.

Exam Number/Code: 646-976
Exam Name: Data Center Networking Sales Specialist
“Data Center Networking Sales Specialist”, also known as 646-976 exam, is a Cisco certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 80 Q&As to your 646-976 Exam preparation. In the 646-976 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.

Exam Number/Code: 646-223
Exam Name: Unified Communications Express AM
“Unified Communications Express AM”, also known as 646-223 exam, is a Cisco certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 101 Q&As to your 646-223 Exam preparation. In the 646-223 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.

Exam Number/Code: 70-638
Exam Name: TS:MS Office Communications Server 2007, Configuring
“TS:MS Office Communications Server 2007, Configuring”, also known as 70-638 exam, is a Microsoft certification. With the complete collection of questions and answers, Pass4sure has assembled to take you through 60 Q&As to your 70-638 Exam preparation. In the 70-638 exam resources, you will cover every field and category in TS helping to ready you for your successful Microsoft Certification.

■ When designing a system that sy0-101 enables your company to have access to the Internet,
you might want to consider having more than one link to connect to the Internet,
especially if your company relies on the connectivity to do business. Relying on the
uptime of an ISP for sales and electronic communications can be a high risk for any
company.
■ Before designing redundanc y into your connectivity design, you should verify that
redundancy is required. If your company CompTIA Security+ does not require connectivity to the
Internet to do its business, you can spend your IT budget in other areas.
■ You should determine the cost to the company if downtime occurs. It is very
important that you be able to quantify the cost associated with downtime as it
relates to Internet connectivity problems. That is, how much could the company
afford to lose for each minute remote users or company employees cannot connect
to the Internet?
■ In designing redundancy into your network, you should identify any hardware
components that might become 642-901 points of failure to your network because they are
the only means by which users can do their jobs. For example, if the dial-in server
available for remote users to connect to the company’s network becomes unavailable,
what will happen?
■ Before selecting an ISP for the implementation of your VPN or connectivity to the
Internet, you should consider how reliable the ISP’s Internet uplink is, how stable
the vendor is financially, and whether the CCNP vendor offers your company any guarantees
or service-level agreements, such as 99 percent uptime. You should also
determine if your ISP offers any security features, such as intrusion detection systems
or firewalls, and if the ISP gives your company reports showing daily or
weekly usage of bandwidth that will help you plan for growth.

that the clock speed of a central processing unit (CPU) would exponentially increase
over the next 20 years, was accurate almost to the megahertz. Memory, another hardware
component that has increased at a 70-647 phenomenal rate, is not the bottleneck in our
high-tech world of today. It seems that bandwidth is still our biggest liability; we don’t
have enough of it. In this lesson, you look at bandwidth and how your design must
take into account the bandwidth requirements to make your connectivity to the Internet
productive.Just as airlines overbook flights, most ISPs oversubscribe bandwidth. By oversubscribing
bandwidth, the ISP is counting on all of their customers not simultaneously
using 100 percent of the bandwidth they are allocated, in the same way
airlines count on some customers not using their plane tickets.
■ You will most likely be sharing your company’s available bandwidth among many
network services. It is very important that a thorough analysis be made of the type
of traffic that will be using any links.
■ When calculating the  MCITP bandwidth requirements for a VPN, you should know how
many users will need to access the network, if VoIP, e-mail, or Web servers will
also use the VPN bandwidth, and how much bandwidth these additional services
will require.
■ You should look at the traffic your network is transmitting during peak hours, and
determine if that traffic can be transmitted during periods of low bandwidth usage.
For example, employees can be directed to perform certain transfers of data during
nonpeak usage hours.

Network Address Translation (NAT) is a protocol that enables a private network to
connect to the Internet. A mapping table is created on the NAT server that maps
all internal IP addresses with port numbers and the external 642-642 IP address chosen by
the company.
■ NAT was created as a temporary solution to the problem of a shortage of IP
addresses available to handle the large number of users requesting them from the
InterNIC.
■ The NAT server forwards packets from Internet-based users to the computers on
the company’s private network. The NAT server drops packets that do not have a
matching port number in the session mapping table.
■ NAT Traversal technology enables an application to detect that a NAT server is
being used on the network, 640-816 automatically configures the port mappings, and
dynamically opens and closes the ports without user intervention.

You have been selected to design a 642-383 remote access strategy for a Maui property that is
managed by Contoso, Ltd., a property management company located in Honolulu,
Hawaii. The company relies on its ability to make reservations for its condominium
holdings, apartment rentals, and several five-star hotels. Much of Contoso’s revenue is
earned from golf course fees, golf shops, and restaurants located on hotel properties.
Many of the restaurants are running legacy 642-642 applications that have not been updated for
more than ten years and are starting to have problems. The golf shops are located too
far from the main computer buildings, which house two Windows 2000 servers, four
Windows Server 2003 servers, a NetWare 4.11 server running an application that keeps
track of the cleaning staff’s room assignments throughout the complexes, and the routers
and switches supporting the network infrastructure.
Background
Contoso has acquired many hotels and restaurants during the past 12 years and is
expanding to Southeast Asia. Its largest CCIP customer base is Japanese travelers, from
whom it receives more than $22 million per year.
Geography
In addition to its primary location, Contoso also has branch offices located on Maui,
Kauai, and Tokyo, from where most of its customers come. Depending on which island
a customer wants to visit, he or she must call an 800 number to make a reservation.Charge card numbers 350-001 are given over the telephone and inputted into the systems by
reservation clerks.
Network Infrastructure
Each branch office supports the hotel property, which includes the restaurants and golf
shops. Fiber-optic cable is run underground to most facilities and is connected to a
main dedicated building that houses all of the network’s technological equipment such
as servers, routers, and switches. There are many small offices throughout the properties,
where managers use 642-456 dial-in services to query several databases for hotel occupancy
numbers.
Future Plans
The company is considering developing a Web-based application that would allow
customers to make their reservations online. The system would need to securely accept
charge card and debit payments from customers.Summary
■ Remote access networking gives users the ability to remotely connect to a corporate
network or to the Internet.
■ A dial-up client connects to a remote access server through a physical connection
to the remote access server. Dial-up clients use the telecommunications infrastructure
to create the connection to the remote access server.
■ A VPN client connects to a network using the Internet, or public network, as its
backbone. It uses TCP/IP protocols and tunneling protocols such as PPTP and
L2TP.
■ Wireless clients connect to a network by using radio frequencies from 2.4 GHz to
5.0 GHz, depending on which 802.1x wireless standard is being followed, infrared
(IR), which uses the frequency a little below CCIE visible light, or spread-spectrum signals,
which send data over multiple frequencies.
■ Extensible Authentication Protocol (EAP) provides the framework for such technologies
as smart cards and biometric devices. Biometrics uses a person’s physical
attributes as a means of authentication.
■ Before a conceptual remote access design can be created, a thorough understanding
of the present network topology and documentation (network maps, inventory of
all servers and workstations, and so on) must be available.
■ To ensure that the network access servers are available to users, you should consider
having an additional server configured in each subnet servicing the remote
access infrastructure, for both redundancy CCVP  and survivability.Before you can decide on the remote access design you will use for your company,
you must identify the needs of the users, current network infrastructure,
network traffic patterns, and any mission-critical applications that will run on the
system.
■ A remote access policy is composed of an ordered set of rules, each containing
one or more conditions, profile settings, and a remote access permission setting.
■ If a connection is authorized, a policy profile may specify certain connection
restrictions. A remote access profile is a set of properties that are applied to a connection
if the connection has been authorized.
■ As your remote access infrastructure grows, it may become necessary to implement
a centralized system to perform authentication and accounting functions. IAS
Server is Microsoft’s implementation of RADIUS.
■ IAS performs centralized accounting, authentication, authorization and auditing
for dial-up, VPN, and wireless connections.
■ A RADIUS server is a server that authenticates, authorizes, and performs accounting
functions when a connection attempt is made from a remote access client.
■ A RADIUS client can be a dial-up server, VPN server, or a wireless access point
(AP). When a remote access client attempts a connection to any of these servers,
the RADIUS client receives the request and forwards it to the RADIUS server.
■ A RADIUS proxy determines 642-456  which RADIUS server to forward a request to. For
example, a RADIUS client would receive a connection request from a remote
access client, forward the request to the RADIUS proxy, and the RADIUS proxy
would then forward the request to the appropriate RADIUS server.