DIAL UP AND VPN CONNECTION

A dial-up connection uses a standard phone line and analog modem to access the Internet
at data transfer rates (DTR) of up to 56 Kbps.

A dial-up connection is the least expensive way to access the Internet, but it also slowest
connection.

OR

A dial-up connection is established when two or more communication devices use a public
switched telephone network (PSTN) to connect to an Internet service provider (ISP).

Many remote areas depend on Internet dial-up connections because broadband and cable
are rare in remote areas with low population numbers.

And

A VPN, or Virtual Private Network, allows you to create a secure connection to another
network over the Internet. VPNs can be used to access region-restricted websites, shield
your browsing activity from prying eyes on public Wi-Fi, and more.

VPNs essentially forward all your network traffic to the network, which is where the benefits
– like accessing local network resources remotely and bypassing Internet censorship – all
come from. Most operating systems have integrated VPN support

Outlining Components Needed for Creating a VPN Server

 The VPN Client. A popular misconception about VPN clients is that they are
workstations that connect to the corporate network over a VPN. ...
 The VPN Server. The VPN Server acts as a connection point for
the VPN client. ...
 IAS Server. ...
 The Firewall. ...
 Choosing a Tunneling Protocol. ...
 Authentication Protocol. ...
 Conclusion.
1. Go to Start / Programs / Administrative Tools / Routing and Remote Access
2. Right click on the Server name
3. Select Configure and Enable Routing and Remote Access

4. At the Setup Wizard, click on the Next button

5. Select Virtual private network (VPN) server
6. Click on the Next button

7. Select all the Protocol(s) needed by the clients

8. Select the network adapter that is connected to the Internet

9. Select how you want IP addresses assigned (either DHCP or Specified)

10. Click on the New button

11. Specify the range of IP addresses you want to use
 12. Generically you can select NO for setting up a RADIUS server

13. This will finish the install of the VPN server


 .

Configuring the User Accounts

You need to configure Users to have dial-in Access
1. Right click on My Computer 
2. Select Manage
3. Select Users
4. Click on the Dial-in tab
5. Check Allows Access

Additional Ports

If the same server is acting as your Proxy, you may need to open up
necessary ports as well
1. Right click on the IP Routing / General section
2. Select Properties
3. Click on Input Filters
4. This will bring up the Default Ports installed for VPN
5. Click on the Add button
6. Select TCP then UDP for the ports you want to add.
Common ones are:
21    FTP
7. 53    DNS
80    Web

8. Repeat the same steps for the Output Filters

9. If the VPN server is behind a router, Port Mapping will need to be done on the
 router. Standard port usage is 1723. You might also need to configure your
router for PPTP Passthrough. Port usage for IPSec is 500, 50-51. These ports
will have to be forwarded to the VPN server’s IP

Types of Virtual Private Network (VPN) and

its Protocols
VPN stands for Virtual Private Network (VPN), that allows a user to connect to a private
network over the Internet securely and privately. VPN creates an encrypted connection
that is called VPN tunnel, and all Internet traffic and communication is passed through
this secure tunnel.
Virtual Private Network (VPN) is basically of 2 types:
1. Remote Access VPN:
Remote Access VPN permits a user to connect to a private network and access all its
services and resources remotely. The connection between the user and the private
network occurs through the Internet and the connection is secure and private. Remote
Access VPN is useful for home users and business users both.
An employee of a company, while he/she is out of station, uses a VPN to connect to
his/her company’s private network and remotely access files and resources on the
private network. Private users or home users of VPN, primarily use VPN services to
bypass regional restrictions on the Internet and access blocked websites. Users aware
of Internet security also use VPN services to enhance their Internet security and
privacy.
2. Site to Site VPN:
A Site-to-Site VPN is also called as Router-to-Router VPN and is commonly used in
the large companies. Companies or organizations, with branch offices in different
locations, use Site-to-site VPN to connect the network of one office location to the
network at another office location.

 Intranet based VPN: When several offices of the same company are

connected using Site-to-Site VPN type, it is called as Intranet based VPN.
 Extranet based VPN: When companies use Site-to-site VPN type to
connect to the office of another company, it is called as Extranet based VPN.

Basically, Site-to-site VPN create a imaginary bridge between the networks at

geographically distant offices and connect them through the Internet and sustain a secure
and private communication between the networks. In Site-to-site VPN one router acts as
a VPN Client and another router as a VPN Server as it is based on Router-to-Router
communication. When the authentication is validated between the two routers only then
the communication starts.
Types of Virtual Private Network (VPN) Protocols:
1. Internet Protocol Security (IPSec):
Internet Protocol Security, known as IPSec, is used to secure Internet communication
across an IP network. IPSec secures Internet Protocol communication by verifying the
session and encrypts each data packet during the connection.
IPSec runs in 2 modes:
  (i) Transport mode
 (ii) Tunneling mode
The work of transport mode is to encrypt the message in the data packet and the
tunneling mode encrypts the whole data packet. IPSec can also be used with other
security protocols to improve the security system.
2. Layer 2 Tunneling Protocol (L2TP):
L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is often combined
with another VPN security protocol like IPSec to establish a highly secure VPN
connection. L2TP generates a tunnel between two L2TP connection points and IPSec
protocol encrypts the data and maintains secure communication between the tunnel.

3. Point–to–Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol generates a tunnel and confines the data
packet. Point-to-Point Protocol (PPP) is used to encrypt the data between the
connection. PPTP is one of the most widely used VPN protocol and has been in use
since the early release of Windows. PPTP is also used on Mac and Linux apart from
Windows.

4. SSL and TLS:

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) generate a VPN
connection where the web browser acts as the client and user access is prohibited to
specific applications instead of entire network. Online shopping websites commonly
uses SSL and TLS protocol. It is easy to switch to SSL by web browsers and with
almost no action required from the user as web browsers come integrated with SSL
and TLS. SSL connections have “https” in the initial of the URL instead of “http”.

5. OpenVPN:
OpenVPN is an open source VPN that is commonly used for creating Point-to-Point
and Site-to-Site connections. It uses a traditional security protocol based on SSL and
TLS protocol.
6. Secure Shell (SSH):
Secure Shell or SSH generates the VPN tunnel through which the data transfer occurs
and also ensures that the tunnel is encrypted. SSH connections are generated by a
SSH client and data is transferred from a local port on to the remote server through
the encrypted tunnel.

FIREWALL
A firewall is a device that is installed between the internal network and the
external network (internet) to filter all incoming and outgoing traffic or data.
This is also known as ‘packet filtering’. A system administrator programs
certain rules in a firewall which are used to evaluate incoming and outgoing
data. A firewall performs two major roles:
 Provides defense against external threats by refusing unauthorized
connections to the router from potential attackers such as hackers.
 It also protects the network infrastructure from within. In other words,
it blocks outgoing connections from the router. It mitigates the spread of
 viruses, keyloggers, or malware that have sneaked past the router and on
the network. Such malicious software might transmit confidential data
back to the hacker such as passwords. Only a firewall is able to prevent
them from doing so by inhibiting their connection.
Therefore, it is important that a firewall is installed and managed by a
professional system administrator to provide the maximum amount of
protection to your company’s network infrastructure. When done correctly,
the advantages of using firewalls cannot be ignored. Their main benefits are:
 Policing: A firewall acts as a security guard that monitors or polices the
outgoing and incoming traffic from/to your network. It analyzes the
information being sent or received and either allows it or blocks it,
depending upon the rules established within the firewall.
 Blocks Malicious Programs: Firewalls have the ability to block
potential malware, viruses, and Trojan horses from infecting your
network system. Trojan horses are the most dangerous because they
attach themselves to files and when you transmit these files, they do
further damage to other computer systems. Plus, they reveal your
confidential information to web servers being hosted by potential hackers.
 No More Hackers:A firewall can stop a hacker dead in their tracks.
Hackers can cause loss of data and damage to an organization’s computer
systems, while they might even use these systems to carry out illegal
activities.
Farewell to keyloggers:
One of the most harmful programs ever written, a keylogger tracks your key
strokes and transmits the information back to cybercriminals. In this way,
they might gain access to your private accounts such as bank accounts. With a
firewall in place, keyloggers will have no chance of being lodged into your
computer systems as they will be blocked in the first place during an incoming
connection to the router.

System Hardening Steps

To harden a Windows server, you'll need to do the following three steps, at a
bare minimum:

o Disable all unnecessary services. To do this, you first need to

determine which services can be disabled. Sounds simple enough, but
it's not. For example, it's impossible to disable the Remote Procedure
Call (RPC) service. Also, little documentation exists to identify what
services a given purpose will require. Even if we had such a list, it
would likely change depending on a vendor's specific implementation
 (say, of a DNS or mail server). In the end, knowing which services are
required and which can be disabled is largely a matter of trial and error.
o Remove all unnecessary executables and registry
entries. Forgetting to remove unneeded executables and registry
entries might allow an attacker to invoke something that had previously
been disabled.
o Apply appropriately restrictive permissions to files, services,
end points and registry entries. Inappropriate permissions could give
an attacker an opening. The ability to launch CMD.EXE as
"LocalSystem," for example, is a classic backdoor.

Now to the specific question on the pros and cons of server hardening. The
benefits of OS hardening a Windows server are that you will have
fewer patches to apply, you'll be less likely to be vulnerable to the average
exploit, and you'll have fewer records to review in the logs. You can focus your
attention on what the server is doing, not on services it may have running that
you don't need.

On the other hand, it's very difficult to properly harden/configure a system so

that it keeps running effectively. Documentation is scarce, and permissions
are required to make it effective--and in the Windows world, permissioning
remains one of those mystic arts. Finally, even a hardened Windows server
will probably have far too many resident files and registry entries to effectively
monitor and maintain.

An alternative to this type of system hardening is what TruSecure calls

essential configurations, or ECs. ECs are like best practices for server
security, a set of tasks that can be completed in an hour or so on any existing
or new system. ECs don't harden the box, per se, but they make it resistant to
all known mass exploits and the most common vulnerabilities for the box's
primary task. Therefore, ECs can be applied to any box, regardless of its role,
but aren't designed to equal the security of a hardened system.