Some of the strategies to harden a VPN Network are:
Quarantine Control provides phased network access for remote (VPN) clients by restricting them to a quarantine mode before allowing them access to the network. After the client computer configuration is either brought into or determined to be in accordance with your organization's specific quarantine restrictions, standard VPN policy is applied to the connection, in accordance with the type of quarantine you specify. Quarantine restrictions might specify, for example, that specific antivirus software is installed and enabled while connected to your network. Although Quarantine Control does not protect against ...view middle of the document...
Forefront TMG provides a connection to the network to which the Forefront TMG is attached. Site-to-site VPN connections are discussed in this document.
There are three VPN protocols for site-to-site connections:
* L2TP over IPsec
* IPsec tunnel mode
Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a VPN across TCP/IP-based data networks. PPTP supports on-demand, multiple protocol, virtual private networking over public networks, such as the Internet. PPTP allows IP traffic to be encrypted and then encapsulated in an IP header to be sent across a corporate IP network or a public IP network, such as the Internet.
L2TP over IPsec
Layer Two Tunneling Protocol (L2TP) is an industry standard tunneling protocol that provides encapsulation for sending Point-to-Point Protocol (PPP) frames across packet-oriented media. L2TP allows IP traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP. The Microsoft implementation of the L2TP protocol uses Internet Protocol security (IPsec) encryption to protect the data stream from one VPN server to the other VPN server. IPsec tunnel mode allows IP packets to be encrypted and then encapsulated in an IP header to be sent across a corporate IP network or a public IP network, such as the Internet.
PPTP connections require only user-level authentication through a PPP-based authentication protocol. L2TP over IPsec connections require the same user-level authentication and, in addition, computer-level authentication using computer certificates or a pre-shared key.
IPsec tunnel mode
When Internet Protocol security (IPsec) is used in tunnel mode, IPsec itself provides encapsulation for IP traffic only. The primary reason...