Secure Network Access

Lab Overview:

This hands-on lab provides a Windows server and domain administrator with an understanding of how to configure essential security settings for your domain. You will learn how to enforce the use of Encapsulating Security Payload (ESP) with IP Security (IPSec) between your Windows hosts within your environment. You will then learn how to configure a Point-to-Point Tunneling Protocol (PPTP) Virtual Private Network (VPN) on your server and set up your client to use the new VPN connection. These skills will help you understand fundamental security controls within a Windows domain and valuable skills for someone pursuing a career as a security-focused Windows Administrator.

Understand the scenario

You are a system administrator for a company that uses Windows servers and clients. You need to configure IPsec to encrypt local area network traffic between Windows hosts. You must also ensure that remote users have a secure connection to the private corporate network. First, you will configure an IPsec policy in Group Policy, and then you will configure a PPTP VPN server and client.

Configure IPsec to encrypt LAN traffic:

IP Security (IPSec) is a protocol for securing IP traffic over networks by applying encryption for tunneling. IPSec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. For this task, you will modify the group policy for your domain to enable IPSec for all computers in your domain. This will enable tunnel mode encryption, which will encrypt the whole IP packet, including its headers and payload, for all TCP/IP traffic from Windows hosts within your domain.

Configure a PPTP VPN server on DC1:

Microsoft Windows servers have built-in capability to provide point-to-point tunneling protocol (PPTP) virtual private network (VPN) service. The VPN allows clients to access your network and internet resources remotely by encrypting their connection and forcing traffic through a trusted security stack. In this section, you will use the server manager to install and configure the VPN service on your server.

Configure a VPN connection on Client1:

A client-based VPN connection is important for securing access to a company's intranet and for enforcing strong security policies for remote users. For example, if your employees are forced to work from home due to a virus outbreak, your organization runs the risk of users not having a strong perimeter security stack to protect their access to the internet. Using a VPN will force the users to go through your organization's defensive stack while they work from their remote locations. In this section, you will use your Windows 10 workstation and learn how to set up a new PPTP VPN connection using the previously configured VPN service on your Windows server.

Lab Summary Conclusion:

As an administrator in a Windows Server environment, it is essential to understand the basic security controls available to you to secure your domain. This hands-on lab introduces you to very important capabilities that are native to a Windows environment. You will learn to manage group policy security settings, which enable you to enforce controls that align with strong cybersecurity policy and posture. You will also learn about the native VPN capability of a Windows server. You will set up a PPTP VPN and then configure your client to use it, increasing the security of your network activity. These skills are essential for someone who is pursuing a career as a Windows administrator.

Other Challenges in this series

• GUIDED CHALLENGE: Hiding Data with Steganography
• ADVANCED CHALLENGE: Can You Secure Hardened Windows and Linux Hosts?

‍