382    Chapter 6 • Infrastructure Security: Devices and Media

             Packet Exchange/Sequenced Packet Exchange (IPX/SPX) or Network Basic
             Input/Output System (NetBIOS).



              EXAM WARNING
                  Knowing that specific protocols can be filtered through a RAS is very
                  important. This feature allows you to implement an additional layer of
                  security by keeping unauthorized protocols from being used on your
                  network. The Security+ exam expects you to have knowledge of this
                  security feature and to understand how it can help protect your net-
                  work. Blocking unnecessary traffic of this type functions to both reduce
                  your network bandwidth utilization, and prevent potential security
                  breaches using the unnecessary protocols.




                 When securing a RAS server, it is critical to use the best authentication
             method possible for the environment. Implementing callback verification is also a
             good idea. For example, if remote users always call from home, then callback verifi-
             cation would work well and add another layer of security. However, if dealing with
             a mobile sales force calling in from anywhere, callback verification as a security
             mechanism is severely limited.
                 If an intruder detects dial-in numbers either through war dialing or some other
             means, they will try everything possible to access the network through the RAS
             server. Using strong password security for user accounts is critical to making it
             more difficult for intruders to access the network. It is also a good idea to use user
             IDs for the user’s RAS account that differ from their e-mail or standard LAN
             access IDs.This makes it more difficult for intruders to access an internal network
             should they manage to get through the RAS security, as they would still need to
             determine the user’s normal LAN ID and password to access any network
             resources.
                 Overall, RAS is an important service to provide when remote access is needed
             via dial-up; however, it presents several security vulnerabilities that must be
             addressed. Proper implementation of this service allows administrators to provide
             for the remote access needs of their users while keeping their network as secure as
             possible. Following is a list of industry best practices for keeping a RAS implemen-
             tation secure:







          www.syngress.com