Legacy Update: Get back online, activate, and install updates on your legacy Windows PC

This paper is designed to help organizations plan a Virtual Private Network Quarantine system based on Windows Server 2003 Service Pack 1 Remote Access Quarantine Service. It highlights the issues faced and approaches to designing a quarantine Virtual Private Network

The widespread availability of the Internet has led to significant changes in the way many organizations work. To maintain competitive advantage, companies increasingly require employees to connect to corporate networks from remote locations such as homes, branch offices, hotels, Internet cafés, or customers' premises. These remote connections are usually implemented with virtual private network (VPN) technologies.

VPN connections allow employees and partners to connect securely to a corporate local area network (LAN) over a public network in a secure manner. Remote access that uses VPN technologies is a key enabler for many new business opportunities, such as remote administration and high security applications. A large number of business groups and users make use of productivity and administration applications that require frequent and dependable remote access to corporate LANs.
Although a VPN provides secure access by encrypting data though the VPN tunnel, it does not prevent intrusions by malicious software, such as viruses or worms that initiate from the remote access computer. Virus or worm attacks can result from infected computers that connect to the LAN.
Organizations, such as those in the financial services sector, where even a minor security breach can harm the public perception of the organization, must maintain their reputation for secure transactions. Hence, VPN connections must be subject to strong access requirement checks and validation.
Insecure VPN access occurs when the remote computer does not meet the organization's security requirements. Most VPN implementations cannot check that a remote computer has the latest security hotfixes or virus signatures before they connect to the corporate network. Therefore, many organizations do not consider that basic VPN-based remote access meets their security requirements.
VPN quarantine provides a mechanism to address these issues. VPN quarantine ensures that computers that connect to the network using VPN protocols are subject to pre-connection and post-connection checks and are isolated until the computer meets the required security policy. These checks, carried out with custom scripts, can examine service pack versions, security updates, and if an approved antivirus program is running with the most recent virus definition files. Organizations can test for other requirements in these custom scripts.

The VPN quarantine solution places all connecting computers that meet the specified remote access policy into a quarantine network and verifies that these computers comply with the organization's security policy. The remote access VPN server lifts the quarantine restrictions and allows access to corporate network resources only when the remote access computer passes all connection checks.
This guide describes the challenges in planning and implementing quarantine services with Microsoft VPN through the new features available in Windows Server 2003 Service Pack 1 (SP1).

Files

Status: Deleted This download is no longer available on microsoft.com. The downloads below are archives provided by the Internet Archive Wayback Machine from the Microsoft Download Center prior to March 2015.

• Adobe Acrobat Reader is required to view the documentation.

1. Click the Download button above.
2. Save the .zip file to your preferred location on your computer.