Cengage Windows Server 2019 Chapter 9.1 Vocab

Collection

An entity that contains remote access servers. Allows specific groups of users in your Active Directory domain access to Remote Desktop, as well as provides configuration for RemoteApp and Remote Desktop sessions.

Constraint

A section of a remote access policy that contains characteristics that must be met for remote access.

demand-dial interface

An interface that automatically creates a VPN connection to a NAT router when it receives traffic destined for a network.

demarcation point

The point in a network infrastructure that connects to the ISP using a last mile technology.

dial-in permission

Permission to access a network remotely.

Direct Access

A remote access technology that automatically creates IPSec tunnels to a remote access server when remote access clients are outside of the organization.

DirectAccess Connectivity Assistant

A tool administrators use to improve an enterprise's DirectAccess connection.

Generic Routing Encapsulation (GRE)

A protocol that provides a private, secure path for transporting packets through an otherwise public network by encapsulating (or tunneling) the packets. This is accomplished through tunnel endpoints that encapsulate or de-encapsulate traffic.

Gigabit Passive Optical Network (GPON)

A last mile technology that uses fiber optic cable.

Internet Key Exchange version 2 (IKEv2)

An enhancement to IPSec that provides VPN tunneling with faster speeds compared to L2TP. It uses 256-bit encryption keys and requires that remote access clients and servers authenticate to each other using an IPSec encryption certificate or preshared key.

IP Security (IPSec)

A secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks.

Layer Two Tunneling Protocol (L2TP)

A VPN protocol developed by Microsoft and Cisco. It provides for tunneling only and relies on IP Security (IPSec) for the encryption of data packets using encryption keys varying in length from 56 to 256 bits. To participate, the remote access client and server must authenticate to each other. To do this, you can configure the same preshared key (password) or install an IPSec encryption certificate on both the remote access client and server.

long-range Wi-Fi

A last mile technology that uses radio wireless, often using wireless transmitters positioned in a line of sight.

Microsoft Point-to-Point Encryption (MPPE)

An encryption technique used in PPTP. Although it supports encryption keys varying in length from 40 to 128 bits, modern Windows operating systems such as Windows 10 and Windows Server 2019 contain a registry key that prevents the use of keys less than 128 bits by default.

Network Connectivity Assistant

A DirectAccess service that probes a network location server using HTTPS each time a client network interface is activated on a network to determine whether the client is located on a network outside the organization.

network location server

A website that is used to detect whether DirectAccess clients are located in the corporate network. Clients in the corporate network do not use DirectAccess to reach internal resources, but instead, they connect directly.

Network Policy and Access Services

A component of Windows Server. It replaces the Internet Authentication Service (IAS) from Windows Server 2003. It helps an administrator safeguard the health and security of a network.

Network Policy Server

This is installed when you install the Network Policy and Access Services (NPAS) feature in Windows Server 2016 and Server 2019. It allows you to create and enforce organization-wide network access policies for connection request authentication and authorization.

Next Generation Firewall (NGFW)

A network security device that provides capabilities beyond a traditional, stateful firewall. While a traditional firewall typically provides stateful inspection of incoming and outgoing network traffic, this device includes additional features like application awareness and control, integrated intrusion prevention, and cloud-delivered threat intelligence.

overlay network

The virtual network that is created by a VPN.

Point-to-Point Protocol

A data link layer communications protocol between two routers directly without any host or any other networking in between. It can provide connection authentication, transmission encryption, and compression.

Point-to-Point Protocol over Ethernet (PPPoE)

A network protocol for encapsulating PPP frames inside Ethernet frames.

Point-to-Point Tunneling Protocol (PPTP)

One of the oldest and most widely supported VPN protocols. It was developed by a consortium of vendors including Microsoft and encrypts data using Microsoft Point-to-Point Encryption (MPPE).

port forwarding

An application of network address translation that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall.

RADIUS Client

A RADIUS-enabled device at the network perimeter that enforces access control for users attempting to access network resources.