DISABLE ROUTING FOR INCOMING CONNECTIONS ON A REMOTE ACCESS SERVER

While remote access is vital for mobile and remote users, it poses some potential security risks. Organizations must be able to recognize these potential risks and take steps to mitigate them.

For example, if your company's remote users only need access to the remote access server, consider disabling routing to the LAN to help prevent unauthorized remote users from accessing the LAN. Follow these steps:

1. If you're using the Incoming Connections option in the Network And Dial-Up Connections folder to provide dial-in access to the server, open the folder, right-click Incoming Connections, and choose Properties.

2. In the Incoming Connection Properties dialog box, select the Networking tab.

3. Double-click Internet Protocol (TCP/IP), deselect the Allow Callers To Access My Local Area Network option, and click OK.

4. Check for any other enabled protocols displayed in the Network Components list, and disable the same option for those protocols. When you're finished, click OK.

If you've configured your remote access server through Routing And Remote Access (RRAS), you must take a different approach to prevent routing for incoming connections. Follow these steps:

1. Open the RRAS console in the Administrative Tools folder, right-click the server, and choose Properties.

2. On the General tab, deselect the Router option.

3. Leave the Remote Access Server option enabled.

4. Click OK, and allow Windows 2000 to restart RRAS for the change to take effect.