Sign in

    Implementing Quarantine Services with Microsoft Virtual Private Network Planning Guide

    This paper is designed to help organizations plan a Virtual Private Network Quarantine system based on Windows Server 2003 Service Pack 1 Remote Access Quarantine Service. It highlights the issues faced and approaches to designing a quarantine Virtual Private Network
    • Version:


      File Name:

      Date Published:


      File Size:

      574 KB

        The widespread availability of the Internet has led to significant changes in the way many organizations work. To maintain competitive advantage, companies increasingly require employees to connect to corporate networks from remote locations such as homes, branch offices, hotels, Internet cafés, or customers' premises. These remote connections are usually implemented with virtual private network (VPN) technologies.

        VPN connections allow employees and partners to connect securely to a corporate local area network (LAN) over a public network in a secure manner. Remote access that uses VPN technologies is a key enabler for many new business opportunities, such as remote administration and high security applications. A large number of business groups and users make use of productivity and administration applications that require frequent and dependable remote access to corporate LANs.
        Although a VPN provides secure access by encrypting data though the VPN tunnel, it does not prevent intrusions by malicious software, such as viruses or worms that initiate from the remote access computer. Virus or worm attacks can result from infected computers that connect to the LAN.
        Organizations, such as those in the financial services sector, where even a minor security breach can harm the public perception of the organization, must maintain their reputation for secure transactions. Hence, VPN connections must be subject to strong access requirement checks and validation.
        Insecure VPN access occurs when the remote computer does not meet the organization's security requirements. Most VPN implementations cannot check that a remote computer has the latest security hotfixes or virus signatures before they connect to the corporate network. Therefore, many organizations do not consider that basic VPN-based remote access meets their security requirements.
        VPN quarantine provides a mechanism to address these issues. VPN quarantine ensures that computers that connect to the network using VPN protocols are subject to pre-connection and post-connection checks and are isolated until the computer meets the required security policy. These checks, carried out with custom scripts, can examine service pack versions, security updates, and if an approved antivirus program is running with the most recent virus definition files. Organizations can test for other requirements in these custom scripts.

        The VPN quarantine solution places all connecting computers that meet the specified remote access policy into a quarantine network and verifies that these computers comply with the organization's security policy. The remote access VPN server lifts the quarantine restrictions and allows access to corporate network resources only when the remote access computer passes all connection checks.
        This guide describes the challenges in planning and implementing quarantine services with Microsoft VPN through the new features available in Windows Server 2003 Service Pack 1 (SP1).
    • Supported Operating System

      Windows Server 2003

        • Adobe Acrobat Reader is required to view the documentation.
        1. Click the Download button above.
        2. Save the .zip file to your preferred location on your computer.
      • Solution Accelerators are free, scenario-based guides and automations designed to help IT Professionals who are proactively planning, deploying, and operating IT systems using Microsoft products and technologies. Solution Accelerator scenarios focus on security and compliance, management and infrastructure, and communication and collaboration.

        Get the Solution Accelerator Notifications Newsletter

        Subscribe to the Solution Accelerator Notifications newsletter so that you can stay informed about new Solution Accelerator releases and updates. The newsletter covers such areas of interest as

        • Communication & Collaboration
        • Security, Data Protection, & Recovery
        • Deployment
        • Operations & Management

        You may also receive invitations to participate in accelerator development via beta programs and customer surveys. Solution Accelerator Notifications is currently available in English only.

        If you’ve used a Solution Accelerator within your organization, please share your experience with us by completing this short survey (less than ten minutes long).