Remote Access Security hosts

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security hosts

A security host is an authentication device that verifies whether a caller from a remote access client is authorized to connect to the remote access server. This verification supplements security already supplied by the server running Routing and Remote Access. This verification is only applicable to dial-up or modem connections.

The security host sits between the remote access client and the remote access server. The security host generally provides an extra layer of security by requiring a hardware key of some sort in order to provide authentication. Verification that the remote access client is in physical possession of the key takes place before access to the remote access server is granted. This open architecture allows customers to choose from a variety of security hosts to augment the security in Routing and Remote Access.

For example, one kind of security system consists of two hardware devices: the security host and the security card. The security host is installed between the remote access server and its modem. The security card is a small unit the size of a credit card, resembling a pocket calculator without keys. The security card displays a different access number every minute. This number is synchronized with the same number calculated in the security host every minute. When connecting, the remote user sends the number on the security card to the host. If the number is correct, the security host connects the remote access client with the remote access server.

Another kind of security host prompts the remote access client to type in a user name (which may or may not be the same as the remote access client name) and a password (which differs from the remote access client password).

You must configure the security host to allow the remote access server to initialize the modem before the security functions take effect. The remote access server must also be able to directly initialize the modem that is connected to the security host without security checks from the security host. The security host might interpret the attempt of the remote access server to initialize the modem as an attempt to dial out.

For more information, see Configure other security devices.