RAS, short for Remote Access Services, is an old Microsoft term for what most people now call a client VPN.
Microsoft, of course, maintains valuable intellectual property on its internal network, including the source code to all its operating systems and applications. These are constant targets for hackers, and Microsoft tries to protect its most valuable assets with defenses in depth; they are behind firewalls and on networks segmented with IPsec. In addition, the entire network is monitored for suspicious activity, scanned for malware and so on.
What do I mean by a constant target? Last year, Microsoft IT said it was the target of more than 100,000 intrusion attempts per month. Currently, Microsoft filters out about 9 million spam and virus e-mails a day out of 10 million received. Yes, that means that roughly 90% of incoming e-mails are spam.
In that environment, you'd think that VPN connections might expose Microsoft to serious security risks. So how does Microsoft mitigate those risks while continuing to offer VPN access to remote employees and contractors? The answer to that is manifold.
The first layer of protection for the Microsoft VPN is two-factor authentication. After an infamous incident in fall 2000, Microsoft installed a certificate-based public-key infrastructure and rolled out smart cards to all employees and contractors with remote access to the network and individuals with elevated access accounts such as domain administrators.
Two-factor authentication requires that you have something physical. In this case, it means the smart card and a password. Continue At Source