Re: Protecting an open VPN connection from a local home LAN
From: ROBERT S AMP BA Drake (robtsdrake_at_verizon.net)
Date: Wed, 23 Feb 2005 21:42:37 GMT
On passwords, you are pretty safe with 12 characters, no words, at least one
lower case, 1 upper case, one special character and one number. It is good
for about 90 days.
These are hard to remember so I put out guidance to the effect that you
remember a 12 word phrase. For example, a short one might be "My mother
makes the best! corn bread 1n the 0ven" Mmmtb!cb1t0 would be the password.
We used LoughtCrack (sp?) to scan user passwords, It was working mine for
four days and never got it. One of the users had: L0ve0fGarDen!
Loughtcrack got that in 6 six seconds.
While this may seem extreme, the information we were protecting demanded the
password strength. Users were not happy but eventually got used to it.
"-Lone_Wolf-" <lone_wolfs_den@CLOTHEShotmail.com> wrote in message
> Yesterday I opened my firewall only to notice repeated attempts to my VPN
> listening service. I took a screen capture and then locked out the VPN.
> When I looked back at the log it showed 892 attempted connections (I
> assume he/she was trying to crack the password) in the hour for which the
> log went back (and presumably much longer).
> So here is my question...
> I have taken an old PC (Win98) and turned it into a VPN gateway to my LAN.
> There is a NAT Router and all connections to the open VPN ports are
> directed to the new Gateway. I have set up the Win98 box to always log out
> with a very good password but I am not too sure this will be enough?
> So to hack in one needs to beat the VPN password, beat the Win98 password
> then open another (password protected) VPN connection on the Win98 Machine
> to any of my other PC's.
> Do you think this is unwarranted protection, not enough protection, or
> flawed in theory?
> Thank you