Re: Protecting an open VPN connection from a local home LAN

From: ROBERT S AMP BA Drake (robtsdrake_at_verizon.net)
Date: 02/23/05


Date: Wed, 23 Feb 2005 21:42:37 GMT

On passwords, you are pretty safe with 12 characters, no words, at least one
lower case, 1 upper case, one special character and one number. It is good
for about 90 days.

These are hard to remember so I put out guidance to the effect that you
remember a 12 word phrase. For example, a short one might be "My mother
makes the best! corn bread 1n the 0ven" Mmmtb!cb1t0 would be the password.

We used LoughtCrack (sp?) to scan user passwords, It was working mine for
four days and never got it. One of the users had: L0ve0fGarDen!
Loughtcrack got that in 6 six seconds.

While this may seem extreme, the information we were protecting demanded the
password strength. Users were not happy but eventually got used to it.

"-Lone_Wolf-" <lone_wolfs_den@CLOTHEShotmail.com> wrote in message
news:5EOSd.473992$Xk.258987@pd7tw3no...
> Yesterday I opened my firewall only to notice repeated attempts to my VPN
> listening service. I took a screen capture and then locked out the VPN.
> When I looked back at the log it showed 892 attempted connections (I
> assume he/she was trying to crack the password) in the hour for which the
> log went back (and presumably much longer).
>
> So here is my question...
>
> I have taken an old PC (Win98) and turned it into a VPN gateway to my LAN.
> There is a NAT Router and all connections to the open VPN ports are
> directed to the new Gateway. I have set up the Win98 box to always log out
> with a very good password but I am not too sure this will be enough?
>
> So to hack in one needs to beat the VPN password, beat the Win98 password
> then open another (password protected) VPN connection on the Win98 Machine
> to any of my other PC's.
>
> Do you think this is unwarranted protection, not enough protection, or
> flawed in theory?
>
> Thank you
>
> John
>



Relevant Pages

  • Re: Protecting an open VPN connection from a local home LAN
    ... >> my VPN listening service. ... I have set up the Win98 box ... >> Do you think this is unwarranted protection, not enough protection, ... even with a respectable software firewall. ...
    (alt.computer.security)
  • Protecting an open VPN connection from a local home LAN
    ... Yesterday I opened my firewall only to notice repeated attempts to my VPN ... I have taken an old PC (Win98) and turned it into a VPN gateway to my LAN. ... There is a NAT Router and all connections to the open VPN ports are directed ... Do you think this is unwarranted protection, not enough protection, or ...
    (alt.computer.security)
  • Re: Problem to connect
    ... Rights can be an issue. ... Actually from within Remote Desktop utility of the Win98 ... I've gotten my machines to VPN or Remote Desktop, ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: [fw-wiz] risk level associated with VPNs?
    ... the VPN terminates. ... But when the remote system has less protection, ... don't care if the VPN client software makes sure the current connection is ...
    (Firewall-Wizards)
  • RE: [fw-wiz] risk level associated with VPNs?
    ... Our VPN connections pass via the same checking systems when they connect ... Now we assume, repeat assume, the VPN machines are adequately protected ... The protection services inside the network are doing their job. ...
    (Firewall-Wizards)