Re: Question about Remote Administration (XP) over VPN

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 07/12/05 

Date: Mon, 11 Jul 2005 18:00:12 -0500

They can access the desktop like they are logged into it and do anything
they could normally do while logged in as such. You also could potentially
be allowing a back door into your network for an attacker if the password
used to logon to the computers are weak. Using a VPN with L2TP will
eliminate most of that risk since L2TP requires that computers authenticate
to the VPN with a certificate before the user is even allowed to try and
logon to the VPN. PPTP does not offer such protection however unless you
use and require a user certificate smart card for logon to the PPTP. There
is a downside into using a user certificate for authentication for PPTP in
that since user credentials are not used then and that could be a
vulnerability into your network if say a users laptop is stolen. --- Steve

"The Frustrated Monk" <TheFrustratedMonk@discussions.microsoft.com> wrote in
message news:53D7442F-9869-4A46-B33F-F9540701B638@microsoft.com...
> We are in the process of rolling out Windows XP across my company. As part
> of
> a GPO, we only allow Remote Administration and Offer Remote Assistance
> from
> the specific desktop subnets.
>
> Since we are not not specifying the VPN subnets, users cannot remotely
> access their workstations. Contrary to what the vast majority of users
> say,
> very few actually need this ability.
>
> What are the security risks for allowing this? I know that the desktop
> admins can snoop after hours but what else is there?
>
> Any info would be appreciated.

Relevant Pages

  • Re: PPC VPN woes
    ... When you connect with PPTP is the connection dropping when you try to access ... but when using movian you shouldn't see that same problem cause movian ... > past week have been trying to get VPN to play nicely. ... With the exception of remote ...
    (microsoft.public.pocketpc.wireless)
  • Re: [opensuse] Does PPTP VPN actually work in SUSE 10.2?
    ... James Knott wrote: ... I have tried webmin, kvnc, the knetworkmanager mods etc., but cannot find any method that allows me to set up what should be a simple VPN connection. ... Has anyone come up with a simple, reliable method for configuring a PPTP VPN? ... (I've changed remote system name, ...
    (SuSE)
  • Re: VPN Limit
    ... This is from one remote IP address, ... The PPTP specification allows for multiple VPN tunnels between the same two IP addresses, but with one TCP/IP control channel common to all. ... The SBS can accept more than one VPN, but it relies on matching remote IP addresses in order to associate the VPN control and data channels, and if there are two of each channel, both claiming to come from the same remote IP address, there's no way of doing that. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN without Firewall?!
    ... > PPTP is also cheap because from remote side you can simply use the VPN ... > client distributed with Micro$oft OSs. ... PPTP has been broken and shouldn't be used anymore. ...
    (comp.security.misc)
  • Re: VPN without Firewall?!
    ... > PPTP is also cheap because from remote side you can simply use the VPN ... > client distributed with Micro$oft OSs. ... PPTP has been broken and shouldn't be used anymore. ...
    (comp.security.firewalls)