RE: VPN Client Security

---

• From: Dan <Dan@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Sat, 30 Aug 2008 01:34:01 -0700

---

So using a multi-layered security and safety approach is good. BTW, why do
we still only use 128 bit cipher strength so frequently and why not upgrade
the entire industry to start using 168 bit cipher strength as a new bare
minimum. One thing I do like about Windows Live One Care is the ability to
customize what you let in and out of your computer with the firewall by
allowing or blocking it. In addition, shouldn't all company networks have
the sort of firewall that Zone Alarm Professional reporting has so at least
the company can try to figure out where the port scan is coming from even if
the port scan is being hidden through numerous points throughout the world

"Anteaus" wrote:

I don't see how this situation differs from the client being directly
connected to the server. If the client has unsecured shares, or unsecured
remote-registry access, this is the problem, not VPN.

The key security issue (as I see it) with MS VPN is the very heavy reliance
it places on user-passwords to keep intruders out. I would be inclined to
supplement that with a requirement for fixed IP addresses on all clients, and
a suitable set of firewall rules on the server or gateway which will
lock-down access from unauthorised locations.

If you need true roaming access, then I would think in terms of secure
tunnelling or suchlike, which will allow the use of a pre-shared 128/256 bit
key instead of, or as well as, a user password.

"David" wrote:

I'm interested in client security from the VPN.

For example if a VPN is established on a client (say either via a DLL or
Microsoft VPN), how does the client configure their machine to keep the
server side from using the VPN to browse or copy files from the client
machine?

.

---

• Follow-Ups:
  • Re: VPN Client Security
    • From: FromTheRafters
  • Re: VPN Client Security
    • From: Paul Adare - MVP

• References:
  • VPN Client Security
    • From: David
  • RE: VPN Client Security
    • From: Anteaus

• Prev by Date: Re: Source Code
• Next by Date: RE: Source Code
• Previous by thread: RE: VPN Client Security
• Next by thread: Re: VPN Client Security
• Index(es):
  • Date
  • Thread

---

Relevant Pages [NEWS] Cisco VPN 5000 Client Multiple Vulnerabilities ... Multiple vulnerabilities exist in the Cisco Virtual Private Network (VPN) ... 5000 Client software. ... These vulnerabilities are documented as Cisco bug ID ... CSCdx17109 - MAC OS VPN 5000 Client password vulnerability ... (Securiteam) Re: VPN clients unable to connect to other resources. ... gateway matches the IP of the remote client, and DNS and WINS point to the ... remote (although it takes close to a minute to connect, ... This is just regular Windows VPN, ... VPN server, remote routing and access running on the SBS 2003 server ... (microsoft.public.windows.server.sbs) RE: Slow VPN logon and Spuratic folder visibility ... I understand that the remote VPN client ... network configuration. ... the VPN client can access SBS fine? ... Slow VPN logon and Spuratic folder visibility ... (microsoft.public.windows.server.sbs) RE: VPN timeouts ... I do not use ISA & was wondering if there is a configurable option on the ... You remote clients VPN connection will timeout while trying to connect SBS ... between remote client and SBS server which caused by lack of network ... (microsoft.public.windows.server.sbs) Re: VPN clients unable to connect to other resources. ... Are you saying that an XP Home PC wouldn't be able to connect to a server share over VPN? ... Can ping the SBS but not the client PCs on the same network. ... gateway matches the IP of the remote client, ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2008-08