Re: VPN Security.

From: Chris Leiter (cjleiter_at_hotmail.com)
Date: 07/19/05 

Date: Tue, 19 Jul 2005 08:54:32 -0700

Depending on who you ask, this could get sticky.
First of all, there's no such thing as a "hardware" vpn solution. All VPN
devices must use some kind of software to control access to the network.
The question really becomes, do I buy a product that is a dedicated VPN
solution, or do I continue using the product I have.

A couple of questions you might want to ask yourself include:
    Is it worth the monetary and administrative cost to set up a new VPN
solution?
    Is the product really more secure? How many IOS updates have there been
for it within the last couple of years?
    Can it offer Quarantine Services (or something similar) to protect my
internal network (2K3 can!)

I would say if you've dedicated your win2k3 server to the VPN solution, and
have taken the necessary precautions to secure it (i.e. disabling any
unnecessary services and keeping the software up to date), there's no need
to reinvent the wheel.

Products like Firewalls, routers, and VPN concentrators are only as secure
as the administrator who maintains them makes them.

Just my $0.02

Chris Leiter

"Jarryd" <Jarryd@youllneverknow.com> wrote in message
news:OXUzh3DjFHA.3256@TK2MSFTNGP12.phx.gbl...
> Hi,
>
> I have a Windows Server 2003 machine configured as a VPN server. Access
> is restricted to L2TP IPSec using MS-CHAP v2 only and users of the VPN
> security group. Is there anything else that I can do to make it more
> secure. I am also wondering about getting a hardware VPN. I am using the
> MS one and it is working very well, but if a hardware solution is really
> that much more secure then I suppose it is worth shelling out a bit more.
> So what I am looking for is educated opinions on the matter.
>
> TIA,
>
> Jarryd
>

Relevant Pages

  • Re: Security question re- VPN clients on wireless networks
    ... Vpn's are only as secure as the remote site. ... trojan/virus etc it could get to the server via the VPN. ... is fairly safe and a little faster than running it though a VPN. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Question(s) - Neophyte
    ... >> Have a small office Netwrok running W2k3 Small Business server. ... >> a need to access the network remotely, so I am looking at possibly a VPN ... Is Hardware VPN better ... > but this is largely due to the fact that RRAS is about ...
    (microsoft.public.windows.server.networking)
  • Re: Secure workgroups!
    ... Throughput would be one weekness in a server based product (PCI bus ... Wire speed capable solutions on hardware based ... these boxes from say internal audit, then you have a point, however that may ... Traffic inside the VPN tunnel will get delivered, ...
    (microsoft.public.security)
  • RE: [fw-wiz] Issues opeing firewall for SSH/SecureFTP?
    ... The May 2004 issue of sysadmin mag had an article on "secure file transfer ... >> served by a VPN directly to that server with a stack ...
    (Firewall-Wizards)
  • Re: connecting to a Firebox
    ... it could be the hardware issue. ... Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on ... > of my XP Pro/98/95/Me machines just great to this thing, ... > Server 2K3 Standard to connect to the internet/obtain an IP/ANYTHING. ...
    (microsoft.public.windows.server.networking)