Re: Security of a Windows 2003 VPN Question
- From: "bagins" <dejan /at\ levaja /.\ com>
- Date: Fri, 28 Apr 2006 09:17:54 +0200
No, I was thinking of using IPSec to block access to the box. Create IPSec
policy to block all inbound traffic except the one you want to recieve. SCW
is a great tool, also.
Of course, you can use IPSec in combination with L2TP and certificates to
achieve very secure VPN.
Do you really need IPSec between VPN server and DC? I can't tell. If they
are in hostile environment, you should definitely use it.
IMHO, if you keep your box up to date, use SCW and best practices in
hardening your box, create IPSec policy to protect your server, you are
safer than you could ever be if using some software firewall. ( except ISA,
of course ;) )
--
************************
Best regards
Bagins
************************
"NOSPAMsmorzandoAT@xxxxxxxxxxx"
<NOSPAMsmorzandoAThotmailcom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:010FBB6E-640A-4458-8234-68A252514EA6@xxxxxxxxxxxxxxxx
Ok, what about the integrity of the box, since there's no firewall on it?
I've installed and run the Security Configuration Wizard to harden the
server.
And are you suggesting the IPSec happens over the VPN or between the VPN
server and the Domain Controller?
Thanks in advance.
"bagins" wrote:
There is an option in VPN wizard to start static packet filters on VPN
enabled interface. They allow only selected VPN traffic to pass thru VPN
enabled interface.
If you don't find it good enough, you can always create IPSec policies.
Patching and hardening before connecting to the public network is a must.
--
************************
Best regards
Dejan
************************
"NOSPAMsmorzandoAT@xxxxxxxxxxx"
<NOSPAMsmorzandoAThotmailcom@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:88C2EF13-9733-4E6F-BE32-8E7BE9312E92@xxxxxxxxxxxxxxxx
How secure is Windows 2003 VPN? I understand the data transmission
encryption, but I'm curious about the security of the network. When one
installs the VPN on an standalone 03 server one has to shut off the
Windows
firewall service.
Due to minimal resources , I would like to not have to install a
hardware
firewall and have the Win2k3 server, running only the VPN, hook
directly
into my domain controller, which runs AD, etc. (Due to our network, the
DC
has a firewall on it.)
Is this safe at all? Is the Win2k3 VPN box vulnerable? Could I run a
software firewall on Win2k3 VPN box to take the place of Windows
firewall,
which apparently can't run?
What would the ISA server do for me, if I could afford it.
Thanks!
.
- References:
- Re: Security of a Windows 2003 VPN Question
- From: bagins
- Re: Security of a Windows 2003 VPN Question
- Prev by Date: special permissions on folder don't work
- Next by Date: Re: Maximum machine account password age
- Previous by thread: Re: Security of a Windows 2003 VPN Question
- Next by thread: Windows 2003 Problem with Group Policy for Services Startup and Permissions
- Index(es):
Relevant Pages
|
