Re: Wireless security and VPN
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/23/05
- Next message: Donna Buenaventura [MVP]: "Re: Hi, I remove all permission access on my HDD what cann I do"
- Previous message: Donna Buenaventura [MVP]: "Re: MSN Messenger"
- Maybe in reply to: Steven L Umbach: "Re: Wireless security and VPN"
- Next in thread: Steven L Umbach: "Re: Wireless security and VPN"
- Reply: Steven L Umbach: "Re: Wireless security and VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 Oct 2005 11:02:49 -0500
No you do not need to issue certificates for pptp. Another vulnerability of
VPN connections is that users will often save their password for their VPN
connectoid which could allow an attacker who obtained/stole their laptop to
access your network as that user if the account had not been disabled for
dial in. There is a registry entry that can prevent that and be distributed
via a Group Policy custom .adm or smart cards are used in situations where
high security is needed. Smart cards do require a Certificate Authority
however and an investement in hardware for the smart cards and
ders. --- Steve
http://is-it-true.org/nt/atips/atips20.shtml --- disable VPN connectoid
password storage.
Hive: HKEY_LOCAL_MACHINE
Key: SYSTEM\CurrentControlSet\Services\RasMan\Parameters
Name: DisableSavePassword
Type: REG_DWORD
Value: 1
"jbarnes29" <jbarnes29@discussions.microsoft.com> wrote in message
news:11A1D89D-DFCA-4D78-978E-E072F897D0BD@microsoft.com...
>I do enforce 8+ character alphanumeric passwords and lock out the accounts
> after three unsuccessfull attempts. Do I need to enable Certificate
> Services? I am not clear on what exactly it does.
>
> "Steven L Umbach" wrote:
>
>> Actually you should be using mschapv2 which would be default and is a
>> strong
>> authentication protocol. Just make sure the users are forced to use
>> strong
>> passwords. I would suggest that you enable password complexity and have a
>> minimum password length of eight characters. This will make pptp very
>> secure. If users balk at complex passwords train them to think pass
>> phrases
>> and to use spaces between the words. A pass phrase such as A spoonful of
>> sugar! is a very very strong password as far as the operating system is
>> concerned. --- Steve
>>
>>
>>
>> "jbarnes29" <jbarnes29@discussions.microsoft.com> wrote in message
>> news:123AB604-F6C4-436C-B91F-DFDAF3CE1470@microsoft.com...
>> >I have a Windows Server 2000 domain and XP Pro clients. I have set up
>> >VPN
>> > through RRAS (PPTP) and it works fine. My question is: Should I be
>> > concerned about security when remote users (using their own laptops)
>> > log
>> > in
>> > using a public wireless access point (hotspot)? My userstanding of
>> > MS-CHAP
>> > is that passwords never travel in the clear during the
>> > challenge-handshake
>> > process and it is also my understanding that the VPN data stream is
>> > fully
>> > encrypted. Am I missing anything? Should I be concerned about someone
>> > "sniffing" these remote users' packets?
>>
>>
>>
- Next message: Donna Buenaventura [MVP]: "Re: Hi, I remove all permission access on my HDD what cann I do"
- Previous message: Donna Buenaventura [MVP]: "Re: MSN Messenger"
- Maybe in reply to: Steven L Umbach: "Re: Wireless security and VPN"
- Next in thread: Steven L Umbach: "Re: Wireless security and VPN"
- Reply: Steven L Umbach: "Re: Wireless security and VPN"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
