IPSec VPN Connection

0 pts.
Tags:
Active Directory
Application security
Database
DataCenter
DHCP
DNS
Encryption
Firewalls
Forensics
Incident response
Instant Messaging
Intrusion management
Microsoft Exchange
Microsoft Windows
Network management software
Network monitoring
Network security
Networking
Networking services
Performance management
Ping
Secure Coding
Security
VPN
Wireless
Hi All, Let me explain my situation: Currently I am making use a PTPP VPN to connect to certain remote sites connected via dialup using VNC to access desktops for support issues. To do this I'm making use of dyndns dynamic ip service which allows me to map a hostname e.g. remotesite.dyndns.org to a dynamically allocated IP which is updated via dyndns's ip-updater which runs on the remote machine. I'm using Windows XP's built in VPN server to accept remote connections based on the remote machine's local user accounts and allocating my own IP on the remote network as there is only 4 workgrouped desktop pc's and 1 network printer 192.168.0.1 - 192.168.0.5 - I generally connect as 192.168.0.77 just because I like 7 and to keep well away from the local range.... This all works well and good but my only concern is security PTPP is apparently quite easy to crack see: http://crimemachine.com/Tuts/Flash/pptp-vpn.html I haven't tried it myself but I would prefer to try and change to a more secure protocol such as IPsec but this process seems much more difficult... If anyone has configured a situation that is similar to mine or knows how to could you help me out as IPsec seems to go a little deeper than just VPN. Thanks in Advance
ASKED: February 21, 2006  8:04 PM
UPDATED: February 22, 2006  12:03 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Apart from all the other trouble a hacker would have to go through to orchestrate this attack, it relies on the fact that the VPN is set to use MS-CHAP which is known to be weak. Set your VPN to use MS-CHAPv2 or some other more modern hash and you don’t really have anything to worry about in terms of session cracking.

If you’re really worried and you want more security (encryption-wise anyway) you can opt to use an IPSec based VPN solution but that obviously requires additional hardware/software. Some might consider that over-kill for your situation though I certainly couldn’t make such a determination based on the information provided.

HTH

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Astronomer
    Microsoft has a considerable amount of documentation on VPNs, both PPTP and IPSec. Here is a link in their 2003 area: http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx Here is another article focusing on IPSec for win2k and XP: http://www.securityfocus.com/infocus/1519 The main problem you have with IPSec that you don't have with PPTP is if there is NAT somewhere along the way. IPSec doesn't like NAT. If you have NAT between your systems you will either have to do encapsulation, (I don't know if this can be done with plain windows), or you need to set up the end points of the VPN to exclude the NAT. If you are NATing at a firewall I would suggest ending the VPN at the firewall. With most modern firewalls you can establish an IPSec VPN when you connect.
    15 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following