sheepfarmer
asked on
Is Microsoft VPN secure?
When connecting a windows portable to the company server using the built in PPTP VPN network connection type, is the connection encrypted, including user and password transmission.
Aside from weak passwords and portable users 'saving' the password as part of the connection, are there any known holes that could cause a security breach.
The host end of the VPN is SBS2003.
Thanks
SF
Aside from weak passwords and portable users 'saving' the password as part of the connection, are there any known holes that could cause a security breach.
The host end of the VPN is SBS2003.
Thanks
SF
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>>Your company should have a security officer that can make specific recommendations.
That'll be me then :)
Seriously, I was just concerned that perhaps the initial user/password was in clear text or something silly, which would have meant a public cafe or some such could potentially have grabbed the credentials. I just get nervous when a port like 1723 is open to the world.
I normally use a solution like OpenVPN where you have to have a token of some sort of the workstation, rather then playing the user/password guessing game on an open port. I suppose I should look at IPSec but don't know if I will have to purchase a certificate from a CA.
SF
That'll be me then :)
Seriously, I was just concerned that perhaps the initial user/password was in clear text or something silly, which would have meant a public cafe or some such could potentially have grabbed the credentials. I just get nervous when a port like 1723 is open to the world.
I normally use a solution like OpenVPN where you have to have a token of some sort of the workstation, rather then playing the user/password guessing game on an open port. I suppose I should look at IPSec but don't know if I will have to purchase a certificate from a CA.
SF
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all your comments - useful info.
>network connection type, is the connection encrypted, including user and password transmission
AFAIK, most of the settings are adjustable - I agree with jhance - talk to your VPN provider (who might be called your IT "security officer") - they will (or at least should) know the answer to your questions...
Cheers,
-Jon