Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows VPN

Posted on 2004-04-13
2
Medium Priority
?
365 Views
Last Modified: 2013-11-16
Hello, I want to know what the best practices are for setting up a VPN.

I will be using CheckPoint NG Feature Pack 3 and Safaware Safe at Home Pro Devices.

If there was a checklist of things that are essential for adequate security/ best practices to be obtained, what would they be?  

Thanks
0
Comment
Question by:sublimation
2 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 2000 total points
ID: 10816191
The most secure VPN would use:

AES-256 encryption, SHA-1 hash, plus certificates at both ends for authentication.

In practice, many organisations do not have and do not want the extra burden of certificate servers, so the best you could get that is workable would be AES-256, SHA-1 and pre-shared secrets that are KEPT SECRET FOREVER (not written down!).

Also, ensure phase 1 and phase 2 timeouts are set to 14400 seconds (4 hours) throughout.  This means that keys can only be cracked by only supercomputers / arrays within this 4 hour timeout before data is sniffed.  Attackers would have to crack the keys every time they timed out henceforth.

I usually go by what the CESG have to say - www.cesg.co.uk.

Does this help ?

Also make sure ONLY RELEVANT services can pass through the tunnel - eg HTTP, HTTPS.  A lot of people just setup VPNs to encrypt everything between the two networks, but this is not necessary and opens up the risk of 'back infection' by the remote network should it become infected by a virus.
0
 
LVL 4

Author Comment

by:sublimation
ID: 10821808
Thanks
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question