Solved

Windows VPN

Posted on 2004-04-13
2
357 Views
Last Modified: 2013-11-16
Hello, I want to know what the best practices are for setting up a VPN.

I will be using CheckPoint NG Feature Pack 3 and Safaware Safe at Home Pro Devices.

If there was a checklist of things that are essential for adequate security/ best practices to be obtained, what would they be?  

Thanks
0
Comment
Question by:sublimation
2 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 10816191
The most secure VPN would use:

AES-256 encryption, SHA-1 hash, plus certificates at both ends for authentication.

In practice, many organisations do not have and do not want the extra burden of certificate servers, so the best you could get that is workable would be AES-256, SHA-1 and pre-shared secrets that are KEPT SECRET FOREVER (not written down!).

Also, ensure phase 1 and phase 2 timeouts are set to 14400 seconds (4 hours) throughout.  This means that keys can only be cracked by only supercomputers / arrays within this 4 hour timeout before data is sniffed.  Attackers would have to crack the keys every time they timed out henceforth.

I usually go by what the CESG have to say - www.cesg.co.uk.

Does this help ?

Also make sure ONLY RELEVANT services can pass through the tunnel - eg HTTP, HTTPS.  A lot of people just setup VPNs to encrypt everything between the two networks, but this is not necessary and opens up the risk of 'back infection' by the remote network should it become infected by a virus.
0
 
LVL 4

Author Comment

by:sublimation
ID: 10821808
Thanks
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question