Solved

Windows VPN

Posted on 2004-04-13
2
359 Views
Last Modified: 2013-11-16
Hello, I want to know what the best practices are for setting up a VPN.

I will be using CheckPoint NG Feature Pack 3 and Safaware Safe at Home Pro Devices.

If there was a checklist of things that are essential for adequate security/ best practices to be obtained, what would they be?  

Thanks
0
Comment
Question by:sublimation
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 500 total points
ID: 10816191
The most secure VPN would use:

AES-256 encryption, SHA-1 hash, plus certificates at both ends for authentication.

In practice, many organisations do not have and do not want the extra burden of certificate servers, so the best you could get that is workable would be AES-256, SHA-1 and pre-shared secrets that are KEPT SECRET FOREVER (not written down!).

Also, ensure phase 1 and phase 2 timeouts are set to 14400 seconds (4 hours) throughout.  This means that keys can only be cracked by only supercomputers / arrays within this 4 hour timeout before data is sniffed.  Attackers would have to crack the keys every time they timed out henceforth.

I usually go by what the CESG have to say - www.cesg.co.uk.

Does this help ?

Also make sure ONLY RELEVANT services can pass through the tunnel - eg HTTP, HTTPS.  A lot of people just setup VPNs to encrypt everything between the two networks, but this is not necessary and opens up the risk of 'back infection' by the remote network should it become infected by a virus.
0
 
LVL 4

Author Comment

by:sublimation
ID: 10821808
Thanks
0

Featured Post

Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Checkpoint books 3 100
Land attack dropped sonicwall 4 945
sftp access 4 57
Palo Alto Networks Global Protect 2 160
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question