?
Solved

Windows VPN

Posted on 2004-04-13
2
Medium Priority
?
362 Views
Last Modified: 2013-11-16
Hello, I want to know what the best practices are for setting up a VPN.

I will be using CheckPoint NG Feature Pack 3 and Safaware Safe at Home Pro Devices.

If there was a checklist of things that are essential for adequate security/ best practices to be obtained, what would they be?  

Thanks
0
Comment
Question by:sublimation
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Tim Holman earned 2000 total points
ID: 10816191
The most secure VPN would use:

AES-256 encryption, SHA-1 hash, plus certificates at both ends for authentication.

In practice, many organisations do not have and do not want the extra burden of certificate servers, so the best you could get that is workable would be AES-256, SHA-1 and pre-shared secrets that are KEPT SECRET FOREVER (not written down!).

Also, ensure phase 1 and phase 2 timeouts are set to 14400 seconds (4 hours) throughout.  This means that keys can only be cracked by only supercomputers / arrays within this 4 hour timeout before data is sniffed.  Attackers would have to crack the keys every time they timed out henceforth.

I usually go by what the CESG have to say - www.cesg.co.uk.

Does this help ?

Also make sure ONLY RELEVANT services can pass through the tunnel - eg HTTP, HTTPS.  A lot of people just setup VPNs to encrypt everything between the two networks, but this is not necessary and opens up the risk of 'back infection' by the remote network should it become infected by a virus.
0
 
LVL 4

Author Comment

by:sublimation
ID: 10821808
Thanks
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question