Microsoft's RRAS Really a Secure Environment?

Posted on 2006-05-18
Last Modified: 2010-04-11
I'm considering two methods of providing VPN access access to my network.  One being a third-party VPN solution like Checkpoint VPN.  The other is to use Microsoft's RRAS solution.  Is Microsoft's RRAS/VPN Server solution really a secure one?   Thinking about putting a Microsoft O/S server in my DMZ and using standard Windows Client VPN/encryption gives me pause.  I do already have a firewall.

Any opinions out there?
Question by:jhunter9999
    LVL 11

    Accepted Solution

    If you are simply allowing the required ports through then its not as big of an issue. I would not recommend putting this directly exposed to the internet.

    However you did not mention which scheme you are planning to make use of?

    PPTP is generally considered to be cryptologically weak and possible to exploit.

    IPSec L2TP implementations are more secure than the above noted solution of PPTP so if you configure your RRAS implementation be sure to disable the PPTP Virtual Adapters to force all connections to be L2TP.

    LVL 13

    Expert Comment

    There is an additional level of prtoection to consider which is that if you use the standard Microsoft VPN approach, anyone with a Windows PC has the potential to connect to your network whereas if you use an IPSec solution, you;re typically dependent on that vendor's VPN client and a configuration file for the tunnel definition which is another factor the would be hacker has to take into account.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now