|
Resource links for Security Now! Episode #17:
|
Configuring Windows built-in PPTP VPN Client and Server: All versions of Windows dating from Windows 95, have supported PPTP (point to point tunneling protocol) somewhat secure (encryption but weak authentication) VPN operation to interconnect Windows machines. The "New Connection Wizard" in Windows XP has made setting up inter-machine VPN connections quite simple. Bob Cerelli's often-cited pages provide simple step-by-step directions for configuring each end of the connection: Configuring the Windows XP VPN Server Configuring the Windows XP VPN Client If you plan to connect to a machine behind a NAT router from outside, you will need to setup static port forwarding for TCP protocol traffic arriving at the router's port 1723 and also for the GRE protocol 47. Both types of traffic will need to be forwarded to the server's IP behind your NAT router. If your router supports any sort of VPN or PPTP pass-through you'll also want to make sure that's enabled. And don't forget to use the same "Workgroup Name" at both ends. Finally, remember that Windows PPTP VPN connections only offer weak security and privacy protection. Since it does not provide strong authentication, it can be fooled into lowering its connection strength, and is subject to MITM (man in the middle) attacks.
Microsoft's guide to their L2TP/IPSec VPN Client (Word doc file) This is the defensive "Microsoft's Head in the Sand" VPN FAQ page where they endlessly attempt to justify their brain-dead stance of deliberately not allowing their VPN clients to interoperate with other third-party equipment such as super-popular VPN endpoint routers. As a result VPN router users are forced to purchase ($39) and add third-party VPN client software to a Windows system which, essentially, already has it. A good Microsoft launching point page for many other MIcrosoft pages discussing and explaing VPN configuration and opertion.
Microsoft's Step-by-Step Guide to IPSec
Toms Networking "Small Net Builder" VPN FAQ
Public VPN Service The service's weaknesses are that since it uses standard VPN protocols, they are subject to being filtered and blocked by the user's local connectivity provider (WiFi hotspot, hotel, or ISP). Also, since PPTP uses weak authentication and PublicVPN's L2TP/IPSec uses a system-wide common pre-shared key known to everyone, there is little protection from determined man-in-the-middle (MITM) attacks. Still, as a "much better than nothing" affordable solution, PublicVPN is definitely worth a look.
HotSpot VPN Service
|
Gibson Research Corporation is owned and operated by Steve Gibson. The contents of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP, NanoProbe, and any other indicated trademarks are registered trademarks of Gibson Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy. |
Last Edit: May 04, 2013 at 17:12 (4,235.23 days ago) | Viewed 1 times per day |