Re: ISA VPN Security
- From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 29 Jan 2003 11:17:15 -0800
Enforce long/strong passwords in the user policy settings.
As I recall, W2K VPN supports token authentication methods if you want to go
that route.
Make sure you log and audit connection attempts.
The default policy for the VPN server is to only allow users that have
dial-up permissions turned on in their user profile. Audit that list of
users and trim accordingly. If you also have dial-up access, you may want
to create a new VPN group and authenticate against that group seperately.
----- Original Message -----
From: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Wednesday, January 29, 2003 10:39 AM
Subject: [isalist] ISA VPN Security
http://www.ISAserver.org
Hello,
I just set up my ISA Server for inbound VPN calls, as per
http://www.isaserver.org/tutorials/Configuring_ISA_Server_For_Inbound_VP
N_Calls.html. Everything works but my concern is security. All anyone
need do is guess an authentic domain username/password and they are
"in". Not even the domain name is necessary. Is there a way to secure
this authentication? Thanks.
Mark
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
rdzek@xxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
