Enforce long/strong passwords in the user policy settings. As I recall, W2K VPN supports token authentication methods if you want to go that route. Make sure you log and audit connection attempts. The default policy for the VPN server is to only allow users that have dial-up permissions turned on in their user profile. Audit that list of users and trim accordingly. If you also have dial-up access, you may want to create a new VPN group and authenticate against that group seperately. ----- Original Message ----- From: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Wednesday, January 29, 2003 10:39 AM Subject: [isalist] ISA VPN Security http://www.ISAserver.org Hello, I just set up my ISA Server for inbound VPN calls, as per http://www.isaserver.org/tutorials/Configuring_ISA_Server_For_Inbound_VP N_Calls.html. Everything works but my concern is security. All anyone need do is guess an authentic domain username/password and they are "in". Not even the domain name is necessary. Is there a way to secure this authentication? Thanks. Mark ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Exchange Server Resource Site: http://www.msexchange.org/ Windows Security Resource Site: http://www.windowsecurity.com/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: rdzek@xxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')