Quoting myself...
> > My point is, I am not interested in a security solution based on another
OS,
> > if there is an equivalent one available for NT, the OS upon which my LAN
is
> > standardized
However, if there ISN'T an equivalent one available for NT (which isn't the
case here), then it basically boils down to choosing to either implement a
system with known security issues that you may or may not be comfortable
with, or one that may provide a solution but also introduce unknown (to you)
issues to your network. Which one is worse?
Ok, ok, ok - suppose I want to stick with PPTP to provide remote access to
my LAN. In the case of PPTP, the "weak point" of the latest version is
claimed to be the dependence of the encryption on the user's password. Now,
say for implementation of PPTP as a point of access to my LAN for a few
"privileged" users, I create special accounts for them to use for this
access, accounts with randomly-generated nn-character passwords that can't
be changed by the users? On a Win95/98 client, the password only needs to
be entered once, after which it's saved by the system in the password
list(of course, this might be another security issue, but that's a whole
other story!). To simplify things even further, the user could be provided
with the password via a method that allows him to copy it and paste into the
login dialog box (e-mail, secure web site?). This could be a simple answer
to this particular known weak point, and at the same time I've avoided the
problems of introducing an unknown system on my LAN or onto the PCs trying
to access it remotely.
Brian Steele
----- Original Message -----
From: Ron DuFresne <[EMAIL PROTECTED]>
To: Brian Steele <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, 28 December, 1999 6:18 PM
Subject: Re: MS PPTP (Safe?) - alternative?
>
> Brian,
>
> are you then saying you will implement a faulty setup <pptp> or just not
> implement at all if it requires you to actually do additional work?
>
> Thanks,
>
> Ron DuFresne
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
