Sure, as long as no one runs a password cracker against your passwd file,
nor steals the equipment that has the 'copy&paste' password stored on it
<laptops we talk here, in the case of home machines yer problem is the
kids getting into the system via the parents home/work machine.
Passwords are something we tend to get stuck with dealing with. In a
network where there's alot of activity <i.e. many users> and or turnover,
passwords are always the weak link, either they are generated weakly and
poorly, or they are so complex we force the users to expose them in a
potentially abuseable. The best way to combat the password problem is
OTP. This way a password does not entrophy to a point whence it has been
cracked or figured out, or found by someone not ment to have it.
Setup an OTP scheme and then your main concern is the encryption scheme of
the PPTP process...
Thanks,
Ron DuFresne
On Tue, 28 Dec 1999, Brian Steele wrote:
> Quoting myself...
>
> > > My point is, I am not interested in a security solution based on another
> OS,
> > > if there is an equivalent one available for NT, the OS upon which my LAN
> is
> > > standardized
>
> However, if there ISN'T an equivalent one available for NT (which isn't the
> case here), then it basically boils down to choosing to either implement a
> system with known security issues that you may or may not be comfortable
> with, or one that may provide a solution but also introduce unknown (to you)
> issues to your network. Which one is worse?
>
> Ok, ok, ok - suppose I want to stick with PPTP to provide remote access to
> my LAN. In the case of PPTP, the "weak point" of the latest version is
> claimed to be the dependence of the encryption on the user's password. Now,
> say for implementation of PPTP as a point of access to my LAN for a few
> "privileged" users, I create special accounts for them to use for this
> access, accounts with randomly-generated nn-character passwords that can't
> be changed by the users? On a Win95/98 client, the password only needs to
> be entered once, after which it's saved by the system in the password
> list(of course, this might be another security issue, but that's a whole
> other story!). To simplify things even further, the user could be provided
> with the password via a method that allows him to copy it and paste into the
> login dialog box (e-mail, secure web site?). This could be a simple answer
> to this particular known weak point, and at the same time I've avoided the
> problems of introducing an unknown system on my LAN or onto the PCs trying
> to access it remotely.
>
>
> Brian Steele
>
> ----- Original Message -----
> From: Ron DuFresne <[EMAIL PROTECTED]>
> To: Brian Steele <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Tuesday, 28 December, 1999 6:18 PM
> Subject: Re: MS PPTP (Safe?) - alternative?
>
>
> >
> > Brian,
> >
> > are you then saying you will implement a faulty setup <pptp> or just not
> > implement at all if it requires you to actually do additional work?
> >
> > Thanks,
> >
> > Ron DuFresne
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
