Re: IPSEC Certificate


"Hutch" <Hutch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F57F163F-95A1-47BF-BEB3-497C86FA32BC@xxxxxxxxxxxxxxxx
Ok..I have a RRAS server running internally, and have used the pre-shared
key
before...but would rather go the Cert route.

Sure, that's fine.

With PPTP isn't the username\password sent clear text??

No. That is Basic Authentication and FTP

Just the MS Dialup component by itself uses by default CHAP, MS-CHAP, or
MS-CHAP v2. I think it just depends on what the device "answering" the call
is capable of. So it is a Challenge/Response method,...meaning the password
is never sent over the connection,..let alone in clear text. It is also
capable of PAP [unencrypted] or SPAP, but those are not the defaults.
Look in the properties of your Dialup Connection on the Client,..on the
Security Tab, the default is "Require secured password" and "Require data
encryption" regaurdless of the Protocol. If you go into the Advanced
Settings you will see what I described above.

PPTP and L2TP both are encapsulated with encrypted packets. That is why even
with PPTP you have to "break" the packets to see what is protected inside
the encapsulated packets.

L2TP uses an additional layer of encryption on top of that, but I'll admit
that I don't know nor can I explain the exact details of it.

We need to have the
connection fully encrypted from login to logoff....so I thought L2TP was
the
better way to go.

L2TP has deeper security,...but that does not mean the PPTP is "insecure".
That was really all I am trying to say. Do not confuse PPTP with the clear
text authentication of Basic Auth and FTP.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------


.

Relevant Pages

  • Re: firewalls that can ssl ftp?
    ... Secure Transfers ... Bruce Schneier's Blowfish encryption for data transfers. ... Secure SSL based Web Administration Portal ... Works with other FTP Clients/Servers ...
    (Security-Basics)
  • RE: Encryption for FTP/MAil/Web
    ... Subject: Encryption for FTP/MAil/Web ... Tunneling ftp through ssh ... ssl-ftp can encrypt the control & data channel; ... As for ssl-ftp servers, I only found one RFC compliant one for Windows; ...
    (Security-Basics)
  • Re: How to secure FTP?
    ... >> So I am also hearing in this thread that secure FTP isn't really ... It's meant more for encryption than anything else? ... > and password are required by the server in order to log on, ... > other mechanisms (such as SSL) that are supported by a number of third ...
    (microsoft.public.inetserver.iis.ftp)
  • RE: Encryption for FTP/MAil/Web
    ... Subject: Encryption for FTP/MAil/Web ... SSH only encrypts the authentication process, ... Im not quite sure on what SSL FTP daemons are out there, ...
    (Security-Basics)
  • Re: Secure FTP hosting
    ... A number of FTP hosting ... > SSL encryption which only protects files IN TRANSIT; ... using an encrypted FTP client is the way to go; ... > upload folder to a different folder or delete the files from the local PC ...
    (sci.med.transcription)