Click here to get back home

Security of a Windows 2003 VPN Question
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Security of a Windows 2003 VPN Question NOSPAMsmorzando 04-26-2006
Get Chitika Premium
Posted by NOSPAMsmorzando on April 26, 2006, 5:55 pm
Please log in for more thread options
 How secure is Windows 2003 VPN? I understand the data transmission
encryption, but I'm curious about the security of the network. When one
installs the VPN on an standalone 03 server one has to shut off the Windows
firewall service.

Due to minimal resources , I would like to not have to install a hardware
firewall and have the Win2k3 server, running only the VPN, hook directly
into my domain controller, which runs AD, etc. (Due to our network, the DC
has a firewall on it.)

Is this safe at all? Is the Win2k3 VPN box vulnerable? Could I run a
software firewall on Win2k3 VPN box to take the place of Windows firewall,
which apparently can't run?

What would the ISA server do for me, if I could afford it.

Thanks!

Posted by bagins on April 27, 2006, 4:57 am
Please log in for more thread options
 There is an option in VPN wizard to start static packet filters on VPN
enabled interface. They allow only selected VPN traffic to pass thru VPN
enabled interface.
If you don't find it good enough, you can always create IPSec policies.
Patching and hardening before connecting to the public network is a must.


--

************************
Best regards
Dejan
************************


"NOSPAMsmorzandoAT@hotmail.com"
> How secure is Windows 2003 VPN? I understand the data transmission
> encryption, but I'm curious about the security of the network. When one
> installs the VPN on an standalone 03 server one has to shut off the
> Windows
> firewall service.
>
> Due to minimal resources , I would like to not have to install a hardware
> firewall and have the Win2k3 server, running only the VPN, hook directly
> into my domain controller, which runs AD, etc. (Due to our network, the DC
> has a firewall on it.)
>
> Is this safe at all? Is the Win2k3 VPN box vulnerable? Could I run a
> software firewall on Win2k3 VPN box to take the place of Windows
> firewall,
> which apparently can't run?
>
> What would the ISA server do for me, if I could afford it.
>
> Thanks!



Posted by NOSPAMsmorzando on April 27, 2006, 9:57 am
Please log in for more thread options

Ok, what about the integrity of the box, since there's no firewall on it?
I've installed and run the Security Configuration Wizard to harden the server.

And are you suggesting the IPSec happens over the VPN or between the VPN
server and the Domain Controller?

Thanks in advance.


"bagins" wrote:

> There is an option in VPN wizard to start static packet filters on VPN
> enabled interface. They allow only selected VPN traffic to pass thru VPN
> enabled interface.
> If you don't find it good enough, you can always create IPSec policies.
> Patching and hardening before connecting to the public network is a must.
>
>
> --
>
> ************************
> Best regards
> Dejan
> ************************
>
>
> "NOSPAMsmorzandoAT@hotmail.com"
> > How secure is Windows 2003 VPN? I understand the data transmission
> > encryption, but I'm curious about the security of the network. When one
> > installs the VPN on an standalone 03 server one has to shut off the
> > Windows
> > firewall service.
> >
> > Due to minimal resources , I would like to not have to install a hardware
> > firewall and have the Win2k3 server, running only the VPN, hook directly
> > into my domain controller, which runs AD, etc. (Due to our network, the DC
> > has a firewall on it.)
> >
> > Is this safe at all? Is the Win2k3 VPN box vulnerable? Could I run a
> > software firewall on Win2k3 VPN box to take the place of Windows
> > firewall,
> > which apparently can't run?
> >
> > What would the ISA server do for me, if I could afford it.
> >
> > Thanks!
>
>
>

Posted by bagins on April 28, 2006, 3:17 am
Please log in for more thread options
No, I was thinking of using IPSec to block access to the box. Create IPSec
policy to block all inbound traffic except the one you want to recieve. SCW
is a great tool, also.
Of course, you can use IPSec in combination with L2TP and certificates to
achieve very secure VPN.
Do you really need IPSec between VPN server and DC? I can't tell. If they
are in hostile environment, you should definitely use it.
IMHO, if you keep your box up to date, use SCW and best practices in
hardening your box, create IPSec policy to protect your server, you are
safer than you could ever be if using some software firewall. ( except ISA,
of course ;) )


--

************************
Best regards
Bagins
************************


"NOSPAMsmorzandoAT@hotmail.com"
>
> Ok, what about the integrity of the box, since there's no firewall on it?
> I've installed and run the Security Configuration Wizard to harden the
> server.
>
> And are you suggesting the IPSec happens over the VPN or between the VPN
> server and the Domain Controller?
>
> Thanks in advance.
>
>
> "bagins" wrote:
>
>> There is an option in VPN wizard to start static packet filters on VPN
>> enabled interface. They allow only selected VPN traffic to pass thru VPN
>> enabled interface.
>> If you don't find it good enough, you can always create IPSec policies.
>> Patching and hardening before connecting to the public network is a must.
>>
>>
>> --
>>
>> ************************
>> Best regards
>> Dejan
>> ************************
>>
>>
>> "NOSPAMsmorzandoAT@hotmail.com"
>> > How secure is Windows 2003 VPN? I understand the data transmission
>> > encryption, but I'm curious about the security of the network. When one
>> > installs the VPN on an standalone 03 server one has to shut off the
>> > Windows
>> > firewall service.
>> >
>> > Due to minimal resources , I would like to not have to install a
>> > hardware
>> > firewall and have the Win2k3 server, running only the VPN, hook
>> > directly
>> > into my domain controller, which runs AD, etc. (Due to our network, the
>> > DC
>> > has a firewall on it.)
>> >
>> > Is this safe at all? Is the Win2k3 VPN box vulnerable? Could I run a
>> > software firewall on Win2k3 VPN box to take the place of Windows
>> > firewall,
>> > which apparently can't run?
>> >
>> > What would the ISA server do for me, if I could afford it.
>> >
>> > Thanks!
>>
>>
>>



Similar ThreadsPosted
Windows 2003 SP1 Question. May 31, 2005, 9:44 am
Simple question regarding Windows 2003 Firewall April 1, 2007, 11:35 pm
Windows Security Question September 19, 2008, 1:36 am
Windows 2003 Standard Edition & Microsoft.XMLHTTP Question September 30, 2006, 10:25 pm
Role-based security from Windows Server 2003 Security Guide gives problems November 6, 2006, 8:00 am
Windows 2003 Domain Security July 14, 2005, 11:06 am
Windows 2003 server and VPN: Security(?) December 16, 2005, 4:20 pm
Windows 2003 security issue January 25, 2006, 3:50 am
Security on a stand-alone windows 2003 Server August 8, 2005, 11:42 am
Security log file size (Windows 2003) November 25, 2005, 4:53 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap