Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Secure communication between WAN links

From: "William Sheehan" <william.sheehan () openinterface com>
Date: Thu, 6 Jul 2006 11:12:06 -0700
If you are indeed limited to just Windows Server 2003 machines and no
3rd-party software, then you will want to use RRAS (Routing and Remote
Access Service) that comes with Windows 2003.  Basically set up one Windows
2003 server on each network, configure RRAS on both, and set up a VPN tunnel
between the two.  Here are a couple links to get you started:

http://www.microsoft.com/technet/itsolutions/network/vpn/default.mspx

and, for your particular scenario:

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
networking/vpndpls2.mspx

You will have to decide between PPTP/MPPE and L2TP/IPSec as the
communication protocol(s).  Go with whichever one you understand more;  both
are secure (MPPE can do 40, 56, and 128-bit; IPSec can do DES 56-bit or 3DES
168-bit), although IPSec will probably take more initial time due to the
certificate setup required.  My personal recommendation is to go with IPSec
because the knowledge will prove very useful if (when?) you eventually
consider different solutions.

William Sheehan
Network Administrator
Open Interface North America

-----Original Message-----
From: Epidemic SomeGuy [mailto:epidemic.mail () gmail com] 
Sent: Sunday, July 02, 2006 6:39 PM
To: security-basics () securityfocus com
Subject: Secure communication between WAN links


Hi, I am working on an assignment planning and implementing a windows 2003
network. We have a small organisation with departments on different
locations. One of the assignments was to secure the communication between
two sites connected trough WAN links. The question is: What is the "best"
solution to use to secure the communication between these two sites? We can
only use Windows 2003 servers.. no 3rd party software, or hardware based
solutions.. The connection speed between the sites is 256 Kbps. I guess an
IPSEC tunnel or something like that is the right way to go, but i don't have
any experience doing this, and I want to be sure I'm implementing it the
right way. I have googled a while, but I cant find any articles describing
my choices,  and how to correctly install and implement it. (not enough to
make an intelligent decision anyway).

Sorry about my bad English and thanks for your help!

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and
practice to master. We can't teach you to hack. But we can teach you
what we've learned so far. Our courses are honest, real, technical
and practical. SensePost willl be at Black Hat Vegas in July. To see
what we're about, visit us at:

http://www.sensepost.com/training.html
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: