Re: [PEN-TEST] RAS PT

[Frank Knobbe <FKnobbe () KNOBBEITS COM>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When you test RAS, or if you want to verify and audit your RAS
security, make sure you turn on logging on several RAS instances.
Walk through the Registry keys for RAS and you find several 'Logging'
parameters (by default set to 0, disabled). Out of the top of my head
I only remember RASMan/Parameters and RASMan/PPP, but there are other
keys that allow you to turn on logging as well (for more info, check
the file REGENTRY.HLP that comes with the Resource Kit).

These log files (especially the PPP logs) list every successful and
unsuccessful PPP authentication attempts (amongst general PPP stuff,
like session setup). By default these logs are written to
%systemroot%\system32\ras, but I seem to remember an entry to change
the directory.

You'll be surprised how much logging info you can get out of NT's
RAS...

Regards,
Frank

> -----Original Message-----
> From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
> Sent: Wednesday, October 04, 2000 1:14 PM
>
> I unfortunately have very little experience in doing any sort
> of PT on a RAS
> box... let's assume it's an NT box.  Other than enforcing
> strong passwords
> or maybe strong authentication via certificates or
> SecurID-type cards, what
> else can I do to A) protect it, and B) run some sort of PT against
> it?
>
> Gerald.
>
> *Note: Views expressed in this e-mail are not necessarily those of
> my employer. **Note:  Views expressed in this e-mail are not
> necessarily  mine either.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOd4RX0RKym0LjhFcEQL2nQCdGY64xZcgXagTrfzjhL58L+qCJuoAnRCJ
jCz6yuAJ4xCS4eqtgEqQCEDu
=jsF/
-----END PGP SIGNATURE-----