> -----Original Message-----
> From: Robinson, Eric [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 2 June 2000 1:20 AM
> To: 'Ben Nagy'; '[EMAIL PROTECTED]'
> Subject: RE: Where Should the VPN Server Go?
>
>
> By "fairly bad from a crypto point of view," I presume you
> refer to Schneier
> and Mudge's analysis of MSCHAPv2.
Well....if we're nitpicking, the paper covered the whole protocol (PPTPv2 -
which includes MPPE (the encryption bit of the protocol)
>If I recall correctly, their report
> concludes that Microsoft fixed the problems with the original
> version, but
> that the protocol remains fundamentally insecure because it
> relies on the
> strength of the password chosen by the user. They note that
> they "...cannot
> recommend MSCHAP2 as a secure solution at this time" (a
> paraphrase) because
> distributed brute-force attacks against passwords are becoming more
> feasible.
I don't think it's clear that a distributed attack is required. It _does_
say that the NT hash can be brute forced in at most 2^57(T). This is _not_
the fastest way to attack the hash. I simply do not believe that your
passwords are this strong - do you ask users to enter nonprintable
characters etc? Run l0phtcrack over them with the full printable ASCII
search and see how long it takes to crack them - on one PC. Now bear in mind
that this is _before_ we generate the MPPE keys, right? Once the keys are
generated then you have the entropy problem - Schneier doesn't even try to
estimate how much smaller the "real" RC4 keyspace is that the claimed
128-bits but note how much weaker the 40-bit keys turn out to be.
>
> From our small-business perspective, I don't see this as a
> problem. First,
> we choose the passwords; our users do not. Second, we know
> our friends and
> our enemies and we feel confident that nobody wants to break into our
> network so bad that they will mount a distributed attack
> against it.
OK - you've made a risk assessment. You do something like: work out what the
chances of attack are, work out how much a successful attack would cost and
then spend up to ((risk - comfort factor) ** cost) in plugging the hole. If
you're happy with this result then off you go. It sounds like you're
thinking about it in the right terms - all we can do (on the firewalls list)
is try to make people think about the right things and make sure they have
the right information - we don't (well...shouldn't) make business
recommendations.
>In short, I
> feel safe will MSCHAPv2 after reading the Schneier/Mudge
> report. With that
> assumption in place, do you still feel the internal network
> is the best
> place for the VPN server?
>
> --Eric
Yup. The only other (IMO) option is to have the employee VPN box in a little
DMZ all it's own and I question whether that approach is a value proposition
from a security point of view. In absolute terms it will be (slightly) more
secure though.
Cheers,
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
