T hat's a whole lot of reading between the lines. *Note* Microsoft recommends that customers assess the impact of making configuration changes to their environment. Implementing PEAP-MS-CHAP v2 Authentication for Microsoft VPNs may require less change to configuration and have a lesser impact to systems than implementing a more secure VPN tunnel, such as using L2TP, IKEv2, or SSTP VPN tunnels in conjunction with MS-CHAP v2 or EAP-MS-CHAP v2 for authentication.
They give you an option of adding more security to that specific configuration, or changing the configuration outright. In any event, for the OP, I would recommend isolating the machine that is doing the connecting rather than isolating how the connection is made, as the former will provide better risk mitigation. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Wed, Jul 17, 2013 at 1:17 PM, Kennedy, Jim <kennedy...@elyriaschools.org>wrote: > http://technet.microsoft.com/en-us/security/advisory/2743314**** > > ** ** > > Got to kind of read between the lines…..the suggested solutions are using > something other than PPTP.**** > > ** ** > > ** ** > > *From:* listsad...@lists.myitforum.com [mailto: > listsad...@lists.myitforum.com] *On Behalf Of *Andrew S. Baker > *Sent:* Wednesday, July 17, 2013 12:59 PM > *To:* ntsysadm > *Subject:* Re: [NTSysADM] Exposure from VPN**** > > ** ** > > *>>**Pptp absolutely not. It is totally broken and insecure. MS has a KB > somewhere saying stop using it.***** > > ** ** > > There are many outside of Microsoft who feel that way (and possibly some > inside of it), but I have yet to see a KB article that says so.**** > > > **** > > **** > > **** > > *ASB > **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* > **Providing Virtual CIO Services (IT Operations & Information Security) > for the SMB market…***** > > ** ** > > ** ** > > On Wed, Jul 17, 2013 at 11:54 AM, Kennedy, Jim < > kennedy...@elyriaschools.org> wrote:**** > > Pptp absolutely not. It is totally broken and insecure. MS has a KB > somewhere saying stop using it.**** > > **** > > We use remote desktop via Microsoft’s Remote Desktop Gateway. Very easy to > setup and use and gives the user a desktop that is located in the remote > domain..so all the settings..mapped drives…all show up.**** > > **** > > http://technet.microsoft.com/en-us/library/cc731150.aspx**** > > **** > > **** > > *From:* listsad...@lists.myitforum.com [mailto: > listsad...@lists.myitforum.com] *On Behalf Of *J- P > *Sent:* Wednesday, July 17, 2013 11:43 AM > *To:* ntsysadm@lists.myitforum.com > *Subject:* [NTSysADM] Exposure from VPN**** > > **** > > Hi all, > > We have an employee who works part time for 2 organizations which are > located in the same building, now we are moving > and they want her to VPN in from our network to theirs, using traditional > MS pptp- I'm not entirely comfortable with that idea , can someone suggest > a more secure safer alternative > > Or maybe someway of securing this type of connection as to reduce exposure > of our LAN? > > > TIA > > > > > > > > > > > Jean-Paul Natola > **** > > ** ** >
