You want your RASers to be secure? Give them 128-bit encryption.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
If you have the 128-bit version of Service Pack 3 or higher, your RAS server can be configured to use it:
- Control Panel / Network / Services / Remote Access Service / Properties.
- Click Network and Require Microsoft encrypted authentication.
- Click Require data encryption, OK, Continue, and Close.
- When prompted to restart, click No.
- Edit HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices RasManPPPCOMPCP and Add Value name ForceStrongEncryption as a type REG_DWORD and set it to 1.
- Shutdown and restart.
If a RAS client supports 128-bit encrytion, the event log will contain:
Event ID: 20107
Description: The user RAS connected to port COM1 using strong encryption.
If the RAS client does not support 128-bit RAS encryption, you will see the following event:
Event ID: 20077
Description: An error occurred in the Point to Point Protocol module on port COM1. The remote computer does not support the required encryption type. The client will receive a message 629, indicating the that they have been disconnected.