Pre-deployment education and decision making
IPsec VPNs extend your network's security perimeter by connecting individual hosts or entire networks. Preventing unauthorized access starts with verifying the identity of those VPN tunnel endpoints. Using the wrong authentication method can lead to interoperability issues or corporate network compromise. This tip explores the IPsec VPN identity and authentication options supported by the Internet Key Exchange (IKE) standard, as well as common vendor extensions like Extended Authentication (XAUTH). Readers will learn valid parameter combinations and their security and deployment implications.
OpenVPN: An open source alternative to Windows VPNs (TIP)
Justin Korelc and Ed Tittel
Depending on your network needs, you may want to deploy an IPSec VPN to provide secure remote access to your workforce. Cost-conscious Windows shops will often stick with Windows offerings, but this article from Justin Korelc and Ed Tittel describes an open source VPN alternative called OpenVPN that is both scalable and simple.
Testing the security of your VPN deployment
Pen testing your VPN (TIP)
Your VPN is a vital gateway into your network for your company's road warriors, telecommuters and other remote users. Unfortunately, it's also a gateway for the less-than-scrupulous predators prowling the Internet for access to your network. This tip looks at why it's important to add your VPN to your pen testing process, and reviews tools and tactics for testing both IPSec and SSL VPNs.
Troubleshooting and maintaining your VPN
When to use Remote Desktop over VPN (TIP)
When providing remote users protected access on a server, determine if they need it for connectivity or management purposes -- then you will know when to use Remote Desktop or VPN.
VPN connection issues post Windows XP SP2 upgrade (EXPERT RESPONSE)
We recently upgraded our clients' PCs to Windows XP SP2, but since then they cannot establish PPTP-VPN connections to their routers. How can we solve this problem?
Accessing the VPN after lock down (ASK THE EXPERT)
If you do lock down the proxy settings on users' laptops via registry security or policy, what is the best way to allow them to use hotel Internet access via the VPN. If the laptop user's proxy is locked, how could the user authenticate to the hotel system and activate their room for Internet service to use it to connect to a corporate VPN?
XP SP2 affecting desktop access through a VPN (ASK THE EXPERT)
When I try to access my desktop at my office through my VPN, if XP SP2 is on, it doesn't goes through. I open Security Center, turn it off and it goes through. What should I do to be able to connect while my XP firewall is on?
This was first published in November 2006