[ILUG] VPN Networks

[Ronan Waide]

On December 12, bryan.hunt at ossidian.com said:
> 
> Thing is thought that using MPPE will make your connection secured is 
> the security problem that they refer to at the end the crap security in the 
> windows sam files ?

Not really, other than that it shares the authentication method of the
various windows security hives. It's a brute-force attack on the
password, having retrieved the password hash off the wire. It's
similar in technique to brute-forcing /etc/password.

> But if the clients are windows thats something that you will be used to
> though ?

I'm not really sure what this comment is meant to imply - that you
should disregard security if you're used to insecurity?
 
> Is the advantage then with ipsec that the keys are encrypted using industry 
> standard symetric encryption with a passphrase ? 

Yes and no. FreeSWAN, an IPSEC implementation, forces security on you
to a certain extent because they've basically refused to implement the
a few of the less secure options. IPSEC on a Cisco router can be set
to use e.g. single instead of triple DES. And if you use Shared Secret
keying, you're opening yourself up in a differnet way. The main
difference between PPTP and IPSEC from an attacker's point of view is
- as I understand it, note - that it's a lot harder to get at the
equivalent of a password hash in an IPSEC session.
 
> --B

Cheers,
Waider.
-- 
waider at waider.ie / Yes, it /is/ very personal of me.
"One or more sentences in this post have been over-leavened with
 sarcasm and/or irony. The author fully expects to be misunderstood
 because of this, you illiterate morons. He doesn't care." - AjD