Securing VPN connections for WiFi hotspots / insecure remo..

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi all

I'm looking at implementing ISA 2004/W2003 RRAS to allow remote access to
the company LAN via L2TP/IPSec. The laptops are wireless enabled and running
several services including Remote Desktop without any 3rd Party firewalls.
This exposes them to a security risk where an intruder could gain control of
the laptop and then access the company LAN. Even with the "use default
gateway on remote network" option enabled it leaves the laptops open to
"unfriendly" access points and other users on the local subnet if used from
wireless hotspots.
e.g.,
if the laptop IP is 192.168.0.2/24, anyone on the same hotspot with an IP
on that subnet could potentially RDP into this laptop and is only a
username/password away from gaining access.

Is there any way to secure the XP laptop using the built-in capabilities of
Windows XP, ISA 2004 and 2003 RRAS?

We have considered using the XP firewall, however there does not appear to
be any Group Policy setting that allows central control of what is or isn't
allowed through it.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Have you seen this KB article concerning the Windows XP SP2 Firewall? See the "Configuring Windows
Firewall Group Policy" and "Using command-line support" sections...

http://support.microsoft.com/kb/875357

I can't speak to the ISA/RRAS issues. Hopefully someone else will jump in and help with that...

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Ateeq Altaf" <Ateeq Altaf@discussions.microsoft.com> wrote in message
news:B63EA0BE-811C-4491-BC66-BB14EF340168@microsoft.com...
> Hi all
>
> I'm looking at implementing ISA 2004/W2003 RRAS to allow remote access to
> the company LAN via L2TP/IPSec. The laptops are wireless enabled and running
> several services including Remote Desktop without any 3rd Party firewalls.
> This exposes them to a security risk where an intruder could gain control of
> the laptop and then access the company LAN. Even with the "use default
> gateway on remote network" option enabled it leaves the laptops open to
> "unfriendly" access points and other users on the local subnet if used from
> wireless hotspots.
> e.g.,
> if the laptop IP is 192.168.0.2/24, anyone on the same hotspot with an IP
> on that subnet could potentially RDP into this laptop and is only a
> username/password away from gaining access.
>
> Is there any way to secure the XP laptop using the built-in capabilities of
> Windows XP, ISA 2004 and 2003 RRAS?
>
> We have considered using the XP firewall, however there does not appear to
> be any Group Policy setting that allows central control of what is or isn't
> allowed through it.