PDA

View Full Version : dialup networking security/encryption feature

edongskiu
I would like to know how secured is the built-in software
used in windows 2000 dialup networking. We setup a cisco
2611 and tried using the windows 2000 built-in dialup and
we are successful, however, we are wondering if the
software is secured enough when we send passwords across
the telephone line going thru the cisco 2611 not be read
by outsiders or hackers.
Miha Pihler
Hi,

In first place secure authentication relies on protocol used for
authentication. E.g. you can use PAP (password authentication protocol) that
is not secure and send username and password in clear text or you can e.g.
use MS-CHAP v.2 that uses secure authentication protocol (Microsoft
Challenge Handshake Authentication Protocol version 2) that uses Message
Digest 4 (MD4) and Data Encryption Standard (DES) algorithms to encrypt
responses. Of course these are not the only two protocols that you can use.

Mike

"edongskiu" wrote in message
news:14d401c4a156$00765170$a401280a@phx.gbl...
> I would like to know how secured is the built-in software
> used in windows 2000 dialup networking. We setup a cisco
> 2611 and tried using the windows 2000 built-in dialup and
> we are successful, however, we are wondering if the
> software is secured enough when we send passwords across
> the telephone line going thru the cisco 2611 not be read
> by outsiders or hackers.


Miha Pihler
You should use the strongest authentication supported by your clients and
server or other equipment.

Note, that this will only protect your username and password. Any other data
unless transferred over secure channel will be transferred in clear text.

Mike

"edongskiu" wrote in message
news:312c01c4a3f7$c4033290$a401280a@phx.gbl...
> so it all relies to the protocol to be used (as long as i
> don't use PAP in any athentication then I am a bit
> protected). Can others snoop info via telephone lines or
> only if i am connected to the internet?
>
> thanks!
> >-----Original Message-----
> >Hi,
> >
> >In first place secure authentication relies on protocol
> used for
> >authentication. E.g. you can use PAP (password
> authentication protocol) that
> >is not secure and send username and password in clear
> text or you can e.g.
> >use MS-CHAP v.2 that uses secure authentication protocol
> (Microsoft
> >Challenge Handshake Authentication Protocol version 2)
> that uses Message
> >Digest 4 (MD4) and Data Encryption Standard (DES)
> algorithms to encrypt
> >responses. Of course these are not the only two
> protocols that you can use.
> >
> >Mike
> >
> >"edongskiu" wrote
> in message
> >news:14d401c4a156$00765170$a401280a@phx.gbl...
> >> I would like to know how secured is the built-in
> software
> >> used in windows 2000 dialup networking. We setup a
> cisco
> >> 2611 and tried using the windows 2000 built-in dialup
> and
> >> we are successful, however, we are wondering if the
> >> software is secured enough when we send passwords
> across
> >> the telephone line going thru the cisco 2611 not be
> read
> >> by outsiders or hackers.
> >
> >
> >.
> >