RAS Server/PPTP Server (Incoming) Security (Windows Embedded CE 6.0)

1/6/2010

Remote Access Service (RAS) allows a remote client to connect to a network server over a wide area network link or a virtual private network.

The functionality has the following potential security risks:

• RAS server is designed to run over a public network, such as the Internet. If the security of the RAS server is compromised, it could expose the device or local network to the public network.
• RAS server is designed to function as a network server. If the security of the RAS server is compromised, it could expose a device or local network to multiple remote clients.

Best Practices

Use authentication

Use as strong an authentication mechanism as possible. RAS server supports the following authentication protocols: Password Authentication Protocol, Challenge Handshake Authentication Protocol (CHAP), Challenge Handshake Authentication Protocol (CHAP) MD5, Microsoft® Challenge-Handshake Authentication Protocol (MS-CHAP), Microsoft Challenge-Handshake Authentication Protocol version 2(MS-CHAPv2).

Use encryption

Point-to-Point Protocol encryption support is configurable between 128-bit and 40-bit encryption.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For RAS Server registry information, see RAS Server/PPTP Server (Incoming) Registry Settings.

See Also

Other Resources

RAS Server/PPTP Server (Incoming)
Enhancing the Security of a Device