RAS Server Security

Remote Access Service (RAS) allows a remote client to connect to a network server over a wide area network link or a virtual private network.

This feature has the following potential security risks:

• This feature is designed to run over a public network, such as the Internet. If the security of the feature is compromised, it could expose the device or local network to the public network.
• This feature is designed to function as a network server. If the security of the feature is compromised, it could expose a device or local network to multiple remote clients.

Best Practices

Use authentication

Use as strong an authentication mechanism as possible. RAS server supports the following authentication protocols: Password Authentication Protocol, Challenge Handshake Authentication Protocol (CHAP), Challenge Handshake Authentication Protocol (CHAP) MD5, Microsoft® Challenge-Handshake Authentication Protocol (MS-CHAP), Microsoft Challenge-Handshake Authentication Protocol version 2(MS-CHAPv2).

Use encryption

Point-to-Point Protocol encryption support is configurable between 128-bit and 40-bit encryption.

Default Registry Settings

You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For RAS Server registry information, see RAS Server Registry Settings.

 Last updated on Saturday, April 10, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.