Hi,
I work in an organization where all our network resources reside in an Intranet secured from Internet. I have setup my MKT router with 2 Eth card and configured to connect with Internet (Eth1) and Intranet (Eth2). I have also created a PPTP Server to provide Intranet access from Remote client with minimum security. What else can I configure for my VPN server (MikroTik) to make it more secured connection from client?
How will I make more secure remote log in to my VPN Router (MikroTik)? Dont want hackers to take chances.
Turn on pptp encryption, and don’t supply an IP address to the client (that way the remote client needs to already have the connection IP address setup, reduces the change that a virus etc could just steal the username and password)
You could of course also use a port knock to open up TCP 1723 for the period of the VPN session but I suspect this may be rather cumbersome for the average road warrior.
Never tried this though, just an idea.
Another thing to consider are the actual VPN credentials. Don’t use login names that are dictionary friendly.
So username: john and password: mikrotik will get hacked pretty easily.
I’d say a password with a combination of upper & lower case, numbers and a couple of extended ASCII characters to the length of 13 is borderline between being weak and being impossible to remember. Then make the username something like John_4598 (4598 being his employee code for example).
Anything really to make a potential hacker work harder for his money.
I’m no security expert, just my thoughts based on experience.