Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Remote Access Service (RAS) allows a remote client to connect to a network server over a wide area network link or a virtual private network.
The functionality has the following potential security risks:
- RAS server is designed to run over a public network, such as the Internet. If the security of the RAS server is compromised, it could expose the device or local network to the public network.
- RAS server is designed to function as a network server. If the security of the RAS server is compromised, it could expose a device or local network to multiple remote clients.
Best Practices
Use authentication
Use as strong an authentication mechanism as possible. RAS server supports the following authentication protocols: Password Authentication Protocol, Challenge Handshake Authentication Protocol (CHAP), Challenge Handshake Authentication Protocol (CHAP) MD5, Microsoft® Challenge-Handshake Authentication Protocol (MS-CHAP), Microsoft Challenge-Handshake Authentication Protocol version 2(MS-CHAPv2).
Use encryption
Point-to-Point Protocol encryption support is configurable between 128-bit and 40-bit encryption.
Default Registry Settings
You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.
For RAS Server registry information, see RAS Server/PPTP Server (Incoming) Registry Settings.
See Also
RAS Server/PPTP Server (Incoming) | Enhancing the Security of a Device
Send Feedback on this topic to the authors