Vista, WS08: Security changes for remote access scenarios

In Vista, following changes have been done in remote access from security perspective

1) All the weak crypto algorithms have been removed and new stronger crypto algorithms are added to VPN tunnels

Let us take case by case – per tunnel basis

1.1) PPTP:

40/56 bit RC4 encryption is removed by default from Vista as well as LHS server. This means PPTP now only supports 128 bit RC4 encryption by default. So if you VPN server or VPN client doesn’t support 128 bit encryption, your calls may fail.

You can still get 40/56 bit RC4 back by changing the following registry key, but this is not recommended. It is better recommended to upgrade your client or server that supports 128 bit RC4.

But if you still want to do get weak crypto back, go under: HKLMSystemCurrentControlSetServicesRasmanParametersAllowPPTPWeakCrypto and change it to 1. Restart your machine after that.

1.2) L2TP/IPSec:

DES (for encryption) and MD5 (for integrity check) is removed, but AES support is added from Vista as well as LHS server.

This means Vista will support AES 128 bit, AES 256 bit, 3DES for encryption and SHA1 for integrity check.

So if you VPN server or VPN client doesn’t support either of the above, your connectivity may fail.

Note: AES is more CPU efficient than 3DES.

You can still get DES and MD5 back by changing the following registry key, but this is not recommended. It is better recommended to upgrade your client or server that supports AES/3DES and SHA1.

But if you still want to get weak crypto back, go under: HKLMSystemCurrentControlSetServicesRasmanParametersAllowL2TPWeakCrypto and change it to 1. Restart your machine after that.

Where do I select encryption/authentication settings on the client side? How does it take into affect?

Open a VPN connection properties in “Network and sharing Center”->”Manage Network Connections”. Right click on Properties.

Go under “General” tab, click “Security” tab, click “Advanced”, click “Settings” and see the top half “data encryption”. It doesn’t say your encryption algorithm, but say the action you want to take in each case – because the code is intelligent to select automatically the encryption algorithms. For example, in Vista PPTP always uses 128 bit RC4 – whether in optional or require or maximum. In Vista, L2TP/IPSec will propose to other side AES 128 and 3DES for optional or require mode. And it will propose AES 256 and 3DES in case of maximum encryption. Based upon both sides proposal, the common one with highest security is picked up.

Where do I select the encryption/authentication settings on the server side? How does it work?

RRAS server by default adds the IPSec policy to accept connection for all encryption algorithm (i.e. AES 256, AES 128, 3DES) – because it doesn’t know what client is going to propose. But the server has one more policy setting that comes from “Radius server” which is “Encryption Type” setting (No encryption, Basic, Strong, Strongest).

The way it works is client connects and first IPSec tunnel gets latched on one particular encryption algorithm. Now the RRAS server during PPP authentication face will talk to radius server and get the encryption setting policy. Then it reads the encryption algorithm which is negotiated at IPSec level and then compares against the policy is saying. So if policy is saying maximum and you have negotiated DES for example, your connection will fail.

AES-128/3DES fall under Basic, Strong encryption type and 3DES, AES256 under strongest encryption setting.

2) Lot of new authentication algorithms are added.

What are the authentication algorithms that are supported on Vista Remote access client/server?

EAP-MD5, SPAP and MSCHAPv1 are deprecated. Vista supports (in increasing order of strength) PAP, CHAP, MSCHAPv2, EAP-MSCHAPv2, EAP-smartcard/certificate, PEAP-MSCHAPv2, PEAP-smartcard/certificate.

Note: It is not recommended to use PAP or CHAP over VPN tunnels and is primarily used for broadband scenario (like PPPoE).

3) L2TP/IPSec client has added “more checks” to look into different fields inside server certificate to avoid any kind of man-in-the-middle attack. It checks for SAN, SN field to see the server you are connecting is same as the field present inside certificate. It also checks for EKU field to see the certificate is of “Server authentication” type.

Please feel free to send your comments 

Samir Jain
Lead Program Manager
RRAS, Windows Enterprise Networking

[This posting is provided "AS IS" with no warranties, and confers no rights.]