headers
Dana J. Dawson | 1 Jul 2003 18:19
Favicon

Re: shmoo mailing list membership reminder...

Hi!

I just got what appears to be an automated reminder about my shmoo.com mailing 
list memberships and it included a clear text copy of my password.  Am I the 
only one who thinks this is a really bad idea?  I intentionally don't use any 
passwords I consider secure for such things, but even so, any process that 
involves a password should respect the privacy of those passwords.  I sent a 
message to the "mailman-owner <at> lists.shmoo.com" address included in the mail 
about this, but I thought I'd bring it up here, too, in case others we not aware 
of this situation and wanted to contact shmoo.com on their own.

Thanks!

Dana

--

-- 

Dana J. Dawson                     djdawso <at> qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."
Permalink | Reply | 752 comments |
headers
Alastair Morrison | 1 Jul 2003 18:36
Picon
Picon
Favicon

W2K and XP native VPN clients to Cisco concentrator

I have been through the archives, and reading the thread
from September last year entitled "cisco limitations" (and
noting the stages that contributors to it were at) I get the
impression that the main question I have means that I am
missing something obvious.

Anyway, here is the situation and a couple of questions.

We have a Cisco 3030 VPN concentrator to which our
client W2K and XP machines currently connect using
Cisco's proprietary VPN client (no certificates).

We want to reduce the desktop support by allowing the
native W2K and XP VPN clients to attach (L2TP/IPSec).
The recommended way to do this appears to be by using
digital certificates.

As a pilot I have installed Certificate Services on a W2K
server and with it set up an Enterprise Root Certification
Authority (CA). It has produced a self-signed root certificate.

The Cisco concentrator requires the CA's certificate to
be installed before identity and SSL certificates can be
installed. The most straightforward method to achieve this
(of those provided by the concentrator) would seem to be
to upload the CA certificate file from the workstation.

However I cannot see, within the Windows Certification
Authority, how to save the CA's certificate as a file.
Can anyone advise me on this (or a better way to get that
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tina Bird | 1 Jul 2003 18:39

Re: Re: shmoo mailing list membership reminder...


On Tue, 1 Jul 2003, Dana J. Dawson wrote:

> I just got what appears to be an automated reminder about my shmoo.com mailing
> list memberships and it included a clear text copy of my password.  Am I the
> only one who thinks this is a really bad idea?  I intentionally don't use any
> passwords I consider secure for such things, but even so, any process that
> involves a password should respect the privacy of those passwords.  I sent a
> message to the "mailman-owner <at> lists.shmoo.com" address included in the mail
> about this, but I thought I'd bring it up here, too, in case others we not aware
> of this situation and wanted to contact shmoo.com on their own.

hi dana --

the list's been set up this way ever since we migrated away from symantec.
for better or worse, there's no capability within mailman to encrypt
passwords before they're sent out.

i can disable the monthly reminders if people prefer.  let me know.

tbird
Permalink | Reply | 0 comments |
headers
Joseph S D Yao | 1 Jul 2003 18:42

Re: Re: shmoo mailing list membership reminder...

It appears to be standard with all "mailman" mailing lists that the
passwords are sent monthly in the clear.

Besides, if "they" are sniffing your e-mail, "they" are also sniffing
when you type that password in the clear at
	http://lists.shmoo.com/mailman/options/vpn/...

--

-- 
Joe Yao				jsdy <at> center.osis.gov - Joseph S. D. Yao
OSIS Center Systems Support					EMT-B
-----------------------------------------------------------------------
   This message is not an official statement of OSIS Center policies.
Permalink | Reply | 751 comments |
headers
hakan.palm | 1 Jul 2003 19:34
Picon
Favicon

Ang: W2K and XP native VPN clients to Cisco concentrator

Alastair,

have you had a look at

Using a Microsoft Windows 2000 Client to Connect to the Cisco VPN 3000 Concentrator
http://www.cisco.com/warp/public/471/Win_client.html

(Configuring L2TP over IPSec from a Windows 2000 or XP Client to a Cisco VPN 3000 Series Concentrator Using
Pre-Shared Keys)
http://www.cisco.com/warp/public/471/vpn3k_l2tp.html

Configuring the Cisco VPN 3000 Concentrator 3.0.X to Get a Digital Certificate
http://www.cisco.com/warp/public/471/installdigital.html

Configuring the Cisco VPN 3000 Concentrator 3.5.X to Get a Digital Certificate Using SCEP
http://www.cisco.com/warp/public/471/vpn3k_scep.html

HTH

Regards,
/Palm

	alastair.morrison <at> strath.ac.uk
2003-07-01 18:48
		
	Till:	vpn <at> lists.shmoo.com  <at>  INTERNET
	Kopia:	(Blank: Hakan Palm/Generic)
	Ă„rende:	[VPN] W2K and XP native VPN clients to Cisco concentrator

I have been through the archives, and reading the thread
(Continue reading)

Permalink | Reply | 0 comments |
headers
Vagos Takis | 2 Jul 2003 12:51
Picon
Favicon

ACS with VPN Concentrator

Hi,

I have installed ACS 3.0 with VPN conentrator 3030 and client are using VPN 
client 4.0.
I am tried to configure the VPN Concentrator with the Password with Expiry 
option and password aging rules on ACS but there is no window appears to the 
client requesting the password changing. This is the password changing 
option on the IPSec,but it doesn't work.
Does anyone installed the above?

Thanks in advance,
Vagelis

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail
Permalink | Reply | 1 comment |
headers
Kelley Foust | 2 Jul 2003 19:01
Picon
Favicon

webramp 700s VPN

Has anyone used an XP native client to connect to a
web ramp 700s.  I am having difficulty figuring out
the VPN settings to make it connect.
Sonic has a stand alone client but the documentation
does not match the product and my operating system.
Kelley

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
Permalink | Reply | 0 comments |
headers
Lisa Phifer | 2 Jul 2003 19:21

VPN users wanted for ROI study

Folks, I'm a consultant trying to work up a VPN cost study for a client.
I'm looking for users of remote access VPNs (IPsec, SSL, whatever) who
might be willing to participate in a brief phone interview to discuss
their VPN deployment and factors that contribute to TCO (hw and sw cost,
# users, typical usage/apps, etc). All interviews will be confidential -
the info I gather will be condensed to create examples that illustrate
TCO for various scenarios.

If you're a VPN admin or planner who might be willing to share your
experiences with me for this informal study, please send email to:

lphifer <at> fast.net

Lisa Phifer
Core Competence, Inc.
Permalink | Reply | 0 comments |
headers
Dale Wissman | 7 Jul 2003 21:25

Supporting Multiple VPN Hosts through PIX520

I am running a PIX 520 for all outbound traffic on my network.  I have a Cisco 3005 VPN concentrator that we use to connect to our internal network.  What I am looking to be able to do is to connect out through that PIX, or Concentrator if possible, to customers of ours that wish us to access their networks via VPN.  What are the caveats involved in this setup, other than the obvious one of overlapping networks?  Is there anyone that is doing this setup now?

 

Thank you,

K. Dale Wissman, MCP
Network Engineer
CareCentric, Inc.
"Speed. Precision. Results"
Voice:      (800) 394-6271
Mobile:    (412) 576-7919
Dale.Wissman <at> CareCentric.com
http://www.carecentric.com

The information contained in this electronic  message is legally privileged and confidential under applicable law, and is intended only for the use of the individual or entity named above. If the recipient of this message is not the above-named recipient, you are hereby notified that any dissemination, copy or disclosure of this communication is prohibited. If you have received this communication in error, please immediately purge it without making any copy or distribution.

 

_______________________________________________
VPN mailing list
VPN <at> lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
Permalink | Reply | 1 comment |
headers
Bobby Barrett | 7 Jul 2003 21:26
Picon
Favicon

Audit Program for VPN?

Howdy All!  I've searched the archives to no avail, so I would like
to tap your resources and knowledge....

Does anyone have a copy of an audit program utilized by internal/IT
auditors to audit VPN implementation, policies, and procedures?  I've
researched the best practices, and it has provided some insight, but
I would like to see an actual VPN audit program - if possible!

Thanks!
Bobby

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
Permalink | Reply | 0 comments |

Gmane