RAS Server/PPTP Server (Incoming) Security (Windows CE 5.0)
Remote Access Service (RAS) allows a remote client to connect to a network server over a wide area network link or a virtual private network.
The functionality has the following potential security risks:
- RAS server is designed to run over a public network, such as the Internet. If the security of the RAS server is compromised, it could expose the device or local network to the public network.
- RAS server is designed to function as a network server. If the security of the RAS server is compromised, it could expose a device or local network to multiple remote clients.
Best Practices
Use authentication
Use as strong an authentication mechanism as possible. RAS server supports the following authentication protocols: Password Authentication Protocol, Challenge Handshake Authentication Protocol (CHAP), Challenge Handshake Authentication Protocol (CHAP) MD5, Microsoft® Challenge-Handshake Authentication Protocol (MS-CHAP), Microsoft Challenge-Handshake Authentication Protocol version 2(MS-CHAPv2).
Use encryption
Point-to-Point Protocol encryption support is configurable between 128-bit and 40-bit encryption.
Default Registry Settings
You should be aware of the registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.
For RAS Server registry information, see RAS Server/PPTP Server (Incoming) Registry Settings.
See Also
RAS Server/PPTP Server (Incoming) | Enhancing the Security of a Device
Send Feedback on this topic to the authors