North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Security problem in PPPoE connection
Any info on percentages of users that use routers vs Windows boxes? > > Microsoft has some suggestions for configuring PPPOE for MS-Windows. > > http://www.microsoft.com/technet/prodtechnol/winxppro/maintain > /pppoe.mspx > > A problem is many of your customers won't follow the > directions, and may still be vulnerable to man-in-the-middle > attacks for the login if they don't disable PAP. Because > things will appear to work, i.e. Windows will use CHAP first > and fallback to PAP, your customers may not notice when an > attack does occur. > > Although PPPOE is a layer 2 protocol, the user data may be > vulnerable to many of the same ethernet CAM table, denial of > service and sniffing weaknesses even if the login credentials > are kept secret with CHAP (or more advanced EAP options). > PPPOE and PPP tend to assume the access networks are 1) > "free" and 2) "secure." This may be constrained using > point-to-point connections, but often require additional > configuration of multi-access networks. > > The configuration details will vary by equipment vendor. But > you should find some good information by doing a few web > searches for metro ethernet security, private vlan, broadcast > security. > >
|