We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
LEARN MORE
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions
BLOG
9
13
2018
3.1.2023

Common Mistakes to Avoid When Configuring Network Policies for VPN

Last updated:
9.16.2020
3.1.2023
No items found.

Saeed Sheikh is a Cloud and Infrastructure Specialist at Infront Consulting and a Microsoft Certified Solutions Expert in Cloud Platform and Infrastructure. Follow Saeed on Twitter at @saeedonweb.

A Network Policy Server is Microsoft implementation of a RADIUS server that performs authentication, authorization, and accounting for remote VPN connections. Network policies are defined by network administrators to use conditions, settings, and constraints in order to determine who can connect to the network.

I was recently involved in reviewing the existing VPN solution and then deploying another solution for a client. Here are some common mistakes I found made when configuring these policies.
 

Allowing clients to connect without authentication

This one is so obvious. When setting up your Network Policies for your VPN users, do not select the option Allow clients to connect without negotiating an authentication method.

The reason the option is even there is to allow basic testing during deployment without restricting connections due to incorrect Authentication Methods used by client and server. Leaving this option once in production is the equivalent to leaving your front door unlocked.


Using a Less Secure Authentication Method

There are various Authentication Methods available to choose. It can be very overwhelming for new admins which to select. They all have their pros and cons.

To make it easier, let’s talk about the ones not to choose.

Strong options that can be used as an Authentication Method are EAP: MS-CHAP v2 or MS-CHA.


Not Using Enough Encryption

Encryption settings for Network Policy Servers are used to determine the minimum encryption strength that will be allowed between the remote clients and the network access server. The choices are:

You can select multiple encryption strengths. The server and client will negotiate the strongest possible encryption they can both use and then create a connection.

The actual encryption method used will depend on the type of VPN connection.

It is not recommend to use the No Encryption option as that leaves your traffic wide open to attacks.

Conclusion

Network policies for remote VPN users can be confusing, but simple common sense prevails. You should not allow anyone into your network without authentication. Always use strong encryption to protect your data from hackers and be sure to enable the most secure authentication methods possible.

Recent Blog Posts

lunavi logo alternate white and yellow
5.23.2023
04
.
26
.
2023
Using Azure AI and Logic Apps to Reverse Engineer SMS Search Engines

There used to be entire companies providing SMS answering services. In 2006, one such company was valued at $6 million. Come along as we build the same system in Azure, almost for free, in 2 hours or less!

Learn more
lunavi logo alternate white and yellow
5.23.2023
04
.
12
.
2023
Security Technologies in Microsoft Azure AD: An Overview

Microsoft Azure AD offers a wide range of security technologies that help organizations protect their data and applications against various cyber threats. Learn how to leverage these advanced security technologies in your Azure environment.

Learn more
lunavi logo alternate white and yellow
4.3.2023
03
.
24
.
2023
Getting Started with Azure OpenAI

It's no secret that Microsoft is making waves in AI technology with significant investments in OpenAI, one of the world's leading Artificial Intelligence companies. Everyone is curious about AI abilities, but how can you use AI in your Azure space? One of Lunavi's lead developers will take you through the journey of implementing AI platforms like ChatGPT into your Azure environment.

Learn more