<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
..shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
..MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Any port you have forwarded from your firewall to a domain
controller is a direct attack vector into your domain controller, and thus into
AD. If you have it going to an independent server (either member server
or workgroup), at least you have another step in the process. They have
to take significantly more control of a server to use it as a jumping off point
to the rest of your network than they do to gain some piece of data residing
directly on the server. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Even better, stick it in a DMZ, and then only open the ports
users will really need between the DMZ and the LAN. <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>
discuss-bounces@itdiscuss.org [mailto:discuss-bounces@itdiscuss.org] <b>On
Behalf Of </b>blloyd@buskercom.com<br>
<b>Sent:</b> Wednesday, November 04, 2009 7:06 AM<br>
<b>To:</b> discuss@itdiscuss.org<br>
<b>Subject:</b> [itdiscuss] PPTP VPN<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Just
wondering, if I setup a PPTP VPN server on a domain controller, do you think
that is anymore insecure than setting it up on an independent server?<o:p></o:p></span></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p>
<p style='margin-bottom:12.0pt'><b><span style='font-size:14.0pt;color:navy'>Bill
Lloyd</span></b><span style='color:navy'> </span><span style='font-size:11.0pt;
color:navy'><br>
IT Manager</span><o:p></o:p></p>
<p class=MsoNormal><img width=149 height=46 id="_x0000_i1025"
src="cid:image001.jpg@01CA5D29.BAED5A00"><o:p></o:p></p>
<p><span style='font-size:11.0pt;color:black'>2567 Athens Hwy.<br>
Gainesville, GA 30507<br>
Phone: 770-417-1604 Ext.: 250<br>
Fax: 770-417-1747<br>
Cell: 404-379-6963</span><o:p></o:p></p>
<p><em><span style='font-size:11.0pt;color:navy'>blloyd@buskercom.com</span></em><o:p></o:p></p>
<p class=MsoNormal><span style='font-size:7.0pt;font-family:"Arial","sans-serif";
color:navy'>This email and any accompanying attachments may contain
confidential and proprietary information. If you are not the intended
recipient, you are requested to delete this entire communication immediately.
Emails cannot be guaranteed to be secure or free of errors or viruses. The
sender does not accept any liability or responsibility for any problems that
may result from emails you receive.</span><o:p></o:p></p>
</div>
</body>
</html>