Setting up a "Dial-In Connection" opens a door for "unwanted visitors", which far too often manage to break in to systems. Setting up passwords gives only a limited protection, because unluckily, a lot of people choose easy-to-remember password (like: the of your wife/children or their birthday).
Security can be largely improved by implementing "Call Back":
once the server has identified the caller, the connection is terminated, and then the server calls you back, re-establishing the connection.
On the RAS server, define for each user in the "Remote Access Admin":
|In addition of allowing a user to |
"dial-in", define the "Call Back"
option and preset the number,
allowing this user to connect
ONLY from this predefined
Setup of a Windows NT 4 Dial-Up Connection
Select from the "More"-button the "User Preferences:"
You can enter here (optional) the number to be called back, but that would NOT give you the additional security, we have already defined a FIXED call-back number on the server.
|we start our connection in the usual method by|
dialing from the "Dial-Up Networking Client
to the "Remote Access Server"
|Once the server "picks up the phone", the|
systems verify the "user-name" and "Password".
|The connection is then terminated, and the|
"Dial-Up Networking Client" now waits for
the "Remote Access Server" to call back.
|Within a few seconds, the return call come in.|
The "username " and "password" is verified
again, then the connection is finalized.
|Then, you are connected.|
Setup of a Windows95 Dial-Up Networking Client
When defining your connection from a Windows95 "Dial-Up Networking" Client, there is no possibility to define a Call-Back option.
However, the functionality is fully supported
|You start your connection.|
|When the server "picks up the phone",|
the "user-name" and "password" is
verified, used to identify the caller.
|You then get informed about the|
"Possibility" for a "call-Back".
However, if the Server enforces
a specific call-back number, you
can only go ahead: OK
|The connection is terminated, and|
your "Dial-Up Networking" Client
is now waiting for the call-back.
|"User-name" and "Password" are|
You are now connected and can browse the system.