Setting up a “Dial-In Connection” opens a door for “unwanted visitors”, which far too often manage to break in to systems. Setting up passwords gives only a limited protection, because unluckily, a lot of people choose easy-to-remember password (like: the of your wife/children or their birthday).
Security can be largely improved by implementing “Call Back“:
once the server has identified the caller, the connection is terminated, and then the server calls you back, re-establishing the connection.
On the RAS server, define for each user in the “Remote Access Admin“:
In addition of allowing a user to “dial-in”, define the “Call Back” option and preset the number, allowing this user to connect ONLY from this predefined number. |
Setup of a Windows NT 4 Dial-Up Connection
Select from the “More“-button the “User Preferences:“
You can enter here (optional) the number to be called back, but that would NOT give you the additional security, we have already defined a FIXED call-back number on the server.
we start our connection in the usual method by dialing from the “Dial-Up Networking Client to the “Remote Access Server” | |
Once the server “picks up the phone”, the systems verify the “user-name” and “Password”. | |
The connection is then terminated, and the “Dial-Up Networking Client” now waits for the “Remote Access Server” to call back. | |
Within a few seconds, the return call come in. The “username ” and “password” is verified again, then the connection is finalized. | |
Then, you are connected. |
Setup of a Windows95 Dial-Up Networking Client
When defining your connection from a Windows95 “Dial-Up Networking” Client, there is no possibility to define a Call-Back option.
However, the functionality is fully supported
You start your connection. | |
When the server “picks up the phone”, the “user-name” and “password” is verified, used to identify the caller. | |
You then get informed about the “Possibility” for a “call-Back”. However, if the Server enforces a specific call-back number, you can only go ahead: OK | |
The connection is terminated, and your “Dial-Up Networking” Client is now waiting for the call-back. | |
“User-name” and “Password” are verified again. |
You are now connected and can browse the system.