This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possibility of analysis or modification of abf / unencrypted backup files

Our company plans to rollout a new policy regarding the password handling of our VPN users. We have about 60 remote users who connect via SSL-VPN to the corporate network. In the future, the VPN passwords have to meet a standardized format and have to be changed on a regulary base, which means at least every 10 days or on demand. To enforce this, the password of each user will be (re)set by an administrator and the user is notified about the change and gets the new password send (encrypted) to his / her managed mobile device.

The passwords also have to be recoverable, that means, if a user forget the password it will not be allowed anymore to set a new one, but to recover the existing one and send it againt to the users mobile device.


One of my ideas for implementing these requirements is to use unencrypted backup files to set the passwords within this files and "import" (restore) them to our VPN gateway. This is faster than changing the password of any user manually and the configuration of the VPN gateway itself does not change, so this could be a practicable way.


I don't know much about the file format of abf - files and this is the reason for this question, is it possible to modify these files in the way I described, is it possible to recover passwords from this files or make them readable like the login data to our ISP's which is cleartext and of course, is there a documentation about these files and / or the file format available?


Many thanks for any help or suggestions

Thomas



This thread was automatically locked due to age.
Parents
  • Hi Thomas,
    I don't know about abf files,too. But reading user passwords to recover is not a secure way I like to implement.
    You may bind SSL-VPN to your AD/LADP Server and may read the pwd there?
    A proper way to reset forgotten pwd is my choice. The simplest for the user is to call the admin and they reset the pwd together in AD, and nobody has to decrypt backups.
    Regarding Nathan
Reply
  • Hi Thomas,
    I don't know about abf files,too. But reading user passwords to recover is not a secure way I like to implement.
    You may bind SSL-VPN to your AD/LADP Server and may read the pwd there?
    A proper way to reset forgotten pwd is my choice. The simplest for the user is to call the admin and they reset the pwd together in AD, and nobody has to decrypt backups.
    Regarding Nathan
Children
No Data