03-01-2001 12:10 PM - edited 03-08-2019 08:02 PM
Hello All,
I have a Windows 2000 VPN server behind a Cisco PIX firewall, allowing remote clients to connect thourgh PPTP,( Initial authentication is done on L2TP). I have Tcp port 1723 mapped to VPN server through PIX to allow the clients to hit the server. I want to know how secure PPTP is, in both aspects of how secure it is on the firewall (port mapping)and also how secure it is to route through internet.
Thanks in advance.
03-06-2001 06:59 AM
Any conduit you apply to a firewall presents a vulnerability to your network. That is one of the reasons that Cisco introduced VPN termination on the firewall itself. This is not to make you paranoid about applying conduits but know that it is less secure than not having one to start with. That said, Microsoft has improved PPTP to fix many major security weaknesses. However the main weakness of PPTP still remains. It is only as secure as the user-selected password. Distributed attacks against password files are easier and easier as home pcs become more and more powerful. PPTP had its place but you are better off migrating to IPSec. IPSec doesnt rely on the username and password for its encryption algorithm. In fact the key exchange itself is much more secure and is available in different strengths, 56 bit (similar to PPTP but more secure) and 3DES (128 bit) for very strong encryption. Just my two cents.
07-24-2001 05:36 PM
The definitive detailed discussion of pptp security can be found at:
http://www.counterpane.com/pptpv2-paper.html
Well worth the read. As one person said, it comes down to how good your password is. And that v2 of ms-chap is far superior. If you have only windows users, require use of v2.
Tom Zeller
Indiana University
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: