Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
907
Views
0
Helpful
2
Replies

How secure is PPTP

srajapakse
Level 1
Level 1

‎03-01-2001 12:10 PM - edited ‎03-08-2019 08:02 PM

Hello All,

I have a Windows 2000 VPN server behind a Cisco PIX firewall, allowing remote clients to connect thourgh PPTP,( Initial authentication is done on L2TP). I have Tcp port 1723 mapped to VPN server through PIX to allow the clients to hit the server. I want to know how secure PPTP is, in both aspects of how secure it is on the firewall (port mapping)and also how secure it is to route through internet.

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

thomas.chen
Level 6
Level 6

‎03-06-2001 06:59 AM

Any conduit you apply to a firewall presents a vulnerability to your network. That is one of the reasons that Cisco introduced VPN termination on the firewall itself. This is not to make you paranoid about applying conduits but know that it is less secure than not having one to start with. That said, Microsoft has improved PPTP to fix many major security weaknesses. However the main weakness of PPTP still remains. It is only as secure as the user-selected password. Distributed attacks against password files are easier and easier as home pc’s become more and more powerful. PPTP had its place but you are better off migrating to IPSec. IPSec doesn’t rely on the username and password for its encryption algorithm. In fact the key exchange itself is much more secure and is available in different strengths, 56 bit (similar to PPTP but more secure) and 3DES (128 bit) for very strong encryption. Just my two cents.

0 Helpful

zeller
Level 1
Level 1

‎07-24-2001 05:36 PM

The definitive detailed discussion of pptp security can be found at:

http://www.counterpane.com/pptpv2-paper.html

Well worth the read. As one person said, it comes down to how good your password is. And that v2 of ms-chap is far superior. If you have only windows users, require use of v2.

Tom Zeller

Indiana University

zeller@indiana.edu

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents