Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How secure is PPTP

Hello All,

I have a Windows 2000 VPN server behind a Cisco PIX firewall, allowing remote clients to connect thourgh PPTP,( Initial authentication is done on L2TP). I have Tcp port 1723 mapped to VPN server through PIX to allow the clients to hit the server. I want to know how secure PPTP is, in both aspects of how secure it is on the firewall (port mapping)and also how secure it is to route through internet.

Thanks in advance.

2 REPLIES
Silver

Re: How secure is PPTP

Any conduit you apply to a firewall presents a vulnerability to your network. That is one of the reasons that Cisco introduced VPN termination on the firewall itself. This is not to make you paranoid about applying conduits but know that it is less secure than not having one to start with. That said, Microsoft has improved PPTP to fix many major security weaknesses. However the main weakness of PPTP still remains. It is only as secure as the user-selected password. Distributed attacks against password files are easier and easier as home pc’s become more and more powerful. PPTP had its place but you are better off migrating to IPSec. IPSec doesn’t rely on the username and password for its encryption algorithm. In fact the key exchange itself is much more secure and is available in different strengths, 56 bit (similar to PPTP but more secure) and 3DES (128 bit) for very strong encryption. Just my two cents.

New Member

Re: How secure is PPTP

The definitive detailed discussion of pptp security can be found at:

http://www.counterpane.com/pptpv2-paper.html

Well worth the read. As one person said, it comes down to how good your password is. And that v2 of ms-chap is far superior. If you have only windows users, require use of v2.

Tom Zeller

Indiana University

zeller@indiana.edu

334
Views
0
Helpful
2
Replies