| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
2.1.5 L2TP/PPTP (Page 1 of 3) L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are both Layer 2 tunneling technologies that implement a secure communication channel over an insecure connection. PPTP is probably the most popular tunneling protocol today. A consortium inclusive of Microsoft, Ascend Communications, US Robotics and ECI Telematics developed it. Over the years it has gained prominence because of its use for remote access in Microsoft-based network environments. It implements tunneling over a PPP (usually dial-up) connection. Typically users choose the VPN endpoint to which they are connecting after the PPP connection negotiation has completed, a situation that is known as voluntary tunneling. Microsofts PPTP implementation uses its RAS shared-secret encryption process with an RSA RC4 cipher based on a 40 or 128-bit session key. In the Microsoft implementation, the shared secret is the user password. In other implementations, the shared secret might be a public key (see PKI, later in this work). PPTP typically lets you use any authentication mechanism, including PAP and CHAP, but if you want to use an encrypted tunnel, it requires that you use the more secure MS-CHAP authentication mechanism. PPTP uses TCP port 1723 for communication with the destination host147, so if, you are passing PPTP communication through a firewall make sure that that port is open. Because Microsoft made PPTP widely available with relatively simple installation, it is a popular choice. Earlier versions of Microsoft PPTP had significant vulnerabilities148, and while their update of PPTP fixed most issues, it is judged to be still susceptible to password attacks.149 Therefore, from a security standpoint, IPSec, discussed in section 2.1.7, is preferred.
__________________ 147. http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnwebtool/html/understanding_pptp.asp 148. http://www.counterpane.com/pptp-paper.html 149. http://www.counterpane.com/pptp.html
Home - Table Of Contents - Contact Us CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com Version 1.0 - Version Date: November 15, 2004 Adapted with permission from a work created by Tcat Houser et al. CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. |