Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.1  Remote Access

Previous Topic/Section
2.1.4  TACACS/XTACACS/TACACS+
Previous Page
Pages in Current Topic/Section
1
23
Next Page
2.1.6  SSH
Next Topic/Section

2.1.5  L2TP/PPTP
(Page 1 of 3)

L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are both Layer 2 tunneling technologies that implement a secure communication channel over an insecure connection.

PPTP

PPTP is probably the most popular tunneling protocol today. A consortium inclusive of Microsoft, Ascend Communications, US Robotics and ECI Telematics developed it. Over the years it has gained prominence because of its use for remote access in Microsoft-based network environments. It implements tunneling over a PPP (usually dial-up) connection. Typically users choose the VPN endpoint to which they are connecting after the PPP connection negotiation has completed, a situation that is known as voluntary tunneling.

Microsoft’s PPTP implementation uses its RAS “shared-secret” encryption process with an RSA RC4 cipher based on a 40 or 128-bit session key. In the Microsoft implementation, the shared secret is the user password. In other implementations, the shared secret might be a public key (see PKI, later in this work).

PPTP typically lets you use any authentication mechanism, including PAP and CHAP, but if you want to use an encrypted tunnel, it requires that you use the more secure MS-CHAP authentication mechanism. PPTP uses TCP port 1723 for communication with the destination host147, so if, you are passing PPTP communication through a firewall make sure that that port is open.

Because Microsoft made PPTP widely available with relatively simple installation, it is a popular choice. Earlier versions of Microsoft PPTP had significant vulnerabilities148, and while their update of PPTP fixed most issues, it is judged to be still susceptible to password attacks.149 Therefore, from a security standpoint, IPSec, discussed in section 2.1.7, is preferred.

PPTP

PPTP is usually used to implement security over a PPP connection. It is a popular choice because it’s available in Microsoft Windows and relatively simple to implement.

PPTP uses TCP port 1723.

The Microsoft implementation of PPTP uses the RAS shared secret encryption process, using the RSA RC4 encryption algorithm and a 40-bit or 128-bit key. It supports PAP, CHAP and MS-CHAP authentication, but requires that you use MS-CHAP if you want to use an encrypted tunnel.



 __________________

147. http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnwebtool/html/understanding_pptp.asp

148. http://www.counterpane.com/pptp-paper.html

149. http://www.counterpane.com/pptp.html

Previous Topic/Section
2.1.4  TACACS/XTACACS/TACACS+
Previous Page
Pages in Current Topic/Section
1
23
Next Page
2.1.6  SSH
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.