CertiGuide to Security+  9  Chapter 2:  Communication Security (Domain 2.0; 20%)       9  2.1  Remote Access

2.1.4  TACACS/XTACACS/TACACS+ 1 2 3 2.1.6  SSH

L2TP (Layer 2 Tunneling Protocol) and PPTP (Point to Point Tunneling Protocol) are both Layer 2 tunneling technologies that implement a secure communication channel over an insecure connection.

PPTP is probably the most popular tunneling protocol today. A consortium inclusive of Microsoft, Ascend Communications, US Robotics and ECI Telematics developed it. Over the years it has gained prominence because of its use for remote access in Microsoft-based network environments. It implements tunneling over a PPP (usually dial-up) connection. Typically users choose the VPN endpoint to which they are connecting after the PPP connection negotiation has completed, a situation that is known as voluntary tunneling.

Microsoft’s PPTP implementation uses its RAS “shared-secret” encryption process with an RSA RC4 cipher based on a 40 or 128-bit session key. In the Microsoft implementation, the shared secret is the user password. In other implementations, the shared secret might be a public key (see PKI, later in this work).

PPTP typically lets you use any authentication mechanism, including PAP and CHAP, but if you want to use an encrypted tunnel, it requires that you use the more secure MS-CHAP authentication mechanism. PPTP uses TCP port 1723 for communication with the destination host¹⁴⁷, so if, you are passing PPTP communication through a firewall make sure that that port is open.

Because Microsoft made PPTP widely available with relatively simple installation, it is a popular choice. Earlier versions of Microsoft PPTP had significant vulnerabilities¹⁴⁸, and while their update of PPTP fixed most issues, it is judged to be still susceptible to password attacks.¹⁴⁹ Therefore, from a security standpoint, IPSec, discussed in section 2.1.7, is preferred.

2.1.4  TACACS/XTACACS/TACACS+ 1 2 3 2.1.6  SSH