Re: PPTP versus L2TP and possible attacks
From: Patrick Power (ppower_at_registrypro.pro)
Date: 02/12/04
- Previous message: Marc Fossi: "Article Announcement: Automating Windows Patch Management: Part I"
- In reply to: James D. Stallard: "PPTP versus L2TP and possible attacks"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: PPTP versus L2TP and possible attacks"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: PPTP versus L2TP and possible attacks"
- Reply: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 12 Feb 2004 14:55:24 -0500 To: "James D. Stallard" <james@leafgrove.com>
Actually L2TP is only a tunneling protocol. Is does not include any
encryption. L2TP makes a "virtual network" just not a "virtual private
network". L2TP is primarily used by Microsoft in conjunction with
Point-to-point IPSec, where IPSec provides the encrytpion part of it.
PPTP is a complete VPN on it's own. However, the last I read about it,
there were some pretty significant flaws in the design of the PPTP
protocal (not just bugs in implementation, but actually protocol design
flaws I believe) which made PPTP relatively easy to crack. IPSec on the
other hand has not has any such flaws yet discovered, and is *widely*
considered a very secure solution.
-Patrick
James D. Stallard wrote:
> Hi
>
> I have recently deployed a VPN Server using Microsoft RRAS. RRS is the
> preferred technology because there are few anticipated users and the
> software is free :)
>
> The VPN Server sits behind the corporate firewall and operates fine,
> accepting incoming connections reliably.
>
> I am rather new to the VPN game (I usually design Active Directory
> infrastructures) and set up both L2TP and PPTP protocols for convenience
> sake while the client pilots the solution. My questions are therefore:
>
> 1. Which is the better tunnelling protocol in terms of security and
> functionality, L2TP or PPTP, and why?
>
> 2. Is the community aware of any exploits that could be levelled against the
> firewall with the following ports opened to support VPNs?
>
> L2TP requires: Protocol 50, UDP 4500, UDP 500
> PPTP requires: Protocol 47, TCP 1723
>
> 3. Anything else I should know?
>
> All advice is appreciated
>
> Thanks in advance
> Regards
>
> James D. Stallard
>
>
>
> ---------------------------------------------------------------------------
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
> ---------------------------------------------------------------------------
>
>
-- Patrick Power Systems Engineer RegistryPro, Inc. +1-212-798-9113 ppower@registrypro.pro --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ---------------------------------------------------------------------------
- Previous message: Marc Fossi: "Article Announcement: Automating Windows Patch Management: Part I"
- In reply to: James D. Stallard: "PPTP versus L2TP and possible attacks"
- Next in thread: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: PPTP versus L2TP and possible attacks"
- Reply: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: PPTP versus L2TP and possible attacks"
- Reply: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
