RE: PPTP versus L2TP and possible attacks - what next?
From: James D. Stallard (james_at_leafgrove.com)
Date: 02/14/04
- Previous message: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: PPTP versus L2TP and possible attacks"
- Next in thread: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <focus-ms@securityfocus.com> Date: Sat, 14 Feb 2004 21:52:19 -0000
All
Thank you for your replies. The concensus seems to be along the lines of
"they are both adequate, L2TP is better but both suffer from the NAT problem
of outbound NAT firewalling"
However, Microsoft appears to have solved the problem for us:
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
Any comments?
Thanks again
Regards
James D. Stallard
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa@pacbell.net]
Sent: 12 February 2004 21:00
To: Patrick Power
Cc: James D. Stallard; focus-ms@securityfocus.com
Subject: Re: PPTP versus L2TP and possible attacks
And when was the last time you read that?
Watch the security week webcast with Jesper Johannson
www.microsoft.com/webcasts and he talks about the truth/hype of PPtP.
Patrick Power wrote:
> Actually L2TP is only a tunneling protocol. Is does not include any
> encryption. L2TP makes a "virtual network" just not a "virtual private
> network". L2TP is primarily used by Microsoft in conjunction with
> Point-to-point IPSec, where IPSec provides the encrytpion part of it.
>
> PPTP is a complete VPN on it's own. However, the last I read about it,
> there were some pretty significant flaws in the design of the PPTP
> protocal (not just bugs in implementation, but actually protocol
> design flaws I believe) which made PPTP relatively easy to crack.
> IPSec on the other hand has not has any such flaws yet discovered, and
> is *widely* considered a very secure solution.
>
> -Patrick
>
>
> James D. Stallard wrote:
>
>> Hi
>>
>> I have recently deployed a VPN Server using Microsoft RRAS. RRS is
>> the preferred technology because there are few anticipated users and
>> the software is free :)
>>
>> The VPN Server sits behind the corporate firewall and operates fine,
>> accepting incoming connections reliably.
>>
>> I am rather new to the VPN game (I usually design Active Directory
>> infrastructures) and set up both L2TP and PPTP protocols for
>> convenience sake while the client pilots the solution. My questions are
therefore:
>>
>> 1. Which is the better tunnelling protocol in terms of security and
>> functionality, L2TP or PPTP, and why?
>>
>> 2. Is the community aware of any exploits that could be levelled
>> against the firewall with the following ports opened to support VPNs?
>>
>> L2TP requires: Protocol 50, UDP 4500, UDP 500 PPTP requires: Protocol
>> 47, TCP 1723
>>
>> 3. Anything else I should know?
>>
>> All advice is appreciated
>>
>> Thanks in advance
>> Regards
>>
>> James D. Stallard
>>
>>
>>
>> ---------------------------------------------------------------------
>> ------
>>
>> Free trial: Astaro Security Linux -- firewall with Spam/Virus
>> Protection
>>
>> Protect your network with the comprehensive security solution that
>> integrates six applications for ease of use and lower TCO.
>>
>> Firewall - Virus protection - Spam protection - URL blocking - VPN -
>> Wireless security.
>>
>> Download 30-day evaluation at:
>> http://www.astaro.com/php/contact/securityfocus.php
>> ---------------------------------------------------------------------
>> ------
>>
>>
>>
>
-- http://www.sbslinks.com/really.htm --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php --------------------------------------------------------------------------- --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ---------------------------------------------------------------------------
- Previous message: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"
- In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: PPTP versus L2TP and possible attacks"
- Next in thread: Zachary Mutrux: "RE: PPTP versus L2TP and possible attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
