|
|
Focus on Microsoft
PPTP versus L2TP and possible attacks Feb 11 2004 07:19PM James D. Stallard (james leafgrove com) (2 replies) Re: PPTP versus L2TP and possible attacks Feb 12 2004 07:55PM Patrick Power (ppower registrypro pro) (2 replies) RE: PPTP versus L2TP and possible attacks Feb 13 2004 05:30PM Zachary Mutrux (zmutrux compumentor org) (1 replies) RE: PPTP versus L2TP and possible attacks Feb 16 2004 04:17PM Laura A. Robinson (larobins bellatlantic net) Re: PPTP versus L2TP and possible attacks Feb 12 2004 09:00PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (2 replies) Re: PPTP versus L2TP and possible attacks Feb 12 2004 09:30PM Patrick Power (ppower registrypro pro) (1 replies) RE: PPTP versus L2TP and possible attacks Feb 13 2004 11:46PM Zachary Mutrux (zmutrux compumentor org) Re: PPTP versus L2TP and possible attacks Feb 12 2004 03:16PM Chris Gianelloni (wolf31o2 charter net) |
|
Privacy Statement |
Thank you for your replies. The concensus seems to be along the lines of
"they are both adequate, L2TP is better but both suffer from the NAT problem
of outbound NAT firewalling"
However, Microsoft appears to have solved the problem for us:
http://support.microsoft.com/default.aspx?scid=kb;en-us;818043
Any comments?
Thanks again
Regards
James D. Stallard
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:sbradcpa (at) pacbell (dot) net [email concealed]]
Sent: 12 February 2004 21:00
To: Patrick Power
Cc: James D. Stallard; focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: PPTP versus L2TP and possible attacks
And when was the last time you read that?
Watch the security week webcast with Jesper Johannson
www.microsoft.com/webcasts and he talks about the truth/hype of PPtP.
Patrick Power wrote:
> Actually L2TP is only a tunneling protocol. Is does not include any
> encryption. L2TP makes a "virtual network" just not a "virtual private
> network". L2TP is primarily used by Microsoft in conjunction with
> Point-to-point IPSec, where IPSec provides the encrytpion part of it.
>
> PPTP is a complete VPN on it's own. However, the last I read about it,
> there were some pretty significant flaws in the design of the PPTP
> protocal (not just bugs in implementation, but actually protocol
> design flaws I believe) which made PPTP relatively easy to crack.
> IPSec on the other hand has not has any such flaws yet discovered, and
> is *widely* considered a very secure solution.
>
> -Patrick
>
>
> James D. Stallard wrote:
>
>> Hi
>>
>> I have recently deployed a VPN Server using Microsoft RRAS. RRS is
>> the preferred technology because there are few anticipated users and
>> the software is free :)
>>
>> The VPN Server sits behind the corporate firewall and operates fine,
>> accepting incoming connections reliably.
>>
>> I am rather new to the VPN game (I usually design Active Directory
>> infrastructures) and set up both L2TP and PPTP protocols for
>> convenience sake while the client pilots the solution. My questions are
therefore:
>>
>> 1. Which is the better tunnelling protocol in terms of security and
>> functionality, L2TP or PPTP, and why?
>>
>> 2. Is the community aware of any exploits that could be levelled
>> against the firewall with the following ports opened to support VPNs?
>>
>> L2TP requires: Protocol 50, UDP 4500, UDP 500 PPTP requires: Protocol
>> 47, TCP 1723
>>
>> 3. Anything else I should know?
>>
>> All advice is appreciated
>>
>> Thanks in advance
>> Regards
>>
>> James D. Stallard
>>
>>
>>
>> ---------------------------------------------------------------------
>> ------
>>
>> Free trial: Astaro Security Linux -- firewall with Spam/Virus
>> Protection
>>
>> Protect your network with the comprehensive security solution that
>> integrates six applications for ease of use and lower TCO.
>>
>> Firewall - Virus protection - Spam protection - URL blocking - VPN -
>> Wireless security.
>>
>> Download 30-day evaluation at:
>> http://www.astaro.com/php/contact/securityfocus.php
>> ---------------------------------------------------------------------
>> ------
>>
>>
>>
>
--
http://www.sbslinks.com/really.htm
------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.
Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.
Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
------------------------------------------------------------------------
---
[ reply ]