How secure is PPTP for me to use for our users?

Hi,

We are a software development firm and have highly valuable assets in development on our network.

I am looking at enabling a limited number of users on VPN and am concerned about potential security issues.

We run a 2003 domain behind a WatchGuard X550e firewall. I have an IPSec tunnel already running between ourselves and one of our development partners who run a much larger network than ours (we have ~50 users).

I have licenses for 5 IPSec tunnels I can use but I was hoping to be able to use PPTP as all our systems are Windows. I will use our DC as the authentication server.

Can anyone briefly explain any security issues I may find in enabling PPTP VPN? One thing I am concerned about is could somebody not spoof an employee's home IP (I will restrict access by users IP on the firewall). If they can spoof then the users password will be the only obstacle for a potential hacker...

Thanks in advance.

Ben
bheroniphrAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brian PiercePhotographerCommented:
L2TP is more secure as it actually authenticates the endpoints. That said PPTP is pretty good and is more widly supported,
0
Rob WilliamsCommented:
No question IPSec is far more secure but as suggested by KCTS, PPTP is a quite accepted protocol. However, if concerned you may want to read the following regarding PPTP security. It may make you a little paranoid <G>:
http://www.net.princeton.edu/vpn/pptp.html#security
0
bheroniphrAuthor Commented:
Hi Guys,

Thanks for these responses but I was hoping to maybe get a little more about the possibility of spoofing and ways to prevent hacks.

In terms of the encryption, I'm cool with this as I can use PPTP, L2TP or IPSec. However, all of these are vunerable to spoofing. At least that's what I'm worried about.

Can anyone explain how this could be possible (or impossible0 and ways to protect against it?

Thanks
0
Rob WilliamsCommented:
To the best of my knowledge IP Spoofing is not possible with IPSec, so long as you do not enable NAT-T (NAT-Transversal)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
Thanks bheroniphr,
Cheers !
--Rob
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.