Solved

How secure is PPTP for me to use for our users?

Posted on 2007-03-19
5
252 Views
Last Modified: 2010-04-12
Hi,

We are a software development firm and have highly valuable assets in development on our network.

I am looking at enabling a limited number of users on VPN and am concerned about potential security issues.

We run a 2003 domain behind a WatchGuard X550e firewall. I have an IPSec tunnel already running between ourselves and one of our development partners who run a much larger network than ours (we have ~50 users).

I have licenses for 5 IPSec tunnels I can use but I was hoping to be able to use PPTP as all our systems are Windows. I will use our DC as the authentication server.

Can anyone briefly explain any security issues I may find in enabling PPTP VPN? One thing I am concerned about is could somebody not spoof an employee's home IP (I will restrict access by users IP on the firewall). If they can spoof then the users password will be the only obstacle for a potential hacker...

Thanks in advance.

Ben
0
Comment
Question by:bheroniphr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18750317
L2TP is more secure as it actually authenticates the endpoints. That said PPTP is pretty good and is more widly supported,
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18753454
No question IPSec is far more secure but as suggested by KCTS, PPTP is a quite accepted protocol. However, if concerned you may want to read the following regarding PPTP security. It may make you a little paranoid <G>:
http://www.net.princeton.edu/vpn/pptp.html#security
0
 

Author Comment

by:bheroniphr
ID: 18755097
Hi Guys,

Thanks for these responses but I was hoping to maybe get a little more about the possibility of spoofing and ways to prevent hacks.

In terms of the encryption, I'm cool with this as I can use PPTP, L2TP or IPSec. However, all of these are vunerable to spoofing. At least that's what I'm worried about.

Can anyone explain how this could be possible (or impossible0 and ways to protect against it?

Thanks
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 250 total points
ID: 18769038
To the best of my knowledge IP Spoofing is not possible with IPSec, so long as you do not enable NAT-T (NAT-Transversal)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 18957529
Thanks bheroniphr,
Cheers !
--Rob
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
windows explorer default details view 10 119
logon script 9 95
USB KEYBOARD AND MOUSE FAILS AFTER WIN-XP LOADS 18 139
Usage of Prefix-List 5 77
Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question