Wed Dec 22 13:02:54 2004 PPTP VPN, and Posted by Bruce Garlock
I use a VPN to connect to work. I run a PPTP server on Linux, at my firewall, for our remote users to connect from home to our work network. As has been explained before, PPTP has had it's share of security issues. I came across this link today, which has some good information on the insecure passwords used by a PPTP server.
(link dead, sorry)
I still need to do some testing against my PPTP server, since it is not MS based, and based off of OpenSource products. The PPTP server I use on my linux box is located here: Debian pptpd HOWTO
I have it configured so that only 128 bit encrypted connections are allowed, with MS-CHAP2 password authentication only. I hope after using some of the tools listed in the zdnet article show that I am safe, but if not, then it is time to start researching other VPN's for our users.
Usually after tools like this are released, it's only a matter of time before a trojan horse, or worm is released to uncover exposed systems.
Got something to add? Send me email.
More Articles by Bruce Garlock © 2009-11-07 Bruce Garlock
The worst crime against working people is a company which fails to operate at a profit. (Samuel Gompers)