PPTP VPN, and weak passwords

Wed Dec 22 13:02:54 2004 PPTP VPN, and Posted by Bruce Garlock

I use a VPN to connect to work. I run a PPTP server on Linux, at my firewall, for our remote users to connect from home to our work network. As has been explained before, PPTP has had it's share of security issues. I came across this link today, which has some good information on the insecure passwords used by a PPTP server.

(link dead, sorry)

I still need to do some testing against my PPTP server, since it is not MS based, and based off of OpenSource products. The PPTP server I use on my linux box is located here: Debian pptpd HOWTO

I have it configured so that only 128 bit encrypted connections are allowed, with MS-CHAP2 password authentication only. I hope after using some of the tools listed in the zdnet article show that I am safe, but if not, then it is time to start researching other VPN's for our users.

Usually after tools like this are released, it's only a matter of time before a trojan horse, or worm is released to uncover exposed systems.


--BruceGarlock


Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> PPTP VPN, and weak passwords



Increase ad revenue 50-250% with Ezoic


More Articles by © Bruce Garlock



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us