PPTP VPN, and weak passwords
Wed Dec 22 13:02:54 2004 PPTP VPN, and
Posted by Bruce Garlock
I use a VPN to connect to work. I run a PPTP server on Linux, at
my firewall, for our remote users to connect from home to our work
network. As has been explained before, PPTP has had it's share of
security issues. I came across this link today, which has some good
information on the insecure passwords used by a PPTP server.
(link dead, sorry)
I still need to do some testing against my PPTP server, since it
is not MS based, and based off of OpenSource products. The PPTP
server I use on my linux box is located here: Debian pptpd HOWTO
I have it configured so that only 128 bit encrypted connections
are allowed, with MS-CHAP2 password authentication only. I hope
after using some of the tools listed in the zdnet article show that
I am safe, but if not, then it is time to start researching other
VPN's for our users.
Usually after tools like this are released, it's only a matter
of time before a trojan horse, or worm is released to uncover
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Bruce Garlock
© 2009-11-07 Bruce Garlock