how secure is vpn on win2000 server?

Thomas J. Arseneault arsen at GNAC.COM
Tue May 23 16:10:36 EDT 2000 

Just from a quick read thru of the Microsoft documentation:

Win2k supports 2 types of VPN PPTP (Point to Point Tunneling Protocol) and
L2TP (Layer 2 Tunneling Protocol). The PPTP protocol uses a Cisco GRE tunnel
(tunneling over ip, no encryption) as a transport and then PPP running on
top of the GRE tunnel. The PPP configureation and the user authentication is
done in the clean then the PPP tunnel itself gets encrypted. The user
authentication uses microsofts protocols and I have heard that the 2nd
generation of PPTP is relatively secure, but I don't like the PPP config
happening in the clear. I personaly would not do PPTP.

L2TP replaces the GRE tunnel with a IPSec tunnel and then PPP is done over
the IPSec tunnel. This means that the PPP config and the user Auth is done
inside an encrypted tunnel. The L2TP protocol is a joint standard that Cisco
and Microsoft (and others??) came up with so there should be no
compatibility problems. The encryption is also much stronger than PPTP
(3DES). Since the user auth is done inside an encrypted tunnel you don't
have the same issue with packet sniffing and cracking the password. Since
PPP config is done in a encrypted tunnel you don't have the same issue with
session hyjacking. In theory you can use Certificate authentication, but the
only CA mentioned was the MicoSoft CA, and I have heard it don't work. Be
nice if you could use others but don't yet know enough about CA's to figure
this out.

My opinion and only my opinion, PPTP bad, L2TP good (or at least a lot less
bad). I would still put the server behind a firewall and tunnel the L2TP
packets through so you don't have an NT box sitting on the internet, but
again my opinion.

**********************************************
Tom Arseneault
System Admin.
Gnac Inc.
arsen at gnac.com
**********************************************

> -----Original Message-----
> From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Stuart
> Birchall
> Sent: Tuesday, May 23, 2000 2:33 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: how secure is vpn on win2000 server?
>
>
> Hi,
> Does Windows 2000 support Ipsec in it's implementation of VPN?
> Can someone comment on the integrity of 2000 when implemented as a VPN
> gatekeeper. Are there any advantages to using it over NT4?
> Any comments are appreciated.
> Thanks,
> Stu
>
> VPN is sponsored by SecurityFocus.COM
>

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list