[vpn] Thoughts on VPN
neale at lowendale.com.au
Tue Oct 30 21:35:10 EST 2001
On Thu, 25 Oct 2001, Thierry Blanchard wrote:
> After reading some articles, I want to make sure that what I think is right.
> #1: VPN is based on different protocols.
> #2: Using a layer 2 protocol, main protocols are either PPTP (comes from MS)
> or L2TP.
> #3: Because of security holes in PPTP, L2TP is better.
> #4: Using a layer 3 protocol, the main protocol is IPSec.
> Knowing that we can't compare L2TP and IPSec (because they reside on
> different layer), how more secure is IPSec ?
it has some interesting discussion on these issues in section 2
* it says that PPP authentication (which is what PPTP uses) isn't up to
* L2TP is the successor to PPTP (and L2F)
* Microsoft is strongly represented in the authors (2 of 5)
It may be possbile to infer some admission of shortcomings of MSCHAP(-V2)
and/or MPPE (both used by MS for PPP). OTOH, there's no specific
finger-pointing at these particular implementations.
Interestingly, AFAIK Win2k defaults to requiring L2TP/IPSec (registry
tweak needed to get around this). IOW if that's a significant cause of
VPN is sponsored by SecurityFocus.com
More information about the VPN