8

PPTP has been demonstrated to be broken in many ways, and most installations are insecure. But it is also theoretically not broken if configured correctly.

As an end-user, is there a simple way for me to tell if a PPTP tunnel offered to me (for example by my place of work, or hosting company) is secure?

tylerl
  • 82,225
  • 25
  • 148
  • 226
  • 1
    Inspired by this discussion: http://meta.serverfault.com/q/5168/6800 – tylerl Jan 21 '13 at 18:49
  • I hardly think it's possible for an end-user to test a PPTP connection without actually attempting to exploit the known vulnerabilities. But this is actually a good question, I'd love to know if there were some way to do that. – Adi Jan 21 '13 at 18:57
  • I don't think this is an answer per se, but it seems like it would just be a matter of knowing the configuration, and knowing what a secure configuration is, right? Of course, that might be really difficult to explain to an end user. – Steve Jan 21 '13 at 19:17

1 Answers1

6

PPTP, by design had known vulnerabilities. Especially when comes to Windows based systems. Most of the known vulnerabilities were addressed but some of those still exist which will lead to attacks like DoS or information compromization. When considering Windows based systems, even MSChap v2. Microsoft's Point to Point Encryption quite weak strength (a maximum of 128 bits). You basically need to use EAP methods for strong protection.

Even though it provides authentication, encryption, and packet filtering, Other issues exist:

  1. No protection for IP, GRE, and PPP header information (basically, protection issues for NCP PPP packets). Data is secure but initial connection negotiations can be vulnerable if captured (during authentication).
  2. Vulnerabilities like low defense against session hijacking, bit-flipping attacks etc.
  3. If RC4 encryption has some weaknesses.

L2TP with IPSec (or any other with ssl/tls ipsec/ike) is recommended.

Penetration tools can be used to test but it is not an easy task for an end user. Basically tools developed for Linux with the intention of penetration testing (no single tool, combinations) can be used but the process does not suit for regular user.

User has the ability to check the security methods used in the connection. As an example, by opening the dial in properties and going to the Security Tab (Windows). Data Encryption should be "Maximum strength encryption(disconnect if server declines)". Authentication should be EAP-TLS, PEAP or Smart Cards. MSChapv2 is absolutely not recommended (least secure). Certificate based security it recommended. In order to check whether the DNS requests are secure, he/she can use online tools such as GRC. FYI: PPTP is not secure at all. Its outdated and can be cracked using nthash

Lasith
  • 106
  • 4
  • 2
    User has the ability to check the security methods used in the connection. As an example, by opening the dial in properties and going to the Security Tab (Windows). Data Encryption should be "Maximum strength encryption(disconnect if server declines)". Authentication should be EAP-TLS, PEAP or Smart Cards. MSChapv2 is absolutely not recommended (least secure). Certificate based security it recommended. In order to check whether the DNS requests are secure, he/she can use online tools such as GRC. FYI: PPTP is not secure at all. Its outdated and can be cracked using nthash. – Lasith Jan 30 '13 at 12:27
  • 1
    @Lasith - +1 but could you please include your last response in your answer (for future reference)? thanks! ;) – TildalWave Feb 01 '13 at 22:47
  • So, if we use pptp with EAP-TLS could be it considered secure up to now? – sebelk May 03 '16 at 17:29