git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
pptpd
1
0
Fork 0
Files
Tree: 0038f20c84
Branches Tags
pptpd
/
PROTOCOL-SECURITY

PROTOCOL-SECURITY 4.1 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. 

  2.    Protocol Security
    3. 

  3. 

  4.    Summary
    5. 

  5. 

  6.                                                          by Peter Mueller
    7. 

  7. 

  8.    PPTP is known to be a faulty protocol. The designers of the protocol,
    9. 

  9.    Microsoft, recommend not to use it due to the inherent risks. Lots of
    10. 

  10.    people use PPTP anyway due to ease of use, but that doesn't mean it is
    11. 

  11.    any less hazardous. The maintainers of PPTP Client and Poptop
    12. 

  12.    recommend using OpenVPN (SSL based) or IPSec instead.
    13. 

  13. 

  14.    (Posted on [1]2005-08-10 to the [2]mailing list)
    15. 

  15.      _________________________________________________________________
    16. 

  16. 

  17.    Why not use PPTP?
    18. 

  18. 

  19.                                                          by James Cameron
    20. 

  20. 

  21.    The point to point tunneling protocol (PPTP) is not secure enough for
    22. 

  22.    some information security policies.
    23. 

  23. 

  24.    It's the nature of the MSCHAP V2 authentication, how it can be broken
    25. 

  25.    trivially by capture of the datastream, and how MPPE depends on the
    26. 

  26.    MSCHAP tokens for cryptographic keys. MPPE is also only 128-bit,
    27. 

  27.    reasonably straightforward to attack, and the keys used at each end
    28. 

  28.    are the same, which lowers the effort required to succeed. The obvious
    29. 

  29.    lack of two-factor authentication, instead relying on a single
    30. 

  30.    username and password, is also a risk. The increasing use of domestic
    31. 

  31.    wireless systems makes information capture more likely.
    32. 

  32. 

  33.    However, that doesn't mean people don't accept the risks. There are
    34. 

  34.    many corporations and individuals using PPTP with full knowledge of
    35. 

  35.    these risks. Some use mitigating controls, and some don't.
    36. 

  36. 

  37.    Many people seem to judge the security of a protocol by the
    38. 

  38.    availability of the implementation, the ease of installation, or the
    39. 

  39.    level of documentation on our web site. Improving the documentation is
    40. 

  40.    the purpose of this web site, and we aren't doing that in order to say
    41. 

  41.    anything about the risks of the software! Any judgement of security
    42. 

  42.    should be rigorously applied to the design and implementation alone.
    43. 

  43. 

  44.    PPTP on Linux, and Microsoft's PPTP, both implement fixes for
    45. 

  45.    vulnerabilities that were detected years ago in Microsoft's PPTP. But
    46. 

  46.    there remain the design vulnerabilities that cannot be fixed without
    47. 

  47.    changing the design. The changes needed would break interoperability.
    48. 

  48.    We can't change the Linux PPTP design, because it would stop working
    49. 

  49.    with Microsoft PPTP. They can't change their design, because it would
    50. 

  50.    stop working with all the other components out there, such as Nortel
    51. 

  51.    and Cisco, embedded routers, ADSL modems and their own Windows
    52. 

  52.    installed base.
    53. 

  53. 

  54.    The only option then is to deprecate the product and promote the
    55. 

  55.    replacement. Microsoft promote something else. Our choice for Open
    56. 

  56.    Source systems is OpenVPN or IPsec.
    57. 

  57. 

  58.    Level of acceptance isn't a good indicator of risk either. Some have
    59. 

  59.    said that the shipping of MSCHAP V2, MPPE and PPTP in Linux
    60. 

  60.    distributions is an indication of design security, but that's not the
    61. 

  61.    reason. It's for interoperability. As an example, see how Linux
    62. 

  62.    distributions still ship telnet, ftp, and rsh, even though these
    63. 

  63.    components are insecure because they reveal the password in cleartext
    64. 

  64.    in the network packets. The same can be said of many other components
    65. 

  65.    and packages.
    66. 

  66. 

  67.    Our recommendations are;
    68. 

  68. 

  69.     1. do not implement PPTP between open source systems, because there's
    70. 

  70.        no justification, better security can be had from OpenVPN or
    71. 

  71.        IPsec,
    72. 

  72. 

  73.     2. do not implement PPTP servers unless the justification is that the
    74. 

  74.        clients must not have to install anything to get going (Microsoft
    75. 

  75.        PPTP is included already), and be aware of the risks of
    76. 

  76.        information interception,
    77. 

  77. 

  78.     3. do not implement PPTP clients unless the justification is that the
    79. 

  79.        server only provides PPTP, and there's nothing better that can be
    80. 

  80.        used, and again be aware of the risks of information interception.
    81. 

  81. 

  82.    (Posted on [3]2005-08-10 to the [2]mailing list)
    83. 

  83. 

  84. References
    85. 

  85. 

  86.    1. http://marc.theaimsgroup.com/?l=poptop-server&m=112369621702624&w=2
    87. 

  87.    2. http://pptpclient.sourceforge.net/contact.phtml#list
    88. 

  88.    3. http://marc.theaimsgroup.com/?l=poptop-server&m=112365342910897&w=2
    89.