The PPTP VPN protocol: Is it safe?

Introduction

It’s not an exaggeration to say that tunneling protocols make the difference between hassle-free, secure B2B commerce and absolute chaos. These essential tools create secure “tunnels” that contain encrypted data as it passes across Virtual Private Networks (VPNs).

In theory, they wrap up confidential information, keeping it safe from prying eyes. But that’s not always the case, and some common protocols have proved to be insufficient to ensure adequate protection.

Let’s look at one of those obsolete protocols: PPTP. The Point-to-Point Tunneling Protocol isn’t widely seen as a viable option by security experts these days, and with good reason. However, because it comes built into many Windows versions, it’s still regularly used by businesses on their internal and client-facing networks.

Don’t be like those businesses. Instead, there are plenty of reasons to look far beyond PPTP and choose a genuinely secure protocol that protects you and your clients’ data. Let’s find out what these reasons are.

PPTP: Some quick background

PPTP was created in the 1990s by engineers from Microsoft, Ascend and a group of mobile telecommunications providers such as Nokia. With high-speed internet expanding and e-commerce becoming mainstream, Microsoft wanted to provide Windows users with a basic tool for encrypting their data, and that’s pretty much what the team created.

Just like its predecessor PPP, PPTP works by creating data packets which form the basis of the actual tunnel. It couples this packet creation process with authentication systems to ensure that legitimate traffic is transmitted across networks. And it uses a form of encryption to scramble the data held by the packets.

PPTP acquired an official RFC specification (RFC 2637) in 1999, and it’s worth referring back to that for technical details. But to put things simply, it operates at Data Layer 2, and employs General Routing Encapsulation (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Olivia Scott. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/v22vmBiDlCA/