Schneier on Security

In a paper released last week, computer security specialists from Counterpane Security and L0pht Heavy Industries went over with a fine-tooth comb Microsoft Corp.’s built-in Windows virtual private network (VPN) support.

Their target: Microsoft Point-to-Point Tunneling Protocol (PPTP) version 2. Their conclusions? While better than version 1, MS PPTP still leaves VPNs open to attack.

PPTP is a generic protocol that allows Point-to-Point Protocol (PPP) connections to pass through firewalls. The resulting connection is treated as if it had originated behind the firewall, creating a VPN. MS PPTP is Microsoft’s implementation of the PPTP, and is built into the Windows 95, 98, and NT operating systems. While VPN vendors are increasingly moving towards IPSec, PPTP remains important because of its wide distribution on Windows platforms…