The following excerpt is from Chapter 7 of the free e-book "The tips and tricks guide to securing Windows Server 2003" written by Roberta Bragg and available at Realtimepublishers.com. Click for the complete book excerpt series.
Point-to-Point Tunneling Protocol
Point-to-Point Tunneling Protocol (PPTP) is described is a standard that has primarily been implemented by Microsoft and has been available since Windows 98 and Windows NT 4.0. The first implementation came under public scrutiny and was strongly criticized for weaknesses in keying, authentication and encryption algorithms. Microsoft subsequently revised the protocol, correcting these flaws. The improvements were acknowledged by the original critics, but PPTP remains flawed in the eyes of many simply because of the early criticism.
When a PPTP session is established, an IP, AppleTalk or IPX frame is encapsulated with a GRE header and an IP header, the IP header contains the IP address of the VPN client and server. Figure 7.25 illustrates this design.
Figure 7.25: PPTP encapsulation and encryption.
The PPP frame is encrypted using keys generated by the MS-CHAP, MS-CHAP v2 or EAP-TLS authentication protocols. Only these authentication protocols can be used to provide an encrypted PPTP VPN solution. Microsoft Point-to-Point Encryption (MPPE) is the encryption algorithm used.
Click for the next excerpt in this series: Layer 2 Tunneling Protocol/IPSec.
Click for the book excerpt series or visit Realtimepublishers.com to obtain the complete book.
