Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: fpausp on November 01, 2007, 08:46:20 AM
-
Hi all,
I am using sme72 and the possebility of the build in pptp-vpn but i heard that this method is not really secure.
I know there is openvpn but the sme-vpn is easier to handle for me.
Is there a way to get more security for the pptp-connection, maybe with EAP or so on ?
regards
fpausp
-
Hi all,
I am using sme72 and the possebility of the build in pptp-vpn but i heard that this method is not really secure.
Hi, any 'proof' the default VPN method not being secure please? What are your VPN requirements?
guest
-
I have always felt that since pptp is based on usernames & passwords it is exactly as secure as your usernames and passwords. A remote user checking webmail on a terminal with a key logger installed can easily reveal a username and password, for example.
OpenVPN, by contrast, is server and certificate based - an attacker has to crack into one end or the other to get certificate information, and possibly may need to spoof IP information, too.
I don't know of any other reason that PPTP would be considered 'insecure'.
The basic implication is that you need to carefully train any users who have access to your PPTP server to make sure they understand the importance of password security, etc, etc.
-
Hi,
What i mean is (excuse my english) if i can use the Extensible-Authentication-Protokoll (EAP) instead of MS-CHAP v2, i have seen this when i was confige my xp-client.
The pptp-client gives me two possibilities for logonsecurity under the point EAP - 1. MD5-Challenge and 2. Smartcard or other certificate.
regards
fpausp
-
Hi,
http://en.wikipedia.org/wiki/Point-to-point_tunneling_protocol
MSCHAP-v2 can be compromised if users choose weak passwords. The certificate-based EAP-TLS provides a superior security option for PPTP.