Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RRAS, PPTP and VPN

3 views
Skip to first unread message

Jonathon

unread,
Jul 7, 1998, 3:00:00 AM7/7/98
to
My understanding of PPTP was that you must use RAS to establish a
connection. We do not have this option. We need PPTP to create a VPN over
the internet that is VERY secure. I have heard that the RRAS for NT can do
this, however the information from MS is information sparse...

Does anyone have any suggestion?


Jeani Rudi

unread,
Jul 10, 1998, 3:00:00 AM7/10/98
to
In article <6ntrjn$l3$1...@pollux.dnai.com>, jorb...@firstep.com says...
Check out Firelink at

www.boltonsys.com

Its a pure 'standalone' software solution. Easier to install and
MUCH higher performance.

Edison M. Castro

unread,
Jul 10, 1998, 3:00:00 AM7/10/98
to
No, just use RAS as usual,
1.- Install the PPTP client (VPN)
2.- Configure RAS to used the PPTP (VPN) adapter
3.- In the address book enter the ip address of your PPTP Server
4.- You are done !!!!!!!!!!!

Jeani Rudi wrote in message <6o4abs$e8o$2...@ionews.ionet.net>...

Jeani Rudi

unread,
Jul 10, 1998, 3:00:00 AM7/10/98
to
In article <6o5mlk$ev$1...@news.ml.com>, edison...@ml.com says...
Thankyou, Mr. Castro, for proving my point.


Anthony W. Youngman

unread,
Jul 11, 1998, 3:00:00 AM7/11/98
to
In article <6ntrjn$l3$1...@pollux.dnai.com>, Jonathon
<jorb...@firstep.com> writes

>My understanding of PPTP was that you must use RAS to establish a
>connection. We do not have this option. We need PPTP to create a VPN over
>the internet that is VERY secure. I have heard that the RRAS for NT can do
>this, however the information from MS is information sparse...
>
>Does anyone have any suggestion?
>
You said VERY secure. You are aware, I hope, that there is a theoretical
hole in M$'s PPTP? While it apparently remains theoretical at the
moment, ie there have been no known breaches of security yet; make sure
you have the relevant hotfix or Service Pack.
--
Anthony W. Youngman - wol at thewolery dot demon dot co dot uk
Trousers with a single hole in their waistband are topologically equivalent
to a doughnut. These sugarcoated trousers have yet to catch on at fast-food
outlets! (SuperStrings by F. David Peat)

If replying by e-mail please mail wol. Anything else may get missed amongst
the spam.


Eric

unread,
Jul 16, 1998, 3:00:00 AM7/16/98
to
Well
I have a PPTP VPN using RAS, and it is not as easy at it seems. Also there
are serious questions now on whether it is secure at all ( see the bottom )
. If you already
have an internal IP structure, ie behind a firewall or proxy server, you are
in for some interesting configuration issues. One piece of advice is to
make sure to use a new IP structure to assign IP's for the outlying sites.
We have a internal range in Head Office of 192.168.10.0 - ... and in our
branch it is 192.168.20 - ... The RRAS VPN needs a new range for the VPN
and in our example it is 192.168.11.0 - ... for the 10 network and
192.168.21.0 - ... for the 20 network. the VPN assigns the first ip to
itself, and then further connections take the rest. Update your routes
often, you'll know what this is once you install. And if you are using
different ISPs at either end, you are in for a treat on this too. we are
just going to swich to a single ISP to try and fix some problems we are
having. We have 2 sites on 1 ISP and 1 on another , the 2 that are ont he
same connect in 2 seconds, connecting to the one that is one the differnt
ISP is sometimes are real pain.

Just make sure to have the RRAS update loaded on both your server, and if
you are going to have
modem access on this server, make sure the clients are running DUN 1.2.

I am having serious thoughts of removing this and going with another
solution at together, read this :

> fyi: This article appeared in the June 8 issue of Computer World on page
6.
>
> Windows nt security is getting worse.
>
> That's the assessment of top security experts following their
discovery
> last week of yet another security vulnerability in Windows NT that leaves
the
> operating system wide open to password and denial-of-service attacks on
virtual
> private networks.
>
> At least 12 major security breaches have been found so far this year
by
> so-called "white-hat" hackers -- people who look for flaws to expose
rather
> than exploit -- and posted on independent Windows NT security World Wide

Web pages (see box at right).

>
>
>
> The latest glitch cropped up in Microsoft Corp.'s implementation of
the
> Point-to-Point-Tunneling Protocol (PPTP), which the company includes free
as
> part of the
> Remote Access Service in Windows NT 4.0, said Bruce Schneier, head
> cryptographer at Counterpane Systems, Inc., a Minneapolis-based security
> consulting
> firm.
>
> "We found several major security flaws in Microsoft's PPTP that will
let
> hackers sniff passwords across the network, break the encryption scheme,
read
> confidential data and mount denial-of-service attacks against PPTP
> servers," Schneier said. "The security problems in NT will only worsen as
> Microsoft increases
> the complexity of the [operating system]."
>
> Microsoft's version of PPTP -- not the actual protocol itself -- is
so
> severe that "there's no real way to fix it," added Peter Mudge, director
of
the
> L0pht group,
> seven white-hat hackers based in Boston.
>
> Schneier and Mudge advise businesses to use the IPSec protocol
standard
> instead of Microsoft's PPTP. IPSec was designed by the Internet
Engineering
Task
> Force, a standards group.
>
> FRIGHTENING
>
> "This is scary stuff. I'm glad we don't have a [virtual private
network],"
> said Keith Langford, information systems coordinator at The Merrick
Printing
> Co. in
> Louisville, Ky.
>
> Langford and Matthew Merrick, the company's vice president of IS,
said
> although Microsoft has always responded "very promptly" when they have
> approached
> the Redmond, Wash., software maker with problems, they still won't
expose
> Merrick Printing's NT networks to the Internet.
>
> Microsoft has acknowledged the flaw in its version of the PPTP
protocol.
> Microsoft said it is working on a fix that it expects to post "soon." But
> Microsoft officials
> denied Schneier's and Mudge's assertions that its PPTP protocol
couldn't
> be fixed.
>
> KNOWN PROBLEM
>
> Another IS security manager at a Washington-based defense contracting
> firm, who requested anonymity, said he has resisted pressure from his
> management to
> use the Microsoft protocol because he was aware of the flaws.
>
> The security manager said he "fought tooth and nail" to use other
vendors'
> virtual private network products rather than Microsoft's PPTP.
>
> "I've known all along that Microsoft's PPTP is subject to dictionary
> attacks, and it's vulnerable to weak passwords as well. The new problems
are
> the nail in the
> coffin," he said.
>
> NT's popularity has made it the target of an increasing number of
hacks.
>
> "Hacking NT has clearly become a favorite blood sport among the
hacker
> underground," observed Mark Fabro, director of the advanced security
assessment
> division of Secure Computing Corp. in Toronto. NT can be "a secure
> operating system," but only if network administrators are well versed on
> current security
> issues and have updated their NT servers with the latest fixes and
> patches, he said

Good luck.

Jonathon wrote in message <6ntrjn$l3$1...@pollux.dnai.com>...

0 new messages