Something off of my "common security fallacies" list that relates to this
is the fallacy that "Only advanced hackers would be able to exploit that
so this defense, although flawed, is good enough". I've heard this
argument (or justification) used often as an excuse to continue using
solutions like PPTP when there are much better alternatives out there.
This is flawed logic, however. The truth is, that there are advanced
hackers that can make it trivial for _anyone_ to exploit _anything_. All
it takes is for someone to code up an exploit and the 12 year old next
door could be hacking into your systems. It is, IMHO, irresponsible to
rely on this "security by obscurity" and be lulled into thinking that
you're protected from all but the upper eschelon of hackers. Buffer
overflows are not exploitable by the general populous either, but exploits
make them accessible to anyone who wants to...
So, the point of this was to get you to think rationally about the "best"
solution from a security standpoint. The Internet is a hostile
environment. I agree with D Clyde Williamson and would only recommend the
"best" solution in that case. PPTP may be "easy" and "ubiquitous", but
that doesn't make it the "best" solution.
You should ask yourself questions like "What if someone was able to sniff
all of our corporate passwords because MS-CHAP and MPPE are weak and
exploitable? Is that okay? Do I care if anyone can get into my corporate
network?". Based on those answers, it may be okay to risk using something
like PPTP across the Internet. I wouldn't rely on it personally. Tools
like l0phtcrack already exist that can take advantage of holes like LANMAN
hashes and sniff and crack passwords from PPTP sessions. How do you know
that tools to exploit everything else aren't already out there? It's all
about how much risk you want to assume.
Whenever cryptography is an issue, it is sage advice to go with publically
scrutinized, well designed crypto. IPsec meets those requirements.
PPTP's MS-CHAP and MPPE do not.
BTW, PPTPv2 has been looked at by Bruce Schneier & others and some things
are fixed, but many things are not. (e.g. MS still touts "128 bit
encryption" when the encryption key is generated from a user password. A
user password has far less entropy than a randomly-generated string of 128
bits. Therefore, the encryption strength of MPPE is roughly between ((1.5
bits/character) * (# of characters in a password)) and ((4 bits/character)
* (# of characters in a password)). At best, it would take a 32 character
password to approach 128 bits of randomness! Typically, user passwords
are around 6-8 characters and are far from random. That means your keys
are typically 1.5*8=12 bits long. That's a small keyspace...)
-Jason
On Mon, 27 Dec 1999, D Clyde Williamson wrote:
> Date: Mon, 27 Dec 1999 13:58:24 -0500
> From: D Clyde Williamson <[EMAIL PROTECTED]>
> To: Paul Gracy <[EMAIL PROTECTED]>,
> "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: Re: MS PPTP (Safe?) - alternative?
>
> Paul Gracy wrote:
> >
> > Someone asked what my communication needs are. Fair enough.
> >
> > I need to be able to map NT drive shares, communicate with an Exchange
> > server, communicate with a Microsft SQL server, communicate with an Oracle
> > server, telnet to unix hosts, and browse the intranet web site. Essentially
> > I need to be able to make my NT computer at home think, and act, pretty much
> > like it is on the network at work. Thus, NetBEUI is not required because we
> > are an all IP shop, but NetBIOS over TCP/IP probably is.
> >
> > I need my traffic(work bits after connecting) and my connection(password
> > bits) to be encrypted against prying eyes on the internet.
> >
> > Anything else?
> >
>
>
> What type of budget do you have? How concerned are you with the
> security/integreity of the solution? How valuable is your data?
>
> The real issue with any type of security solution is based on the value
> you place on your assets. If you place a high value on your assets, do
> your best to protect them. Can you really look at you boss and tell him
> that PPTP is a "best" solution for you needs? Bruce's paper otlined many
> areas where MS-PPTP is very, very broken.
>
> Is it wise to use a security product that is at the very least
> "questionable"? If your assets are valuable, is it not much wiser to
> find a solution that is more trustworthy?
>
> You ask about level of risk... no one can answer that for you. You have
> to determine how valuable your assets are (data, network resources, time
> spent dealing with intrusion, etc.). Once you determine how valuable
> your assets are, figure out if MS-PPTP is enough to protect you. If it
> is, use it... if it's not then find a real solution, something IPSEC
> could be very nice.
>
> When one reviews Microsoft's record in the encryption field (the very
> recent discovery of the poor encryption on the SAM, LANMAN Hash, the v.1
> of MS-PPTP, etc) it becomes difficult to trust their "crypto experts".
> Is PPTP v.2 secure? Is it a good solution? I'll never know, the record
> is enough for me to base my decision on. If someone uses bad crypto in
> three products I won't use their fourth crypto product.
>
> As for alternatives, the small IPSEC CISCO routers work well. (My CISCO
> Rep stopped by and said you could probably get a 1700 series IPSEC
> solution for ~$1100 or less....
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
AT&T Wireless Services
IT Security
UNIX Security Operations Specialist
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
