Nice, thanks for the link. That confirms my understanding that they basically did fix all the original problems. It sounds like a good enough implementation if you implement reasonable password measures - long enough length, complexity, etc.
...Tim From: Richard Stovall [mailto:[email protected]] Sent: Thursday, May 06, 2010 2:21 PM To: NT System Admin Issues Subject: Re: VPN stuff You are correct sir. I realize now that the link was to criticism of the original implementation. Here is one about PPTPv2 http://www.schneier.com/pptp.html On Thu, May 6, 2010 at 4:56 PM, Tim Evans <[email protected]<mailto:[email protected]>> wrote: That page looks to be pretty old. I don't think Mudge has gone by that name since the L0pght/@Stake days in the late 90's early 2000's I know that MS's initial (NT4 days) PPTP implementation had some real problems. They released PPTPv2 in the Win2000 time frame, which was supposed to address the problems with the original implementation. I've looked and can't find anything on the fixed version - all the write ups are like this and are usually undated and don't specify which version of the protocol ...Tim From: Richard Stovall [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, May 06, 2010 12:36 PM To: NT System Admin Issues Subject: Re: VPN stuff http://www.schneier.com/pptp-faq.html I suppose, as with many things, it's all about what your security needs are. I agree with the less is more/better philosophy in general, but usually that's thought to be true because of 2 things - reduced risk from insecure apps and better performance due to fewer apps running. In this case it could be reasonably argued that your vulnerability profile actually goes up by not installing the SSL VPN software. On Thu, May 6, 2010 at 3:24 PM, Phillip Partipilo <[email protected]<mailto:[email protected]>> wrote: There are a lot of things in transition here, but one little one has been implementation of a Watchguard UTM box. Recently remote SSL VPN users have been having issues. I'm taking that up with support, so not asking about that. But call me an old stubborn fart, but I have things working with PPTP, which Windows has a built in client for, and now theres the addition of SSL which needs additional software. Maybe call me a minimalist, but the less 3rd party crap I have to install on my PC, the more streamlined it stays. Comments? Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
