Rischi per la sicurezza della VPN PPTP

PPTP is Microsoft’s VPN implementation, which has been around since Windows NT. Users tend to like using PPTP as it’s typically configured on Windows Desktops with a shortcut that remembers username and password for quick access.

With proper name resolution (historically WINS) and now DNS, users can easily browse the network for shares and printers. On the back end, the system administrator configures Windows Server PPTP with the Routing and Remote Access role (RRAS).

While the tools used to manage and deploy PPTP Systems have changed with each new version of Windows it’s universally agreed that PPTP is insecure as compared to modern alternatives and adds additional indirect support costs even when upgraded to support SSTP.

Lo stesso protocollo PPTP non è più considerato sicuro in quanto il cracking dell'autenticazione iniziale MS-CHAPv2 può essere ridotto alla difficoltà di crackare una singola chiave DES a 56 bit, che con i computer attuali può essere forzata in brevissimo tempo (creando un password complessa in gran parte irrilevante per la sicurezza di PPTP poiché l'intero spazio delle chiavi a 56 bit può essere cercato entro limiti di tempo pratici).

An attacker can capture the handshake (and any PPTP traffic after that), do an offline crack of the handshake, and derive the RC4 key. Once the RC4 key is derived, the attacker will be able to decrypt and analyze the traffic carried in the PPTP VPN. PTP does not support forward secrecy, so just cracking one PPTP session is sufficient to crack all prior PPTP sessions using the same credentials.

PPTP provides weak protection to the integrity of the data being tunneled. The RC4 cipher, while providing encryption, does not verify the integrity of the data as it is not an Authenticated Encryption with Associated Data (AEAD) cipher.

PPTP also doesn’t do additional integrity checks on its traffic and is vulnerable to bit-flipping attacks, e.g. the attacker can modify the PPTP packets with little possibility of detection. Various discovered attacks on the RC4 cipher (such as the Royal Holloway attack) make RC4 a bad choice for securing large amounts of transmitted data, and VPNs are a prime candidate for such attacks as they typically transmit sensitive and large amounts of data.

Porta PPTP

Point-to-Point Tunneling Protocol (PPTP) uses TCP port 1723 and IP protocol 47 Generic Routing Encapsulation (GRE). Port 1723 may be blocked by ISP’s and GRE IP Protocol 47 may not be passed by many modern firewalls and routers.

PPTP VPN Vulnerabilities

Gli esperti di sicurezza hanno esaminato PPTP e hanno elencato numerose vulnerabilità note, tra cui:

MS-CHAP-V1 è fondamentalmente insicuro

Tools exist that can easily extract the NT Password hashes from MS-CHAP-V1 authentication traffic. MS-CHAP-V1 is the default setting on older Windows Servers.

MS-CHAP-V2 è vulnerabile

MS-CHAP-V2 is vulnerable to dictionary attacks on captured challenge response packets. Tools exist to crack these exchanges rapidly.

PPTP VPN Brute Force Attack Possibilities

It has been demonstrated that the complexity of a brute-force attack on an MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. With no built-in options for Multi-Factor/Two-factor authentication, this leaves PPTP implementations highly vulnerable.

PPTP VPN Additional Support Costs

Beware of the additional support costs commonly associated with PPTP & Microsoft VPN Client.

• Per impostazione predefinita, la rete Windows di un utente finale viene instradata attraverso la rete VPN dell'ufficio. Di conseguenza, ciò lascia la rete interna aperta al malware e rallenta tutta Internet per tutti gli utenti dell'ufficio.
• PPTP is typically blocked at many locations due to known security issues resulting in calls to the help desk to resolve connectivity issues.
• Conflicts with office internal subnets at remote sites can block Microsoft VPN routing resulting in no connectivity and again leading to additional support costs.
• Minor network fluctuations can disconnect the Microsoft VPN client while in use corrupting files and leading to restores and lost work.
• Il reparto IT dovrà mantenere una flotta aggiuntiva di laptop aziendali con Microsoft VPN preconfigurata per ogni potenziale utente remoto.
• Crypto Locker type malware is free to encrypt files over the VPN tunnel.

PPTP VPN – MyWorkDrive as a Solution

MyWorkDrive agisce come il perfetto Alternativa alla VPN soluzione

A differenza di MyWorkDrive, i rischi per la sicurezza derivanti dal supporto di Microsoft PPTP o SSTP VPN vengono eliminati:

• Gli utenti ottengono un client Web File Manager elegante e facile da usare, accessibile da qualsiasi browser.
• IT Support costs are eliminated – users simply log on with their existing Windows Active Directory/Entra ID credentials or use ADFS or any SAML provider to access company shares, home drives, and edit/view documents online.
• Sono disponibili client mobili per Android/iOS e client di unità mappate per desktop MyWorkDrive.
• A differenza della VPN, blocca i tipi di file e ricevi avvisi quando le modifiche ai file superano le soglie impostate per bloccare il ransomware.
• Per motivi di sicurezza, tutti i client MyWorkDrive supportano l'autenticazione a due fattori DUO.