Riscos de segurança de VPN PPTP

PPTP is Microsoft’s VPN implementation, which has been around since Windows NT. Users tend to like using PPTP as it’s typically configured on Windows Desktops with a shortcut that remembers username and password for quick access.

With proper name resolution (historically WINS) and now DNS, users can easily browse the network for shares and printers. On the back end, the system administrator configures Windows Server PPTP with the Routing and Remote Access role (RRAS).

While the tools used to manage and deploy PPTP Systems have changed with each new version of Windows it’s universally agreed that PPTP is insecure as compared to modern alternatives and adds additional indirect support costs even when upgraded to support SSTP.

O próprio protocolo PPTP não é mais considerado seguro, pois quebrar a autenticação inicial do MS-CHAPv2 pode ser reduzido à dificuldade de quebrar uma única chave DES de 56 bits, que com computadores atuais pode ser forçada em um tempo muito curto (tornando um senha forte irrelevante para a segurança do PPTP, pois todo o espaço de chave de 56 bits pode ser pesquisado dentro de restrições de tempo práticas).

An attacker can capture the handshake (and any PPTP traffic after that), do an offline crack of the handshake, and derive the RC4 key. Once the RC4 key is derived, the attacker will be able to decrypt and analyze the traffic carried in the PPTP VPN. PTP does not support forward secrecy, so just cracking one PPTP session is sufficient to crack all prior PPTP sessions using the same credentials.

PPTP provides weak protection to the integrity of the data being tunneled. The RC4 cipher, while providing encryption, does not verify the integrity of the data as it is not an Authenticated Encryption with Associated Data (AEAD) cipher.

PPTP also doesn’t do additional integrity checks on its traffic and is vulnerable to bit-flipping attacks, e.g. the attacker can modify the PPTP packets with little possibility of detection. Various discovered attacks on the RC4 cipher (such as the Royal Holloway attack) make RC4 a bad choice for securing large amounts of transmitted data, and VPNs are a prime candidate for such attacks as they typically transmit sensitive and large amounts of data.

Porta PPTP

O Point-to-Point Tunneling Protocol (PPTP) usa a porta TCP 1723 e o protocolo IP 47 Generic Routing Encapsulation (GRE). A porta 1723 pode ser bloqueada pelo ISP e o GRE IP Protocol 47 pode não ser transmitido por muitos firewalls e roteadores modernos.

PPTP VPN Vulnerabilities

Especialistas em segurança revisaram o PPTP e listaram várias vulnerabilidades conhecidas, incluindo:

MS-CHAP-V1 é fundamentalmente inseguro

Tools exist that can easily extract the NT Password hashes from MS-CHAP-V1 authentication traffic. MS-CHAP-V1 is the default setting on older Windows Servers.

MS-CHAP-V2 é Vulnerável

MS-CHAP-V2 is vulnerable to dictionary attacks on captured challenge response packets. Tools exist to crack these exchanges rapidly.

PPTP VPN Brute Force Attack Possibilities

It has been demonstrated that the complexity of a brute-force attack on an MS-CHAP-v2 key is equivalent to a brute-force attack on a single DES key. With no built-in options for Multi-Factor/Two-factor authentication, this leaves PPTP implementations highly vulnerable.

PPTP VPN Additional Support Costs

Cuidado com os custos de suporte adicionais comumente associados ao PPTP e ao Microsoft VPN Client.

• Por padrão, a rede Windows de um usuário final é roteada pela rede VPN do escritório. Como resultado, isso deixa a rede interna aberta a Malware e diminui toda a Internet para todos os usuários no escritório.
• PPTP is typically blocked at many locations due to known security issues resulting in calls to the help desk to resolve connectivity issues.
• Conflicts with office internal subnets at remote sites can block Microsoft VPN routing resulting in no connectivity and again leading to additional support costs.
• Minor network fluctuations can disconnect the Microsoft VPN client while in use corrupting files and leading to restores and lost work.
• O departamento de TI precisará manter uma frota adicional de laptops corporativos com Microsoft VPN pré-configurado para cada usuário remoto em potencial.
• Crypto Locker type malware is free to encrypt files over the VPN tunnel.

PPTP VPN – MyWorkDrive as a Solution

O MyWorkDrive funciona como a solução perfeita Alternativa VPN solução

Ao contrário do MyWorkDrive, os riscos de segurança do suporte a Microsoft PPTP ou SSTP VPN são eliminados:

• Os usuários obtêm um cliente Web File Manager elegante e fácil de usar, acessível a partir de qualquer navegador.
• IT Support costs are eliminated – users simply log on with their existing Windows Active Directory/Entra ID credentials or use ADFS or any SAML provider to access company shares, home drives, and edit/view documents online.
• Clientes móveis para Android/iOS e clientes de unidade mapeada para desktop do MyWorkDrive estão disponíveis.
• Ao contrário dos tipos de arquivos de bloqueio de VPN, receba alertas quando as alterações de arquivo excederem os limites definidos para bloquear o ransomware.
• Por segurança, todos os clientes MyWorkDrive suportam a autenticação DUO Two Factor.