Security Best Practice: PPTP Protocol Enforcement
| Check Point Reference: | SBP-2006-17 | |
| Date Published: | ||
| Severity: | ||
| Source: | SmartDefense Research Center | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Products that implement the PPTP protocol | ||
| Vulnerability Description The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. |
||
|
Vulnerability Details PPTP has been the subject of many security analyses and serious security vulnerabilities have been found in the protocol. The known vulnerabilities relate to the underlying PPP authentication protocols used, the design of the MPPE protocol as well as the integration between MPPE and PPP authentication for session key establishment. |
Protection Overview
This protection enforces the PPTP protocol. PPTP sessions are forced to comply with the RFC standard including message type, and packet length. In case the PPTP control connection unexpectedly terminates, the GRE tunnel will be terminated automatically. In addition, enabling this protection will allow Hide NAT as well as Static NAT to be performed on PPTP connections.
To configure the defense, select your product from the list below and follow the related protection steps.