Manage Learn to apply best practices and optimize your operations.

How secure is a PPTP VPN in comparison with other types of VPNs?

In this Ask the Expert response, VPN expert Rainer Enders discusses the lack of safety associated with PPTP and offers these safer VPN solutions.

How secure is a PPTP VPN? How does its security compare to other types of VPNs?

Point-to-Point Tunneling Protocol (PPTP) is a VPN technology that was specified by a group of system vendors intended to promote easy VPN deployments. It exists in multiple implementations, which are vendor specific, such as Microsoft PPTP. The most commonly-used underlying mechanisms for authentication and encryption have been found highly vulnerable. Even after many attempts to fix issues in the PPTP security hole, it can be stated that the mechanisms for authentication and encryption used in PPTP still exhibit major vulnerabilities and are not state-of-the-art. I recommend not deploying PPTP as a VPN solution and argue to deprecate this protocol. The only somewhat safe way of deploying PPTP would be by using Transport Layer Security (TLS), which requires the implementation of an entire PKI infrastructure, which is why most people stay away from it. But even then, you run into similar security issues that plague SSL VPNs today.

The two only serious VPN technologies are Secure Sockets Layer (SSL) and Internet Protocol Security (IPsec ) VPN. SSL VPN is similar to PPTP in that it is easier to deploy than other VPN types. The strength of IPsec VPN is its transparency over the IP network layer, which works in both versions of IP: IPv4 and IPv6. But its key strength results from the fact that it is an IETF standard, a framework of open standards protocols that support state-of-the-art strong authentication, authorization and encryption schemes and can be implemented in various standards-based ways.

Email your VPN-related questions to [email protected].

This was last published in January 2012

Dig Deeper on Branch office network design