If you use a Windows server as a vpn head end, you are vulnerable to disclosures since a new tool was released at the end of last month which can crack PPTP encryption. Windows servers most commonly end up using PPTP encryption because it’s the default method, however MS is now recommending against using PPTP (in conjunction with MS-CHAP authentication).
With a recording of the encrypted networking traffic taken during a handshake process, someone can use a service to learn the key which could thereafter be used to unencrypt all traffic that passes within that VPN connection. All it costs is $200 dollars to use this cloud cracking service.
It’s been recommended since that exploit was revealed that any traffic supposedly secured by PPTP/MS-CHAP should from now on be considered unencrypted. If you need help or advice in transitioning away from PPTP encryption, contact us at http://www.hitcents.com/contact.