Point-to-Point Tunneling Protocol (PPTP) is a feature on Microsoft NTÒ Server. It is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a Virtual Private Network (VPN) across a Transmission Control Protocol/ Internet Protocol (TCP/IP)-based data networks. PPTP simplifies and reduces the cost of deploying a Wide Area Network (WAN). It provides access solutions for remote or mobile users by encrypting communications over public phone lines and the Internet. PPTP eliminates the need for expensive leased lines because you can use PPTP over public-switched telephone lines.

This paper will link this emerging technology with National Distributors, INC, a company currently using this technology. National Distributors is a trucking company that has several terminal locations throughout the United States. Each terminal needs relevant, timely, complete, and accurate information from the main terminal hub in Sellersburg, IN. At these terminal locations they are currently in the process of being connected to National Distributors through a PPTP connection over an Integrated Services Digital Network (ISDN) line. The terminal locations are able to connect to National Distributors and receive real-time email, and screen shots of programs that are currently being used at National Distributors as if they were on the network.

This paper will also cover security issues, cost/benefit factors, reliability, and transfer speeds over an ISDN line using a PPTP connection. This paper will cover the reasons why National Distributors chose PPTP over other types of high-speed data transfer devices.

Typical PPTP Setup. A typical user of PPTP starts out with a client in a remote location somewhere outside of a private enterprise. This client then uses their computer running Windows NT Workstation 4.0 to dial-up an Internet Service Provider (ISP) via a modem. The client accesses the Network Access Server (NAS) at the ISP facility. Once connected, the client is able to send and receive packets over the Internet. After the client has made the initial connection to the ISP, a second dial-up networking connection is made over the existing connection. This second call creates the VPN connection to a PPTP server on the private enterprise Local Area Network (LAN) within the company. This is referred to as a tunnel. This is shown in Figure 1.

Figure 1 – The PPTP Tunnel ².

Tunneling is the process of sending packets to a computer on a private network by routing them over some other network, such as the Internet ². The second connection is in the form of IP datagrams that contain encapsulated Point-to-Point Protocol (PPP) packets². After the second connection is made the PPTP server receives the packet from the routing network and sends it across the private network. The PPTP server does this by processing the PPTP packet to obtain the private network computer name or address information in the encapsulated PPP packet ². In other words, after the PPTP server receives the dial-up information sent from the client, it places the client onto the network as a node. Figure 2 illustrates what happens after the PPTP server receives the PPTP packet.

Figure 2 - Connecting a Dial-Up Networking PPTP Client to the Private Network ². 

Purpose. The research for this paper was conducted for the purpose of explaining the benefits of implementing and using a PPTP connection over an ISDN line using National Distributors, INC., as an example. In other words, what are the benefits of using PPTP?

Most of the literature currently available to the public on PPTP can be found at Microsoft’s web site. These documents are highly detailed, yet it is explained in a way that can be understood by the average person. Since most of the information for this report was obtained from Microsoft’s Web Site, one has to overlook the bias that Microsoft writers put into their reports. Therefore, other sources such as Security Dynamics, Computer-World, and personal interviews were obtained to get a second opinion on the subject matter. The reports that were used in this report can be found in the "REFERENCES" section of this report.

The approach that was taken to gain information on PPTP consisted of two parts. First, information was gathered by doing searches on the World Wide Web. There were many documents that were obtained from these searches. The next approach was to gather information from an IT professional who has worked with this emerging technology. The next step was to do an analysis of the information and help explain the benefits that PPTP provides to a company.

Searches. There were several searches conducted pertaining to the topic of this paper. The first search was conducted on 09/02/99 at http://www.excite.com with the keyword PPTP. The search resulted in 2,727 hits. There were several hits from Microsoft’s homepage. So that search was abandoned and a second search was conducted at http://www.microsoft.com. The "All Products" tab was clicked and opened this page http://www.microsoft.com/catalog/default.asp?subid=22. A drop down screen appeared with all of Microsoft’s products. Windows NT Server 4.0 was clicked which resulted in this page http://www.microsoft.com/catalog/display.asp?site=427&subid=22&pg=1. There was a link there to "Visit the Microsoft Windows NT Server 4.0 Web Site" and it resulted with a search engine within the Windows NT Sever Web Page. A search was conducted there with the keyword PPTP. There were 50 hits that resulted from that search. Within those hits there were three White Paper reports that were very useful to this report. These reports are listed as one through three in the References section of this report.

Another search was conducted on 10/11/99 at http://www.infoseek.go.com with the keyword PPTP. That search resulted in 3,591 hits. On the first page there was a link to report on PPTP security from ComputerWorld. The report interviewed several IT professionals who had doubts about security issues with Microsoft’s PPTP technology.

Interview. The last approach to gain information on PPTP was an email interview sent to Troy Powers. He is the IT professional at National Distributors, and has setup several PPTP connections for the company. The following questions were asked:

1. What are the benefits of using PPTP?
2. What are the drawbacks of using PPTP?
3. Why did National Distributors choose a PPTP system for data transmission?
4. Are there any security problems associated with using PPTP?
5. How does PPTP work? What are the steps that are associated with PPTP to connect to National Distributors?
6. What are the cost benefits of using a PPTP system?

Information is a critical business asset, and technology advances make it increasingly difficult to protect business applications. As users receive more computing power and access to critical business information, organizations realize increased productivity. Today, workers view "anywhere-to-anywhere" remote access as a birthright and expect online connectivity around-the-clock, seven days per week ⁶. As organizations build a remote access infrastructure they realize the business value of eliminating costly, high maintenance, leased line connections between offices by tunneling high-speed connections over the Internet. Companies also realize the cost savings of connecting remote and mobile users via the Internet to reduce long distance telephone charges. However, to realize these business objectives, organizations must ensure the integrity of the information traveling over public Internet connections. With more business communications running over the Internet, this creates potentially serious security risks if not managed properly.

The benefits of using PPTP are reduced costs and a more simplified network. PPTP can save companies not only bandwidth charges, but also a PPTP connection can reduce network complexity. This results in lower network operation costs, help desk calls, which traditionally focus on connecting the user to the network, are off-loaded to the ISP help desk and serviced as part of the monthly rate ⁶. This means that the problems and questions that the help desks are faced with have a more consistent architecture to them, regardless of location or network needs. Thus the solutions are more predictable and easily reproduced. Figure 3 illustrates and reinforces how an enterprise can reduce costs by implementing a VPN.

Figure 3 – VPN Cost/Complexity Reduction Opportunities ⁶.

PPTP versus Frame Relay. The main difference between PPTP and Frame Relay is price. National Distributors, INC., received an estimate from an independent contractor for a Frame Relay system which included setting up four remote locations, Del Rio, TX; Laredo, TX; Ontario, CA; Romulus, MI, and the main building with all the hardware and software needed to implement the system. The total estimate was over $57,000 with a repeating monthly fee of over $1,800. With a PPTP system the start-up costs are much lower. The hardware was estimated at under $2,000 with monthly repeating fees of about $500.

There comes a trade off with the lower costs of a PPTP system. The most notable is reliability and speed. First, reliability Frame Relay has been around for several years and is very reliable, because it creates a Permanent Virtual Circuit (PVC). PVC means that there is no need to dial-up because there is always a direct connection between the client and the private network. While on the other hand PPTP technology is relatively new and also relies on several external entities to work flawlessly. Below are some examples of technicalities that would hinder or slow the data transference between the client and the private network while using a PPTP dial-up.

Implementation. Before installing PPTP, it is important that one must understand the following points:

The hardware requirements for the PPTP client can be a computer configured with either Windows NT Workstation 4.0 or Windows NT Server 4.0. Thus, the minimum hardware configuration for a PPTP client is dependent on which operating system is being used. If the PPTP client is a remote or mobile enterprise user that connects to an enterprise PPTP server by dialing-up lines over the Internet, additional hardware is required; such as an analog modem or ISDN device and a device for telephone access, such as a telephone wall jack.

Costs. Capital costs are greatly reduced, because the enterprise network is paying the ISP for access, and the ISP is responsible for establishing the infrastructure for Internet connectivity. Thus companies need to only provide their remote users with the equipment to connect to the local ISP. This approach also reduces the cost of technology obsolescence, since the infrastructure capital costs are shifted to the ISP and the enterprise is only responsible for the lower cost of access technologies ⁶.

Advantages. Organizations can achieve a competitive advantage by relying on PPTPs, because the networks can evolve more rapidly and easily than those organizations with major investments in a private network. With a PPTP connection, an enterprise and its remote entities can become more flexible. This is possible because there are no major changes required by the enterprise’s infrastructure if one of the remote entities relocates or "outgrows" its current configuration. This approach provides greatly improved scalability over the private network approach, since access equipment can easily be added and additional ISP connections can be provisioned to quickly accommodate the shift of additional applications to run over the Internet ⁶.

Disadvantages. The possible drawbacks to using a PPTP connection, according to Troy Powers, are:

At least 12 major security breaches have been found so far this year by so-called "white-hat" hackers -- people who look for flaws to expose rather than exploit -- and posted on independent Windows NT security World Wide Web pages ¹. Microsoft has acknowledged the flaw in its version of the PPTP protocol. Microsoft said it is working on a fix that it expects to post soon ¹. In Microsoft’s defense the above comments were posted in June of 1998. Since then Microsoft has posted the correction on their Web Site and can be found at http://www.microsoft.com /ntserver/all/downloads.asp.

Troy Powers, National Distributors IT professional, confirmed these allegations. "Using what is called challenge and response method from the PPTP server and client, it was possible to intercept the PPTP packets destined for the client and to "sniff" the password on the wire" ⁵. He also confirmed that Microsoft has fixed this problem. "It now has a 128 bit encryption level (US only) and includes different hashing algorithms to secure passwords. If any of the packets were to be intercepted the viewer of the data packets will just see garbage without the encryption algorithms" ⁵. With all new technologies, there are "bugs" to work out. Microsoft has acknowledged these flaws and has fixed the problem.

Summary. As the number of computers connected to the Internet grows infinitely larger, the task of managing information between computers becomes increasingly complicated. Network managers are struggling to secure networks while allowing greater access to protected resources. PPTP is becoming a fundamental element of the total security package, particularly when companies need to extend their Intranet to a diverse population of users. Once the trust between companies and their business partners, customers, suppliers, and employees on the Internet matches the trust they share in the real world, then e-business can be a part of every business. VPNs are the tool for building that trust model.