GEN:SID | 1:2044 |
Message | POLICY PPTP Start Control Request attempt |
Summary | The Point to Point Tunneling Protocol (PPTP) is used to connect client machines to internal corporate resources using a Virtual Private Network (VPN) across a public network such as the Internet via an encrypted session.
|
Impact | Possible loss of data from an internal network to an unknown external source.
|
Detailed Information | internal resource to an unknown external source. This may be an indication of an attempt to initialize an encrypted session for nefarious purposes.
An internal user may try to use an encrypted tunnel to evade possible detection when transferring files from an internal resource to an unauthorized eternal party.
|
Affected Systems | All systems allowing PPTP connections from an internal to external source.
|
Attack Scenarios | The user only needs to initiate a connection to an external source.
|
Ease of Attack | Simple
|
Corrective Action | Disallow PPTP transactions from the internal LAN to external sources.
|
Additional References | |