PPTP is a VPN protocol that was created by Microsoft, Ascend, 3COM, and a few other vendors. It stands for Point-to-Point Tunneling Protocol and it has been in use since the early 1990s. The original intent of PPTP was to provide remote access services over dial-up connections, but now it is also used as a way to create secure “virtual private networks” (VPN) between two or more computers. Communication between two endpoints can be encrypted so securely that third parties cannot intercept or decrypt them.
There are some drawbacks to using this system: one being its lack of scalability due to performance issues when transmitting large amounts of data; another being its reliance on legacy security methods such as MSCHAPv1 for authentication in order to prevent dictionary attacks against passwords and use the RC4 encryption algorithm which has been shown to have weaknesses.
PPTP uses 256 bit AES Encryption with MPPE 40bit key length. The PPTP server provides an LZO compression method which reduces bandwidth.
The PPTP tunnel is established by first starting a control channel and then setting up the data channel over which encrypted VPN packets are sent. The PPTP protocol provides confidentiality, integrity, authentication and replay protection as key features.
While Microsoft has left this protocol vulnerable in recent years due to their decision not to support it on versions of Windows after Vista, there are still many users who rely on this system for its high level of security when transmitting important information such as financial records or medical documents back and forth between two endpoints where each endpoint can be located inside an organization’s firewall environment while connecting out via a public network connection that may have been compromised at any time without notification or knowledge of the originator.
