Only the initial authentication exchange - which uses protocols outside of PPTP to authenticate (MD5, CHAP). Technically, you're not even encrypting the exchange... just sending an MD5 hash across the wire of your password for verification.
________________________________ From: Dennis Rogov [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:47 AM To: NT System Admin Issues Subject: RE: VPN question So I am assuming the answer nothing is encrypted... with PPTP Dr Dennis Rogov Senior Network Analyst THE Peer GROUP an informed medical communications company 379 thornall street, 12th floor | edison, nj 08837 usa Direct: 732-205-8376 | fax: 732.321.0636 |Cell:732.861.2277 [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.peergroupinc.com <http://www.peergroupinc.com> [This e-mail and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient of this e-mail, you are hereby notified any dissemination, distribution or copying of this email, and any attachments thereto, is strictly prohibited. If you receive this email in error please immediately notify me at (732) 205-8376 and permanently delete the original copy and any copy of any e-mail, and any printout thereof. ] ________________________________ From: Aaron T. Rohyans [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:46 AM To: NT System Admin Issues Subject: RE: VPN question If using PPTP - nothing is encrypted (except for the MSCHAPv2 exchange for authentication). You're using MS's flavor of a GRE tunnel which does not provide any flavor of encryption - only Data Origin authentication, Anti-replay protection, Data pattern confidentiality, and Data Integrity. I do believe there are provisions within MS's specification that will provide some sort of encryption for the data payload... you just have to be savvy enough to enable them. I'll have to look that one up. If using IPSec - depends on what flavor of IPSec protocol your using (transport vehicle such as ESP or AH). If using AH, you're in the same boat as PPTP above. If using ESP in Tunnel Mode, then *all* traffic between the two hosts (as specified by the split-tunnel/proxy lists) is encrypted. ESP in Transport Mode will not provide Data pattern confidentiality (but still provides the other services listed above including encryption) as it reuses the original IP header. Hope this helps, Aaron ________________________________ From: Sherry Abercrombie [mailto:[EMAIL PROTECTED] Sent: Friday, June 06, 2008 10:31 AM To: NT System Admin Issues Subject: Re: VPN question ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~