Navigate

Check: SRG-NET-000132-VPN-000470

Virtual Private Network (VPN) SRG: SRG-NET-000132-VPN-000470 (in versions v3 r3 through v1 r0.1)

Title

The Remote Access VPN Gateway must be configured to prohibit Point-to-Point Tunneling Protocol (PPTP) and L2F. (Cat II impact)

Discussion

The PPTP and L2F are obsolete method for implementing virtual private networks. Both protocols may be easy to use and readily available, but they have many well-known security issues and exploits. Encryption and authentication are both weak.

Check Content

Verify the VPN Gateway is configured to prohibit PPTP and L2F. If the VPN Gateway does not be configured to prohibit PPTP and L2F, this is a finding.

Fix Text

Configure the VPN Gateway to prohibit PPTP and L2F.

Additional Identifiers

Rule ID: SV-207206r608988_rule

Vulnerability ID: V-207206

Group Title: SRG-NET-000132

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000382	Configure the system to prohibit or restrict the use of organization-defined prohibited or restricted functions, system ports, protocols, software, and/or services.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
CM-7	Least Functionality