36 specific attributes, allowing manufacturers to tailor their products and services to specific markets. More VPN solutions currently support authentication using Radius than the other public certificate systems mentioned above, but a groundswell of support for the X.500 system is well underway.

2.3.8 PPTP Point-to-Point Tunneling Protocol

The Point-to-Point Tunneling Protocol PPTP is an extension of the standard PPP Point-to- Point Protocol. The tunneling services provided by PPTP are intended to ride on top of the IP layer, whereas the traditional PPP protocol underlies IP. PPP was ideally suited for modification because its functionality already mimics the behavior of what a VPN would need: a point-to-point tunnel. All that was missing was the security. PPTP, however, is more of a host-to-host secure communications channel, rather than a LAN-to-LAN one. Although it is quite possible to route traffic across a PPTP tunnel, the IPSec solutions are better geared for this type of application.

2.4 Methodologies for Compromising VPNs

In this section we vicariously take on the role of the people we are trying to thwart: those who want to inspect, intercept, and interfere with the transmission of your data.

2.4.1 Basic Firewalling

Services that you will likely offer to the Internet include mail such as the POP, SMTP, and IMAP protocols, World Wide Web HTTP and HTTPS protocols, and a host of other things including DNS, FTP, video or audio streaming, and network time. Our discussion of services plays directly into the first section, where we begin to explore one of the introductory yet powerful ways for protecting data firewalls. Although they are not tangible like data files that contain customer credit card numbers, services that you choose to offer your customers on the Internet play a huge role in defining the form the firewall takes and what types of data you think will assist the customer. Before even embarking on the creation of the firewall, you need to develop an overall data strategy. What do customers have access to? What do normal employees have access to? What can advanced security folks see and do? Once you have spent some time in detailing the blueprint for your network, you can begin to create the doors and windows that permit visitors. Some popular services are sometimes dangerous to run, and come with security dilemmas that we can never seem to shake, but are so important that we would argue against removing them. The application that receives the most attention by security professionals is sendmail. The reasons for this are simple: the source code for the most popular implementation of sendmail the Berkeley Version 8 software is readily available and the running daemon is easily located on someones network. Because of this, pay careful attention to the sendmail servers that are available to the public and how they are configured. Our ultimate goal in setting up security barriers is to make a break-in too time- consuming, too difficult to complete, and once completed, too unrewarding to make it worth a crackers time and effort. If you look like a terrible target, they will go elsewhere and leave you alone. Most computer crimes are much like everyday real crimes—they are crimes of convenience that could be avoided by erecting a minimal deterrent.