Are PPTP or L2TP Adequate??

Discussion in 'privacy technology' started by chinook9, Jun 9, 2012.

Thread Status:
Not open for further replies.
  1. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    I have started using a VPN for financial transactions. I don't do anything illegal I just want to keep my financial dealings secure. I am sure that OpenVPN is more secure than PPTP or L2TP but a couple of the less expensive VPN plans don't offer OpenVPN. I am thinking that PPTP (encrypted) or L2TP should be more than enough to protect me.

    If crooks want to try and steal financial information I expect they just focus on HTTPS and not take the extra effort to deal with PPTP or L2TP and HTTPS.

    Also, I have never read of anyone having their financial accounts compromised through this method. Am I wrong? Aren't PPTP (encrypted) or L2TP enough?
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Any financial transaction that uses HTTPS would be secure even on a non-VPN'd connection. You will probably be protected by that method even if you choose PPTP. PPTP is busted though, so I'd use L2TP if those are you're only choices.

    PD
     
  3. chinook9

    chinook9 Registered Member

    Joined:
    Jan 27, 2008
    Posts:
    439
    PaulyDefran, Thank your for the information. I figured as much.
    Based on other threads I have read I thought I would have gotten a variety of recommendations, but maybe its early in the week. Thanks again.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    A bit tangential and obvious, but I think it is good to check one's entry mechanism (bookmarks, URLs in password manager, etc) to make sure they only enter financial sites via HTTPS and also exam the network traffic when interacting with them to make sure they have all content and cookies being passed via HTTPS. Implementing your own rules to assure this is probably wise as well. While you are examining things, you could identify and block the third-party analytics and/or advertising requests (which have become disturbingly common within account pages of financial websites).
     
  6. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    When security is a priority, and encryption is not agreed by both parties, L2TP is a better option. That being said in this scenario an encrypted VPN session is only protecting your packets over your LAN and from your ISP. If I were a crook targeting a user I would focus on:

    1.) The financial website/database itself
    2.) The user (Spear phishing, social engineering)
    3) The user's machine (Malware, Trojans)

    I do not know of any serious financial institution that does not do some form of encrypted session for their users, thus attacking via MITM or sniffing attacks is slim to none for an average joe.

    Honestly I would say the VPN is not needed for financial transactions if you trust your LAN. I would instead focus on your local security and make sure you use a trusted browser and safe computing device to access the information. :thumb:
     
Thread Status:
Not open for further replies.