A Point-to-Point Tunneling Protocol (PTTP) is a networking standard that is used when connecting to a Virtual Private Network (VPN). VPNs are a way to create online privacy and anonymity by creating a private network from a public internet connection. This is often used by users who work remotely that need to connect to an office network securely.
Nowadays, PPTP is considered obsolete for use in VPN’s because of its many known security deficiencies. Nevertheless, PPTP is still in use in some networks.
The phrase Point to Point refers to the specific type of connection created by the protocol. It allows for one point (user’s device), to access another specific point (user’s office network), over the Internet. The “tunneling” part of the term refers to the way one protocol is encapsulated within another protocol. In PPTP, the point-to-point protocol (PPP) is wrapped inside the TCP/IP protocol, which provides the secured Internet connection. Even though the connection is created over the Internet, the PPTP connection creates a direct link between the two locations, allowing for a secure connection.
Related Readings: What Is A VPN Protocol And Which One Should You Use?
What does this mean for an SMB?
- Remote Desktop services which place employees on their workstation at work with and without (recommended) the ability to download files to their home workstation. This solution largely eliminates the potential for remote unsecured workstations from compromising your internal network.
- Purpose built IPSec VPN tunnels. These are for companies that require direct remote connections from Laptop users (company owned and secured) into internal networks for the files and applications that are ONLY available on the LAN of the company. These are becoming less common as so many companies migrate to Cloud services and solutions.
Finally, in all cases, it is critically important, yes this cannot be understated, critically important to pair all remote access into your environment and your data with Two-Factor authentication. Do not enable remote access without it.