Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.

Slides:



Advertisements
Similar presentations
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
Advertisements

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Point-to-Point Protocol
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 4 Point to Point Protocol (PPP)
What is EAP EAP stands for Extensible Authentication Protocol. Offers a basic framework for authentication. Many different authentication protocols can.
Internet Security CSCE 813 Network Access Layer Security Protocols.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
Ariel Eizenberg PPP Security Features Ariel Eizenberg
Point to Point Protocol Operation. Point to Point Protocol Protocol Layers of PPP –Physical Layer –Data Link Layer – HDLC derivative –Other protocols.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
K. Salah 1 Chapter 12 Point-to-Point Access: PPP.
Remote Networking Architectures
Virtual Private Networks
Point-to-Point Access: PPP. In a network, two devices can be connected by a dedicated link or a shared link. In the first case, the link can be used by.
Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Secure Socket Layer (SSL)
Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v Chapter.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Point-to-Point Protocol (PPP) Accessing the WAN – Chapter 2.
Copyright Kenneth M. Chipps Ph.D. PPP Last Update
Point to Point Protocol
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Point-to-Point Access: PPP PPP Between Routers  Used for Point-to-Point Connections only  Used as data link control (encapsulates network layer.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
Point-to-Point Tunneling Protocol [PPTP] Team: Invincibles Deepak Tripathi Habibeh Deyhim Karthikeyan Gopal Satish Madiraju Tusshar RakeshNLN.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
PPTP Point-to-Point Tunneling Protocol (PPTP) –Problem: PPP was created for dialing into a local RAS server –But the site’s RAS may be far away –Long-distance.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Lesson 1: Local Area Network (LAN) Technologies LAN encapsulations Ethernet Token Ring FDDI IEEE
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
1 Types of Point to Point Protocols l SLIP over async –Very simple –IP only –Unreliable - no checksum l HDLC over sync –various proprietary versions –frames.
PPP Configuration.
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Point-Point Protocol (PPP) by William F. Widulski.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Virtual Private Networks
PPP Protocol.
PPP Protocol.
Virtual Private Networks
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
PPP – Point to Point Protocol
PPP PROTOCOL The First semester
Visit for more Learning Resources
Virtual Private Network (VPN)
PPP Protocol.
Virtual Private Networks (VPN)
Virtual Private Network zswu
Presentation transcript:

Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol (PPTP)

PPP Point-to-Point Protocol (PPP) –Data link layer protocol –Created for dialing into a network’s remote access server (RAS) Then get access to internal resources –Also used for dialing into an ISP PPP Connection RAS

PPP Authentication –Optional in PPP –If done, done during authentication phase of PPP’s initial negotiation process PPP Connection RAS I am X

PPP PPP offers several authentication options –Password Authentication Protocol (PAP) –Challenge-Response Handshake Protocol (CHAP) –MS-CHAP—Microsoft version of CHAP –Extensible Authentication Protocol (EAP) Not equally strong

PPP Password Authentication Protocol (PAP) –Applicant sends verifier one or more PAP authentication request messages giving applicant’s user name and password –Stops sending when verifier sends an authentication-ACK message or sends a termination message RAS PAP Auth RQ PAP Auth RQ PAP Auth ACK

PPP Password Authentication Protocol (PAP) –Password is sent in the clear (without confidentiality), so PAP is dangerous RAS PAP Auth RQ Contains User’s Unencrypted Password

PPP Password Authentication Protocol (PAP) –Authentication is done only once, at the beginning of the session –If session is taken over by an impostor, no check of authentication

PPP (CHAP) Challenge-Response Handshake Protocol –Verifier (RAS) sends CHAP request- authentication message –Applicant must respond with a response message RAS CHAP ARQ message CHAP Resp message

PPP CHAP –This may be done several times per session for ongoing authentication to ensure that the session has not been hijacked (taken over by an imposter)

PPP CHAP –The applicant and verifier have a shared secret –Applicant adds shared secret to the request message, then hashes the combination to produce the response message CHAP Authentication Request Message CHAP Authentication Response Message Shared Secret Hash

PPP CHAP –Verifier adds the shared secret to its request message, then hashes the combination –If this matches the transmitted response message, applicant knows the shared secret and so is authenticated Original Authentication Request Message Computed Authentication Response Message Shared Secret Hash Transmitted Authentication Response Message

PPP MS-CHAP –Microsoft version of CHAP –The shared secret is the user’s password for the remote access server (RAS) MS-CHAP Authentication Request Message MS-CHAP Authentication Response Message RAS Password Hash RAS

PPP MS-CHAP –Realistic in terms of how RASs usually work –Only as strong as the password, which often is very weak –Must enforce strong passwords MS-CHAP Authentication Request Message MS-CHAP Authentication Response Message RAS Password Hash

PPP Extensible Authentication Protocol (EAP) –During authentication phase of initial PPP negotiations, merely assert that EAP will be used –After the negotiation phase, which is very limited, EAP does further negotiation on how authentication will be done RAS Agree to Use EAP Negotiate more later

PPP PPP Confidentiality –Optional (not mandatory) –Negotiated using the PPP encryption control protocol during the initial negotiation phase RAS Confidential Message

PPP PPP Confidentiality –Current options are DES-CBC and 3DES-CBC Cipher block chaining (CBC) is discussed under IPsec in this chapter RAS Confidential Message

PPP PPP Confidentiality Encapsulation –Encrypt the PPP frame with DES-CBC or 3DES-CBC –Put encrypted frame in the data field of a new PPP frame –Send frame to RAS New PPP Header New PPP Trailer Encrypted PPP Frame In Data Field

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.