Transcript Chapter 21 PowerPoint Presentation

Microsoft Windows NT 4.0
Authentication Protocols
• Password Authentication Protocol (PAP)
• Challenge Handshake Authentication Protocol (CHAP)
• Microsoft Challenge Handshake Authentication Protocol
(MS-CHAP)
• Shiva Password Authentication Protocol (SPAP)
• Point-to-Point Tunneling Protocol (PPTP)
1
Microsoft Windows 2000
Authentication Protocols
•
•
•
•
•
•
Support the Windows NT 4.0 authentication protocols
Extensible Authentication Protocol (EAP)
Remote Authentication Dial-In User Service (RADIUS)
Internet Protocol Security (IPSec)
Layer Two Tunneling Protocol (L2TP)
Bandwidth Allocation Protocol (BAP)
2
Extensible Authentication
Protocol (EAP)
• Is an extension to the Point-to-Point protocol (PPP)
• Works with dial-up, PPTP, and L2TP clients
• Allows arbitrary authentication mechanisms to validate a
dial-in connection
• Supports authentication by using generic token cards,
MD5-CHAP, and TLS
• Allows vendors to supply new client and server
authentication modules
3
Remote Authentication DialIn User Service (RADIUS)
• RADIUS provides
• Remote user authentication that is vendorindependent.
• Scaleable authentication designs for performance.
• Fault-tolerant designs for reliability.
• Windows 2000 can act as a RADIUS client or server.
4
Windows 2000 Can Act as a
RADIUS Client
• A RADIUS client
• Is typically an ISP dial-up server
• Receives authentication requests
• Forwards the requests to a RADIUS server
• A Windows 2000 RADIUS client
• Can also forward accounting information
• Is configured on the remote access server’s
Securities tab
5
Windows 2000 Can Act as a
RADIUS Server
• A RADIUS server validates the RADIUS client request.
• Windows 2000 uses Internet Authentication Services (IAS)
to perform authentication.
• IAS stores accounting information from RADIUS clients in
log files.
• IAS is one of the optional components you can add.
6
Internet Protocol Security
(IPSec)
• Consists of a set of security protocols and cryptographic
protection services
• Ensures secure private communications over IP networks
• Provides aggressive protection against private network
and Internet attacks
• Negotiates a security association (SA) with clients that
acts as a private key to encrypt the data flow
7
Layer Two Tunneling
Protocol
•
•
•
•
Similar to PPTP
Creates an encrypted tunnel
Does not provide encryption
Works with encryption technologies such as IPSec
8
Differences Between L2TP
and PPTP
•
•
•
•
L2TP does not require an IP-based transit network.
L2TP supports header compression.
L2TP supports tunnel authentication.
L2TP uses IPSec for encryption and PPTP uses PPP
encryption.
9
Bandwidth Allocation
Protocol (BAP) and
Bandwidth Allocation
Control Protocol (BACP)
• Dynamically add or drop links on demand
• Are PPP control protocols
• Provide bandwidth on demand
10
Allowing Inbound Dial-Up
Connections
11
Configuring Devices for
Incoming Connections
12
Allowing Virtual Private
Connections
• Click Next on the Devices For Incoming Connections page.
• Select either to allow or not allow virtual private
connections on the Incoming Virtual Private Connection
page.
13
Specifying Users and
Callback Options
14
Selecting Networking
Components
• Choose the networking components to enable for
incoming calls.
• Install additional networking components.
15
Dial-Up Connections
16
Connections to a Virtual
Private Network (VPN)
• Create a VPN by using tunneling protocols such as PPTP
or L2TP.
• Create secure connections across an untrusted network.
• Select Connect To A Private Network Through The
Internet.
• Decide if you want to select Automatically Dial This Initial
Connection.
• Enter the host name or IP address to which you are
connecting.
• Specify who can use the connection.
17
Direct Connection to Another
Computer Through a Cable
• Select Connect Directly To Another Computer.
• Select whether your computer will be the host or the
guest for the connection.
• Select the port that is connected to the other computer.
• Specify the users who can use this connection.
• Decide if you want a shortcut icon on your desktop.
18