Remote Access

00:00

Let's move on to our next section, which covers remote access.

00:04

So we're looking at connecting to the network without being physically plugged in.

00:08

We'll talk a little bit about dial up, and then we'll talk about VPN access through process we referred to as tunneling.

00:16

So let's take a look at dial up

00:18

Normally, when we're connected to our local area network were connected VR Network card

00:24

and that network card provides layer to framing for a local network.

00:28

But if we take a step back and we think about a remote access clients

00:32

maybe using, um, Autumn to connect into a remote access server,

00:36

which is likely not the way we're communicating mainstream.

00:39

The remote access server and modem usage still exists,

00:43

But in this case I have a client that's no longer connecting to the network via network card,

00:48

which means they don't have a device that does the work that a network card typically does.

00:53

One of the things a network card does is provide layer to framing for Elian connections.

00:59

It adds the information that's necessary to communicate across a l n.

01:03

If we have a client dialing up with, um, autumn, there is no device to provide that layer to framing.

01:08

That's where point to point protocol comes in.

01:11

P P P is how it's often referred to point to point protocol. Through

01:17

is what does that layer to framing for connections to the W A. N.

01:21

It was traditionally used with dial up clients. But today, now that we're connecting out to our w. A. N s through our cable modems and DSL modems,

01:30

now we have something called P P p o E,

01:33

which is point to point protocol over Ethernet,

01:36

which basically means you're using your network card. But you're still connecting to a W A N, as opposed to a local area network.

01:42

So the primary protocol is going to be allowing us to connect to a W A N and still have that layer two information added. That's point to point protocol.

01:53

Mhm

01:53

with point to point protocol is not designed to add security.

01:57

It's specifically for layer to frame me.

02:00

So for security, there are a handful of authentication protocols that would be used,

02:05

the first of which is P. A. P.

02:07

Pip stands for password authentication protocol,

02:10

and poppy transmits passwords in plain text.

02:15

We don't want that anymore.

02:16

P A P really is irrelevant for use today,

02:20

P A P was replaced by a protocol called C J P

02:23

Challenge handshake authentication Protocol.

02:25

And then Microsoft extended beyond that. And there's M S, C, H A, P and M S C H a p version two.

02:35

But ultimately, this is something called a challenge handshake protocol or a challenge response.

02:40

So basically, when one device is trying to make a connection with another based on the password that's entered,

02:46

let's say I have to connect to a router from one router from another.

02:51

I'm setting up a static route, for instance.

02:53

There may be a password protection,

02:55

so only if I type in the correct password. Can my device respond to a challenge issued by the server or the system on the other end.

03:04

Basically, what it is is a system where I can prove the password that's being entered correctly without having to put the password on the network.

03:12

Challenge Response systems are good because they do keep the passwords off the network. That's desirable.

03:17

But the problem with C. H, a, P and P A P also is that they only provide a means to authenticate using passwords.

03:25

There are a lot of ways we can authenticate today.

03:29

We can use smart cards, biometrics, cookies, certificates, tokens and none of that can be used with P, A, P or C J P.

03:37

We needed a protocol that could extend beyond just passwords and really provide capabilities to authenticate in any manner you choose.

03:45

That's very EAP extensible authentication protocol

03:50

eep extends the capabilities beyond passwords.

03:53

You can think of it in that way.

03:54

So at any point in time you're using anything beyond passwords. You're definitely using it.