Remote Access Protocols

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> Now we're going to talk about
00:00
the remote access protocols.
00:00
When we're talking about remote access protocols,
00:00
we're talking about protocols
00:00
that we're going to use when I'm
00:00
not physically wired into the network.
00:00
We're going to start with dial-up communications,
00:00
and move into the other ways we connect remotely,
00:00
and then we're also going to talk about
00:00
the sub-protocols that we'll use like PAP,
00:00
CHAP, and EAP that'll give
00:00
us additional security features.
00:00
The problem with this section is this will give you
00:00
an excellent opportunity to get
00:00
a lot of similar protocols jumbled up.
00:00
We have to be very careful and very
00:00
purposeful here that we're able to make
00:00
sure we understand what
00:00
each individual protocol does
00:00
because they all sound alike.
00:00
You've got PPP, you've got PAP, you've got EAP,
00:00
you've got PPTP, you've got CHAP, you've got L2TP.
00:00
We just have a lot that sound alike so I want to
00:00
be very purposeful in how we talk about these.
00:00
We originally looked at
00:00
dial-up communication as a way of connecting remotely.
00:00
I was out in the field,
00:00
I needed to access
00:00
my local network to pull up
00:00
some sales figures or whatever I needed,
00:00
and we would dial-up using our modems.
00:00
Now the thing is that we originally,
00:00
when we connect to a network,
00:00
we use our network cards.
00:00
We plug into our network cards and
00:00
the network card provides all the layer to
00:00
framing that we need and
00:00
gets the data ready to go across the physical link.
00:00
But when we're dialing up,
00:00
we're not using our network cards, we're using a modem.
00:00
What we need is we need some way to have the layer
00:00
to framing that the packet
00:00
needs to go across WAN connections.
00:00
If we don't have hardware that'll do it for us,
00:00
we get software to do it.
00:00
The software that provides the Layer 2 framing for
00:00
WAN connections is called point-to-point protocol, PPP.
00:00
What point-to-point protocol does is it
00:00
just frames the data plan.
00:00
Very different than framing for LAN.
00:00
So we needed a protocol that had that capability.
00:00
Now, all it does is framing.
00:00
It doesn't provide security.
00:00
Usually when we think about security,
00:00
we think about authentication and encryption.
00:00
Point-to-point protocol doesn't offer encryption,
00:00
but it can use one of
00:00
three authentication protocols if you want
00:00
authentication at it and
00:00
those authentication protocols are called PAP,
00:00
CHAP, and EAP.
00:00
Now the first of the protocols is PAP,
00:00
password authentication protocol.
00:00
The big problem there is it authenticates based on
00:00
passwords and then the passwords are sent
00:00
across the network in plain text.
00:00
Well, that's no good,
00:00
so PAP, dead to me.
00:00
We're not going to use PAP.
00:00
Doesn't make sense to use today.
00:00
What replaced PAP is something called CHAP,
00:00
challenge handshake authentication protocol.
00:00
What CHAP does is it's a challenge response system
00:00
where usually there's a password
00:00
agreed upon by the client server,
00:00
and if the password is entered correctly,
00:00
then the server is able to challenge the client,
00:00
and the client, based on the password that was entered,
00:00
is able to respond to the challenge correctly.
00:00
If the wrong password was entered,
00:00
the client couldn't respond to the challenge
00:00
correctly and wouldn't be allowed access.
00:00
Because it's a challenge response,
00:00
the password never presents itself on
00:00
the network so that adds some additional security.
00:00
Then CHAP is evolved,
00:00
Microsoft has had a hand.
00:00
There's Microsoft CHAP and there's Microsoft CHAP Version
00:00
2 and they've added some features
00:00
like mutual authentication.
00:00
But the thing about CHAP is it only works for passwords.
00:00
If all I want to use for authentication is a password,
00:00
then CHAP will work for me.
00:00
But, man, today we want multi-factor authentication.
00:00
Maybe I want to use a password,
00:00
but I also want to use a token device or smart card or
00:00
a certificate or biometrics or
00:00
any of those other ways we authenticate,
00:00
and PAP and CHAP don't understand those other means.
00:00
What we needed is an authentication protocol
00:00
that could extend beyond
00:00
the capabilities of PAP and CHAP,
00:00
and that's extensible authentication protocol, EAP.
00:00
If you're using something other than a password,
00:00
you have to be using EAP.
00:00
I will mention EAP also works with passwords.
00:00
Now, EAP has lots of different flavors.
00:00
You might hear of Lightweight EAP,
00:00
which is abbreviated LEAP.
00:00
You might hear Protected EAP, which is PEAP.
00:00
You might hear EAPMD5, EAPOL.
00:00
There are lots of flavors of EAP,
00:00
but if you've got EAP in that acronym,
00:00
part of it is extensible authentication protocol
00:00
and you're dealing with just a variant of EAP.
00:00
We're getting started with remote access protocols,
00:00
and we focused on dial-up,
00:00
and we specifically looked at PPP for Layer 2 framing,
00:00
and then we examined PAP, CHAP,
00:00
and EAP to add authentication.
Up Next