Remote Access

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Let's move on to our next section
00:00
which covers Remote Access.
00:00
We're looking at connecting to
00:00
the network without being physically plugged in.
00:00
We'll talk a little bit about dial-up,
00:00
and then we'll talk about VPN access
00:00
through a process we refer to as tunneling.
00:00
Let's take a look at dial-up.
00:00
Normally, when we're connected
00:00
>> to our local area network,
00:00
>> we're connected via our network card and that
00:00
network card provides Layer 2 framing
00:00
for a local network.
00:00
But if we take a step back and we think about
00:00
our remote access clients, maybe
00:00
using a modem to connect into a remote access server,
00:00
which is likely not the way
00:00
we're communicating mainstream,
00:00
but remote access server and modem usage still exists.
00:00
But in this case, I've a client who's no
00:00
longer connecting to the network via network card,
00:00
which means they don't have a device that does
00:00
the work that a network card typically does.
00:00
One of the things a network card does is provide
00:00
Layer 2 framing for LAN connections.
00:00
It adds the information that's
00:00
necessary to communicate across the LAN.
00:00
If we have a client dialing up with a modem,
00:00
there is no device to provide that Layer 2 framing.
00:00
That's where Point-to-Point Protocol comes in.
00:00
PPP is how it's often
00:00
referred to, point-to-point protocol through,
00:00
is what does that Layer 2 framing
00:00
for connections to the WAN.
00:00
It was traditionally used with dial-up clients.
00:00
But today, now that we're connecting out to
00:00
our WANs through our cable modems and DSL modems,
00:00
now we have something called PPPoE,
00:00
which is Point-to-Point Protocol over Ethernet.
00:00
It basically means you're using your network card,
00:00
but you're still connecting to
00:00
a WAN as opposed to a local area network.
00:00
The primary protocol is
00:00
going to be allowing us to connect to
00:00
a WAN and still have that Layer 2
00:00
information added, that's point-to-point protocol.
00:00
With point-to-point protocol, it's
00:00
not designed to add security,
00:00
it's specifically for Layer 2 framing.
00:00
For security, there are a handful of
00:00
authentication protocols that would be used.
00:00
The first which is PAP.
00:00
PAP stands for Password Authentication Protocol.
00:00
PAP transmits passwords in plain text.
00:00
We don't want that anymore.
00:00
PAP really is irrelevant for use today.
00:00
PAP was replaced by a protocol called CHAP,
00:00
Challenge Handshake Authentication Protocol.
00:00
Then Microsoft extended beyond that and there's
00:00
MS-CHAP and MS-CHAP version 2.
00:00
But ultimately, this is something called a challenge
00:00
handshake protocol or a challenge response.
00:00
Basically, when one device is trying to make
00:00
a connection with another
00:00
based on the password that's entered,
00:00
let's say I've to connect to
00:00
a router from one router from another,
00:00
I'm setting up a static route,
00:00
for instance, there may be a password protection.
00:00
Only if I type in the correct password
00:00
can my device respond
00:00
to a challenge issued by
00:00
the server or the system on the other end.
00:00
Basically, what it is is
00:00
a system where I can prove the password
00:00
that's being entered correctly without
00:00
having to put the password on network.
00:00
Challenge response systems are good
00:00
because they do keep the passwords off
00:00
the network. That's desirable.
00:00
But the problem with CHAP and PAP
00:00
also is that they only provide
00:00
a means to authenticate using passwords.
00:00
There are a lot of ways we can authenticate today.
00:00
We can use smartcards, biometrics, cookies,
00:00
certificates, tokens, and none of
00:00
that can be used with PAP or CHAP.
00:00
We needed a protocol that could
00:00
extend beyond just passwords and
00:00
really provide capabilities to
00:00
authenticate in any manner you choose.
00:00
That's where EAP, Extensible Authentication Protocol.
00:00
EAP extends the capabilities beyond passwords.
00:00
You can think of it in that way.
00:00
At any point in time
00:00
you're using anything beyond
00:00
passwords, you're definitely using EAP.
00:00
It will also allow you to use passwords as well.
00:00
EAP is the way of the future.
Up Next