65 Figure 4-5. Active protocol layers during a PPTP connection In a situation where the RAS user is dialing into an ISP that doesnt support PPTP, much of the process is the same. The only change would be in step 2. Instead of the remote access switch starting the PPTP session with the RAS server, the client makes a PPTP connection to the RAS server using Dial-Up Networking as we said earlier. The PPTP packets are therefore sent through the standard PPP connection the client is making with the ISPs remote access switch. At that point in the connection, the clients PPP datagram is encapsulated by PPTP which is, in turn, encapsulated again by PPP. At the remote access switch, the first layer of PPP is stripped off, and the delivery header, IP header, GREv2 header, and payload packet remain. Although this outlines how a PPTP call is initially placed, communication between the client and server proceed in the same order of encapsulation. The main difference is that authentication no longer needs to take place.

4.2.5 PPTP Security

Like most security systems, PPTP has two components: authentication to prevent improper connections, and encryption for data sent once the connection is made.

4.2.5.1 RAS authentication methods

PPTP uses Windows NT RAS authentication. The choices for the different authentication types the RAS server can accept are located in the RAS properties under Encryption Settings. This setting lets you specify the level of authentication that the RAS server will perform against the clients login attempt. This section discusses the options you have: standard encrypted authentication, Microsoft- enhanced encrypted authentication, and allowing any type of authentication. Your choice will determine how secure your VPN will be. 66

4.2.5.1.1 Accept encrypted authentication

Encrypted authentication in RAS is actually the Internet authentication standard known as CHAP Challenge Handshake Authentication Protocol. CHAP is described in RFC 1994 as an extension to PPP in which clear-text passwords are not passed between the client and server. Instead, both the client and server have an agreed-upon password, called a secret, that is never sent over the link unencrypted. Heres how CHAP authentication occurs: 1. The server challenges the client to identify itself when the client tries to connect. 2. The client sends the secret through a one-way hashing algorithm, RSAs MD5. The algorithm uses mathematical formulas and random factors to come up with a hash value. One-way means that the hash value cannot be reversed into the original elements, and the use of random elements means that someone sniffing the connection will be less likely to see the same value twice. The hash value is sent across the connection to the server. 3. The server compares the value the server sent to its own calculation of the hash value. If the two values match, the connection is authenticated. If not, the connection is terminated. Another benefit of CHAP is that this authentication process can take place several times during the course of a connection. This limits the probability of being bumped off and having an impostor hijack your connection. In the case of PPTP, the secret is the password the user uses to log into the NT domain, which is also known by the RAS server either directly or through NT domain services.

4.2.5.1.2 Accept Microsoft encrypted authentication

Microsoft encrypted authentication is also known as MS-CHAP. MS-CHAP performs RSAs MD4 hash, as well as the DES hashing technique. Windows 9598 and Windows NT RAS clients use the MD4 hash, which doesnt require clear-text passwords on the client or server. DES allows for backward compatibility with older RAS clients such as Windows for Workgroups 3.11 and RAS 1.1a. Otherwise, MS-CHAP operates the same way as CHAP. The main drawback of MS-CHAP is that not every platform has a PPP client that supports it. If your remote users are all on Windows systems, however, its the best protocol to use. In addition, you must use it to get the added benefit of data stream encryption over PPTP. Well explain why in the section on data encryption.

4.2.5.1.3 Accept any authentication, including clear text

Accepting any authentication, including clear text, means that the RAS server will accept MS- CHAP, CHAP, or the Password Authentication Protocol PAP. PAP has long been a common way to authenticate a PPP connection. In fact, most ISPs use PAP authentication for their PPP dial-up connections. Its main drawback is that it sends the password over the connection in clear text, meaning that someone monitoring the connection between the client and server may be able to see the login exchange, then log in later as that person. PAP is an unsuitable authentication method for a VPN, since secure authentication over a public network is a VPNs primary goal. Its therefore suggested that you require CHAP or MS- CHAP authentication on your PPTP server. If your remote users are on varied platforms, you may find that not every client on every platform supports CHAP or MS-CHAP authentication.