nt-part2_30
Analysis of the Security of Windows NT
1 March 1999
30
in client machines behaving in a non malicious manner. In [29], there is a more in-
depth description on some of the weaknesses in CIFS.
4.7 Remote Access Service (RAS)
Since version 3.1, NT server contains a service called RAS, short for remote access
service. RAS, pronounced "razz", offers mobile workers dial-in functionality from a
Wide Area Network (WAN), i.e. it opens your network to the world. Before a remote
user can connect to the host or Local Area Network (LAN), the RAS has to be installed
and configured on a local NT server. On this computer, there must also be some com-
munication equipment(s), e.g. one or more modems if the WAN is an analog telephone
network. For other types of networks, other types of communication equipment are
necessary. The requirement on the remote client is support for the Point-to-Point Proto-
col (PPP), and a modem connected to the computer. The RAS client software gives
support for PPP. Furthermore, RAS clients can also provide remote access to NetWare
Communication servers. A sample configuration is illustrated in Figure 9.
FIGURE 9. A sample RAS configuration
4.7.1 Remote Client Requirements
As mentioned above, the operating system requirement on the remote machine is sup-
port for PPP, which implies that both NT and Windows 95 clients, as well as UNIX cli-
ents are able to utilize a RAS server [44]. The maximum number of simultaneously
connected clients that a RAS server can handle is 256. However, there exist other third
party products that do not have this limitation.
4.7.2 Wide Area Network Connectivity
A client can connect to the RAS server in a number of different ways. The most com-
mon way is through a modem connected to a standard analog telephone line, which is
also called Public Switching Telephone Network (PSTN) or Plain-Old Telephone Ser-
vice (POTS). Instead of a single modem, it is also possible to have a modem pool on
either the client or the server side. A PSTN connection gives mobility freedom, due to
its worldwide availability.
If faster links are desired, Integrated Services Digital Network (ISDN) can be used.
ISDN provides transmission speeds of 64 kbps (with one B-channel) or 128 kbps (with
two B-channels). To be able to use ISDN a phone company must install ISDN lines at
Local
Host
Local
Host
Local
Host
RAS
server
LAN
Remote
Client
WAN