HostedDB - Dedicated UNIX Servers
nt-part2_32 Analysis of the Security of  Windows NT 1 March 1999 32 PPP is a set of industry-standard framing and authentication protocols [53], [54], [55], [43] that enable remote clients to connect to remote servers over a WAN. PPP supports a number of transport protocols, including TCP/IP, NWLink and NetBEUI. To understand PPP, we will now describe what will happen when a client tries to set up a connection to a RAS server. 1.  Framing rules are established between the client and the server. This allows contin- ued communication to occur. 2.  The server then authenticates the remote user using one of PPP's authentication pro- tocols, see the example in appendix A.7. 3.  If step 2 succeeds, then the server is configured according to the remote client. When all these steps are successfully completed, the remote client and RAS server can begin transferring data using for example NetBIOS, WinSocks or RPC. Note that not all users on the server side are allowed to use RAS. After RAS is installed, all users are denied access to RAS. This is often referred to as default deny in the literature [22]. An administrator has to grant dial-in permissions for each user that is allowed to access the system from a remote site.    MP [57] is a protocol that can be used to increase the communication bandwidth between a remote client and a RAS server. The idea is to combine (or aggregate) a number of communications channels. For example, suppose that two PSTN 14.4 kbps modems are available on both the client and the server side. Then, by using MP a 28.8 kbps line can be provided. PPTP is new to RAS in NT 4.0. This protocol allows clients to connect to a RAS server via the Internet. The protocol allows Virtual Private Networks (VPNs) to be built on the top of current networks. The problem associated with data transfers over public net- works is maintenance of data confidentiality. In PPTP, this is handled through encryp- tion of the connections. The encryption method is RSA’s RC4, which use a 40-bit key. To connect to a RAS server with PPTP, two connections must be established. The first one is to the ISP (with PPP) or to a RAS server in order to establish connectivity with the network. The second establishes the tunnel through the Internet (PPTP packets are encapsulated in IP packets), se Figure 11. Indeed, both connections have their own security. FIGURE 11. A typical PPTP connection Local Host RAS server LAN Remote Client ISP Internet Router PPP PPTP