Remote Access Security

As with any technology that opens a network up to outside users, security is an important consideration. Remote access offers a wide range of security features, including user authentication, mutual authentication, data encryption, callback, caller ID, remote access account lockout, and access control.

9.3.1 User Authentication

The most basic form of security for any network connection is authentication, which is the exchange and verification of credentials that identify the user to the network. To prevent credentials (such as passwords) from being intercepted by third parties, RAS supports a variety of authentication protocols that encrypt the user's credentials before transmitting them over the network. When a client establishes a connection with a RAS server using PPP, the two computers negotiate the use of a specific authentication protocol that controls how the user credentials are exchanged. The authentication protocols supported by RAS are as follows:

• Password Authentication Protocol (PAP). An unsecured authentication protocol, meaning that it transmits the user's credentials in clear text. Anyone capturing network packets with a protocol analyzer (such as the Windows 2000 Server Network Monitor) can read a user's account name and password from the PAP messages and use them to gain access to secured resources. PAP also has no means for a client and a server to authenticate each other. PAP typically is used only when the RAS client and server have no other authentication protocols in common. To protect your users' passwords from being compromised, you can disable the use of PAP on your RAS server. When you do this, clients that do not

support one of the more advanced authentication protocols are unable to connect to the server.

• Shiva Password Authentication Protocol (SPAP). A variant of PAP designed for use with Shiva remote networking products (now owned by Intel). Windows clients connecting to a Shiva server device or Shiva clients connecting to a RAS server use SPAP to transmit their user credentials over the network connection in encrypted form. SPAP is more secure than PAP, but it uses a reversible form of encryption that makes the data packets containing the user credentials subject to replay. Replay occurs when a potential intruder takes a packet containing an encrypted password and uses it to access unauthorized resources without decrypting the contents.

• Challenge Handshake Authentication Protocol (CHAP). An authentication protocol that uses the Message Digest 5 (MD5) hashing algorithm to encrypt the authentication information. The server sends a message called a challenge to the client in encrypted form, and the client must decrypt it and transmit the appropriate response back to the server. Because CHAP never transmits passwords in clear text, the credentials remain secure during the authentication process.

• Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 1 and version 2. An extension of the CHAP authentication protocol that provides greater security and support for the use of Windows authentication information. MS-CHAP is also the only authentication protocol supported by Windows 2000 that enables users to change their passwords during the logon process. In an MS-CHAP version 1 authentication, the server sends a challenge to the client that contains a session identifier and an arbitrary challenge string. The client's response contains the user's account name, plus a nonreversible encryption of the challenge string, the session identifier, and the user's password. The server then evaluates the response and either grants or denies access. MS-CHAP version 2 provides even greater security by supporting mutual authentication, separate encryption keys for transmitted and received data, and keys that are based on the user's password plus an arbitrary challenge string so that each time a user connects with the same password, the encryption key is different. The MS-CHAP v2 authentication process proceeds in the same way as the version 1 process, except that the client's response to the server's challenge contains an arbitrary peer challenge string for the authentication of the server, in addition to the other components. When the server responds to the client's authentication attempt, it includes an encrypted string of its own. The client then verifies the authentication of the server, after which the connection is established.

• Extensible Authentication Protocol (EAP). A protocol that enables RAS clients and servers to negotiate the use of any authentication mechanism that the two have in common. EAP makes it possible for the client and server to conduct an open-ended conversation in which the server issues individual requests for authentication information and the client responds to each request. As the server processes each response, it advances the client to the next authentication level. When all the requests have been satisfied, the client is fully authenticated and access is granted. The authentication mechanisms used by EAP are called EAP types; for authentication to occur, the client and server must support the same type.

You can configure a Windows 2000 RAS server to use any or all of these authentication methods. If the remote access does not support any of the authentication protocols that the server is configured to use, the connection is denied.

9.3.2 Mutual Authentication

As mentioned earlier, mutual authentication is obtained by authenticating both ends of the connection through the exchange of encrypted user credentials. This is possible through the use of PPP with MS-CHAP version 2 or with EAP-TLS. During the mutual authentication procedure, the remote access client authenticates itself to the RAS server, and then the RAS server authenticates itself to the remote access client.

9.3.3 Data Encryption

Data encryption encodes the data sent between the remote access client and the RAS server. However, remote access data encryption provides protection only on the WAN link between the RAS client and server. If end-to-end encryption is needed, such as between a RAS client and another computer on the server network, you can use the IP Security (IPsec) extensions to create an encrypted end-to-end connection after establishing the RAS connection.

Data encryption on a remote access connection is based on a secret encryption key known to the RAS server and the client. This shared secret key is generated during the user authentication process. Data encryption is possible over dial-in remote access links when using PPP along with EAP-TLS or MS-CHAP. As with authentication, you can configure the RAS server to require data encryption. If the remote access client cannot perform the required encryption, the connection attempt is rejected.

9.3.4 Callback

With callback, the remote client dials into the RAS server, authenticates itself, and then severs the connection. The server then calls the client back and reestablishes the connection. You can configure the server to call the client back at a preset number or at a number specified by the client during the initial call. This enables a traveling user to dial in and have the RAS server call back the remote access client at the current location, saving telephone charges. When you configure the server to always call the client back at the same number, you prevent unauthorized users from connecting to the server using different telephone numbers.

9.3.5 Caller ID

RAS can use caller ID to verify that a call from a client is coming from a specified phone number. You configure caller ID as part of the dial-in properties of the user account. If the caller ID number of the incoming connection for that user does not match the configured caller ID, the connection is denied.

9.3.6 Remote Access Account Lockout

The remote access account lockout feature enabled in the registry on the server providing authentication specifies how many failed remote access authentication attempts a user is permitted before the server denies remote access. Remote access account lockout is especially important for VPN connections over the Internet. Malicious Internet users can attempt to access an organization's intranet by repeatedly sending credentials (a valid user name and a guessed password) during the VPN connection authentication process. With remote access account lockout enabled, this type of attack is thwarted after a specified number of failed attempts.

9.3.7 Access Control

In addition to the various connection techniques described in the previous sections, you can also control remote client access to your network in other ways. You can configure individual Windows 2000 user accounts to permit or deny remote network access, and you can create remote access policies to control whether remote users can access a server, based on a variety of criteria.