Point to Point Protocol
START | AD | DNS | FRAMES | W2000 | ISDN | SERVICES | IIS5 | VLANS | LDAP | DSL
TECH | TCP/IP | VPN | WSH | NETMAN | OSI | SWITCH | DDNS | NAN0 | HI TECH |
Web Links
William Mohawk
Computer Research Associated
P.O. Box 1612
Santa Monica, CA 90406
(310) 585 - 2634
In the late 1980s, Serial Line Internet Protocol (SLIP) was limiting the Internet's growth. PPP was created to solve remote Internet connectivity problems. Additionally, PPP was needed to be able to dynamically assign IP addresses and allow for use of multiple protocols. PPP provides router-to-router and host-to-network connections over both synchronous and asynchronous circuits.
PPP uses a layered architecture. With its lower-level functions, PPP can use synchronous physical media, such as those that connect Integrated Services Digital Network (ISDN) networks, as well as asynchronous physical media, such as those that use basic telephone service for modem dialup connections. With its higher-level functions, PPP supports or encapsulates several network-layer protocols with NCPs. These higher level protocols include, but are not limited to, BCP, which is Bridge Control Protocol, IPCP, which is Internet Protocol Control Protocol, and IPXCP, which is Internetwork Packet Exchange Control Protocol.
PPP supports two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Both of these protocols are detailed in RFC 1334, "PPP Authentication Protocols." RFC 1334 can be looked at directly with the link provided to the right of this text.
The authentication phase of a PPP session is optional. After the link has been established, and the authentication protocol chosen, the peer can be authenticated. If it is used, authentication takes place before the network-layer protocol configuration phase begins.
The authentication options require that the calling side of the link enter authentication information to help ensure that the user has the network administrator's permission to make the call. Peer routers exchange authentication messages.
When configuring PPP authentication, you can select Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP). In general, CHAP is the preferred protocol. PAP is not a strong authentication protocol. Passwords are sent across the link in clear text, and there is no protection from playback or repeated trial-and-error attacks. The remote node is in control of the frequency and timing of the login attempts. CHAP is used to periodically verify the identity of the remote node, using a three-way handshake. This is done upon initial link establishment and can be repeated any time after the link has been established. CHAP offers features such as periodic verification to improve security; this makes CHAP more effective than PAP. PAP verifies only once, which makes it vulnerable to hacks and modem playback. Further, PAP allows the caller to attempt authentication at will (without first receiving a challenge), which makes it vulnerable to brute-force attacks, whereas CHAP does not allow a caller to attempt authentication without a challenge.
|
KEY CONCEPTS |
|
| C.H.A.P. | Challenge handshake authentication protocol; this protocol periodically verifies that the person who is logged onto a given network is who he or she says she is. This is primarily done at the initial logon, but can be done after that from time-to-time while being logged onto the network. |
| FILTERING | The process of selecting which pcakets to send down a link and, conversely, which not to send to send down a link. |
| P.A.P. | Password authentication protocol; this protocol allows the user logging onto a network to configure his or her icons on the computer with a pre-configured password for logging on to the network without having to enter his or her password more than once. |
| P.P.P. | The internet standard for transmitting ip packets over the internet; this protocol standard has largely replaced the older standard serial line interface protocol. The current standard for transmitting muti-protocol datagrams over the internet. |
| TUNNELING | The process of building a virtual network over a standard PPP link across a TCP stream of packets. TCP is transmission control protocol, a concept discussed under TCP/IP page elsewhere on this site. |
Web links