1

Microsoft Windows NT 4.0 Authentication Protocols

• Password Authentication Protocol (PAP)

• Challenge Handshake Authentication Protocol (CHAP)

• Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

• Shiva Password Authentication Protocol (SPAP)

• Point-to-Point Tunneling Protocol (PPTP)

2

Microsoft Windows 2000 Authentication Protocols

• Support the Windows NT 4.0 authentication protocols

• Extensible Authentication Protocol (EAP)

• Remote Authentication Dial-In User Service (RADIUS)

• Internet Protocol Security (IPSec)

• Layer Two Tunneling Protocol (L2TP)

• Bandwidth Allocation Protocol (BAP)

3

Extensible Authentication Protocol (EAP)

• Is an extension to the Point-to-Point protocol (PPP)

• Works with dial-up, PPTP, and L2TP clients

• Allows arbitrary authentication mechanisms to validate a dial-in connection

• Supports authentication by using generic token cards, MD5-CHAP, and TLS

• Allows vendors to supply new client and server authentication modules

4

Remote Authentication Dial-In User Service (RADIUS)

• RADIUS provides• Remote user authentication that is vendor-

independent.• Scaleable authentication designs for

performance.• Fault-tolerant designs for reliability.

• Windows 2000 can act as a RADIUS client or server.

5

Windows 2000 Can Act as a RADIUS Client

• A RADIUS client• Is typically an ISP dial-up server• Receives authentication requests• Forwards the requests to a RADIUS server

• A Windows 2000 RADIUS client• Can also forward accounting information• Is configured on the remote access server’s

Securities tab

6

Windows 2000 Can Act as a RADIUS Server

• A RADIUS server validates the RADIUS client request.

• Windows 2000 uses Internet Authentication Services (IAS) to perform authentication.

• IAS stores accounting information from RADIUS clients in log files.

• IAS is one of the optional components you can add.

7

Internet Protocol Security (IPSec)

• Consists of a set of security protocols and cryptographic protection services

• Ensures secure private communications over IP networks

• Provides aggressive protection against private network and Internet attacks

• Negotiates a security association (SA) with clients that acts as a private key to encrypt the data flow

8

Layer Two Tunneling Protocol

• Similar to PPTP

• Creates an encrypted tunnel

• Does not provide encryption

• Works with encryption technologies such as IPSec

9

Differences Between L2TP and PPTP

• L2TP does not require an IP-based transit network.

• L2TP supports header compression.

• L2TP supports tunnel authentication.

• L2TP uses IPSec for encryption and PPTP uses PPP encryption.

Bandwidth Allocation Protocol (BAP) and Bandwidth Allocation Control Protocol (BACP)

• Dynamically add or drop links on demand

• Are PPP control protocols

• Provide bandwidth on demand

10

11

Allowing Inbound Dial-Up Connections

12

Configuring Devices for Incoming Connections

13

Allowing Virtual Private Connections

• Click Next on the Devices For Incoming Connections page.

• Select either to allow or not allow virtual private connections on the Incoming Virtual Private Connection page.

14

Specifying Users and Callback Options

15

Selecting Networking Components

• Choose the networking components to enable for incoming calls.

• Install additional networking components.

16

Dial-Up Connections

17

Connections to a Virtual Private Network (VPN)

• Create a VPN by using tunneling protocols such as PPTP or L2TP.

• Create secure connections across an untrusted network.

• Select Connect To A Private Network Through The Internet.

• Decide if you want to select Automatically Dial This Initial Connection.

• Enter the host name or IP address to which you are connecting.

• Specify who can use the connection.

18

Direct Connection to Another Computer Through a Cable

• Select Connect Directly To Another Computer.

• Select whether your computer will be the host or the guest for the connection.

• Select the port that is connected to the other computer.

• Specify the users who can use this connection.

• Decide if you want a shortcut icon on your desktop.