D-Link DFL-200 manual Authentication Protocols, MPPE, Microsoft Point-To-Point Encryption

Page 44

Authentication Protocols

PPPsupports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MS- CHAP v2 is supported. Which authentication protocol to use is negotiated during LCP negotiation.

PAP

PAP (Password Authentication Protocol) is a simple, plaintext authentication scheme, which means that user name and password are sent in plaintext. PAP is therefore not a secure authentication protocol.

CHAP

CHAP (Challenge Handshake Authentication Protocol) is a challenge-response authentication protocol specified in RFC 1994. CHAP uses a MD5 one-way encryption scheme to hash the response to a challenge issued by the DFL-200. CHAP is better then PAP in that the password is never sent over the link. Instead the password is used to create the one-way MD5 hash. That means that CHAP requires passwords to be stored in a reversibly encrypted form.

MS-CHAP v1

MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol version 1) is similar to CHAP, the main difference is that with MS-CHAP v1 the password only needs to be stored as a MD4 hash instead of a reversibly encrypted form. Another difference is that MS- CHAP v1 uses MD4 instead of MD5.

MS-CHAP v2

MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 1) is more secure then MS-CHAP v1 as it provides two –way authentication.

MPPE, Microsoft Point-To-Point Encryption

MPPE is used is used to encrypt Point-to-Point Protocol (PPP) packets. MPPE uses the RSA RC4 algorithm to provide data confidentiality. The length of the session key to be used for the encryption can be negotiated. MPPE currently supports 40-bit, 56-bit and 128-bit RC4 session keys.

44

Image 44
Contents Link DFL-200 Contents VPN Servers 111 122 125Features and Benefits Access Control supportedIntroduction Introduction to FirewallsIntroduction to Local Area Networking LEDs Physical ConnectionsPackage Contents System RequirementsResetting the DFL-200 Managing D-Link DFL-200Administration Settings Administrative AccessAdd ping access to an interface Add Admin access to an interfaceAdd Read-only access to an interface Enable Snmp access to an interfaceChange IP of the LAN or DMZ interface SystemInterfaces IP Address The IP address of the WAN interface. This is WAN Interface Settings Using Static IPWAN Interface Settings Using Dhcp WAN Interface Settings Using PPPoE PasswordWAN Interface Settings Using Pptp Password The password supplied to you by your ISP WAN Interface Settings Using BigPondMTU Configuration Routing Go to System and Routing Add a new Static RouteRemove a Static Route Logging Enable E-mail alerting for ISD/IDP events Enable LoggingEnable Audit Logging Page Time Using NTP to sync time Setting time and date manuallyChanging time zone Checking the Set the system time boxFirewall PolicyPolicy modes Action TypesSchedule Service FilterSource and Destination Filter Intrusion Detection / Prevention Add a new policyConfigure Intrusion Detection Enable the Delete policy checkboxEnable the Intrusion Detection / Prevention checkbox Change order of policyConfigure Intrusion Prevention Port mapping / Virtual Servers Add a new mappingEnable the Delete mapping checkbox Delete mappingUsers DFL-200 Radius SupportEnable User Authentication via Http / Https Enable Radius SupportAdd User Change User PasswordEnable the Change password checkbox Enable the Delete user checkbox Delete UserSchedules Add new recurring scheduleServices Adding TCP, UDP or TCP/UDP ServiceGrouping Services Adding IP ProtocolProtocol-independent settings VPN Introduction to IPSecPoint-to-Point Protocol Introduction to PptpIntroduction to L2TP Authentication Protocols MPPE, Microsoft Point-To-Point EncryptionAuthentication protocol L2TP/PPTP ClientsAuthentication Protocol Introduction chapter L2TP/PPTP ServersMppe encryption VPN between two networks Creating a LAN-to-LAN IPSec VPN TunnelVPN between client and an internal network Creating a Roaming Users IPSec VPN TunnelAdding a L2TP/PPTP VPN Client Adding a L2TP/PPTP VPN ServerVPN Advanced Settings IPSec Proposal List Proposal ListsIKE Proposal List Certificates Trusting CertificatesLocal identities Certificates of remote peersIdentities Content Filtering Active content handlingEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Dhcp Server Settings ServersEnable Dhcp Server Enable Dhcp RelayDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server boxEnable by checking the Enable DNS Relayer box DNS Relayer SettingsEnable DNS Relayer Disable DNS Relayer Tools PingPing Example Add Dynamic DNS SettingsDynamic DNS Restoring the DFL-200’s Configuration BackupExporting the DFL-200’s Configuration Restart/Reset Restarting the DFL-200Restoring system settings to factory defaults Page Upgrade IDS Signature-database UpgradeUpgrade Firmware CPU Load StatusSystem Interfaces VPN Connections Click Connections below it. a window willDhcp Server Logging How to read the logs Usage eventsDrop events Conn eventsOpen Example Close ExampleStep by step guides LAN-to-LAN VPN using IPsec LAN IP 192.168.4.1, Subnet maskEnable Automatically add a route for the remote network Remote Net 192.168.1.0/24LAN IP 192.168.1.1, Subnet mask Local net 192.168.1.0/24Remote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Global policy parameters Settings for Main office Page Select Local database Under Users in local database click Add newPage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Settings for the Windows XP client Windows XP client and Pptp serverSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 104 Select Do not dial the initial connection and click Next Page Click Properties Page Name the new user HomeUser Enter password Retype password Page Windows XP client and L2TP server 112 Settings for Main office Page Content filtering Firewall-Services Select HTTP/HTML Content Filtering in the ALG dropdownPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Appendixes Appendix a Icmp Types and CodesPage Appendix B Common IP Protocol Numbers ESPLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise CE Mark Warning WarnungAdvertencia de Marca de la CE AttenzioneVcci Warning Offices Singapore D-LINK International 132
Related manuals
Manual 14 pages 8.62 Kb Manual 12 pages 24 Kb