Manuals / D-Link / Computer Equipment / Network Card

D-Link DFL-700 manual Authentication Protocols, MPPE, Microsoft Point-To-Point Encryption

Models: DFL-700

1 141

Download 141 pages 4.85 Kb

Page 49

Authentication Protocols

PPPsupports different authentication protocols, PAP, CHAP, MS-CHAP v1 and MS- CHAP v2 is supported. Which authentication protocol to use is negotiated during LCP negotiation.

PAP

PAP (Password Authentication Protocol) is a simple, plaintext authentication scheme, which means that user name and password are sent in plaintext. PAP is therefore not a secure authentication protocol.

CHAP

CHAP (Challenge Handshake Authentication Protocol) is a challenge-response authentication protocol specified in RFC 1994. CHAP uses a MD5 one-way encryption scheme to hash the response to a challenge issued by the DFL-700. CHAP is better then PAP in that the password is never sent over the link. Instead the password is used to create the one-way MD5 hash. That means that CHAP requires passwords to be stored in a reversibly encrypted form.

MS-CHAP v1

MS-CHAP v1 (Microsoft Challenge Handshake Authentication Protocol version 1) is similar to CHAP, the main difference is that with MS-CHAP v1 the password only needs to be stored as a MD4 hash instead of a reversibly encrypted form. Another difference is that MS- CHAP v1 uses MD4 instead of MD5.

MS-CHAP v2

MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 1) is more secure then MS-CHAP v1 as it provides two –way authentication.

MPPE, Microsoft Point-To-Point Encryption

MPPE is used is used to encrypt Point-to-Point Protocol (PPP) packets. MPPE uses the RSA RC4 algorithm to provide data confidentiality. The length of the session key to be used for the encryption can be negotiated. MPPE currently supports 40-bit, 56-bit and 128-bit RC4 session keys.

Image 49

D-Link DFL-700 manual Authentication Protocols, MPPE, Microsoft Point-To-Point Encryption

Contents

Link DFL-700 Contents Firewall Servers Status 132 129Access Control supported Features and BenefitsIntroduction Introduction to FirewallsIntroduction to Local Area Networking Physical Connections LEDsSystem Requirements Package ContentsManaging D-Link DFL-700 Resetting the DFL700Administrative Access Administration SettingsAdd Admin access to an interface Add ping access to an interfaceEnable Snmp access to an interface Add Read-only access to an interfaceInterfaces SystemChange IP of the LAN or DMZ interface WAN Interface Settings Using Dhcp WAN Interface Settings Using Static IPIP Address The IP address of the WAN interface. This is Password WAN Interface Settings Using PPPoEWAN Interface Settings Using Pptp Password The password supplied to you by your ISP WAN Interface Settings Using BigPondTraffic Shaping MTU Configuration Routing Remove a Static Route Add a new Static RouteGo to System and Routing Logging Enable Audit Logging Enable LoggingEnable E-mail alerting for ISD/IDP events Page Time Setting time and date manually Using NTP to sync timeChanging time zone Checking the Set the system time boxPolicy FirewallPolicy modes Action TypesSource and Destination Filter Service FilterSchedule Intrusion Detection / PreventionTraffic Shaping Add a new policy Enable the Delete policy checkbox Configure Intrusion DetectionEnable the Intrusion Detection / Prevention checkbox Change order of policyConfigure Intrusion Prevention Add a new mapping Port mapping / Virtual ServersDelete mapping Enable the Delete mapping checkboxAdd Administrative User Administrative usersChange Administrative User Password Change Administrative User Access levelEnable the Change password checkbox Enable the Delete user checkbox Delete Administrative UserDFL-700 Radius Support UsersEnable Radius Support Enable User Authentication via Http / HttpsAdd User Change User PasswordDelete User Add new recurring schedule SchedulesAdding TCP, UDP or TCP/UDP Service ServicesAdding IP Protocol Grouping ServicesProtocol-independent settings Introduction to IPsec VPNIntroduction to L2TP Introduction to PptpPoint-to-Point Protocol MPPE, Microsoft Point-To-Point Encryption Authentication ProtocolsL2TP/PPTP Clients Authentication protocolL2TP/PPTP Servers Authentication Protocol Introduction chapterMppe encryption Creating a LAN-to-LAN IPSec VPN Tunnel VPN between two networksCreating a Roaming Users IPSec VPN Tunnel VPN between client and an internal networkAdding a L2TP/PPTP VPN Server Adding a L2TP/PPTP VPN ClientVPN Advanced Settings IKE Proposal List Proposal ListsIPSec Proposal List Trusting Certificates CertificatesLocal identities Certificates of remote peersIdentities Certificate AuthoritiesActive content handling Content FilteringEdit the URL Global Whitelist Edit the URL Global Blacklist Active content handling Servers Dhcp Server SettingsEnable Dhcp Relay Enable Dhcp ServerDisable Dhcp Server/Relayer Enable by checking the Use built-in Dhcp Server boxEnable DNS Relayer DNS Relayer SettingsEnable by checking the Enable DNS Relayer box Disable DNS Relayer Ping ToolsPing Example Dynamic DNS Add Dynamic DNS SettingsExporting the DFL-700’s Configuration BackupRestoring the DFL-700’s Configuration Restoring system settings to factory defaults Restart/ResetRestarting the DFL-700 Page Upgrade Firmware UpgradeUpgrade IDS Signature-database System StatusCPU Load Interfaces VPN Connections Dhcp Server Users Usage events How to read the logsDrop events Conn eventsClose Example Open ExampleStep by step guides LAN IP 192.168.4.1, Subnet mask LAN-to-LAN VPN using IPsecLocal net 192.168.4.0/24 Remote Net 192.168.1.0/24 Enable Automatically add a route for the remote networkLocal net 192.168.1.0/24 LAN IP 192.168.1.1, Subnet maskRemote Net 192.168.4.0/24 LAN-to-LAN VPN using Pptp Username BranchOffice Click Activate and wait for the firewall to restart Settings for Main office Page Under Users in local database click Add new Select Local databasePage LAN-to-LAN VPN using L2TP Username BranchOffice Check Use IPsec encryption Settings for Main office Page Select Local database Under Users in local database click Add new More secure LAN-to-LAN VPN solution Page Page Settings for Main office Windows XP client and Pptp server Settings for the Windows XP clientSelect Connect to the network at my workplace and click Next Select Virtual Private Network connection and click Next Name the connection MainOffice and click Next 108 Select Do not dial the initial connection and click Next Page Click Properties Page Setup interfaces, System-Interfaces WAN IP193.0.2.20 Page Windows XP client and L2TP server 116 Settings for Main office Page Content filtering Select HTTP/HTML Content Filtering in the ALG dropdown Firewall-ServicesPage Page Intrusion detection and prevention Page Check Enable E-mail alerting for IDS/IDP events Traffic shaping Limit bandwidth to a serviceGuarantee bandwidth to a service Page Appendix a Icmp Types and Codes AppendixesPage ESP Appendix B Common IP Protocol NumbersLimited Warranty What Is Not Covered Wichtige Sicherheitshinweise Warnung CE Mark WarningAdvertencia de Marca de la CE AttenzioneVcci Warning Offices 138 Page 140