Authentication protocols

• EAP - Extensible Authentication Protocol. A set of APIs in Windows for developing new security protocols as needed to accommodate new technologies. MD5-CHAP and EAP-TLS are two examples of EAP.

• EAP-TLS - Transport Level Security. Primarily used for digital certificates and smart cards.

• MD5-CHAP - Message Digest 5 Challenge Handshake Authentication Protocol. Encrypts usernames and passwords with an MD5 algorithm.

• RADIUS - Remote Authentication Dial-in User Service. Specification for vendor-independent remote user authentication. Windows XP Professional can act as a RADIUS client only.

• MS-CHAP (v1 and 2) - Microsoft Challenge Handshake Authentication Protocol. Encrypts entire session, not just username and password. v2 is supported in Windows XP, Windows 2000,Windows NT4 and Windows 95/98/ME (with DUN 1.5 upgrade) for VPN connections. MS-CHAP cannot be used with non-Microsoft clients. You must use MS-CHAP authentication for PPTP (see below).

• SPAP - Shiva Password Authentication Protocol. Used by Shiva LAN Rover clients. Encrypts password, but not data.

• CHAP - Challenge Handshake Authentication Protocol - encrypts user names and passwords, but not session data. Works with non-Microsoft clients.

• PAP - Password Authentication Protocol. Sends username and password in clear text.

Virtual Private Networks (VPNs)

• PPTP - Point to Point Tunneling Protocol. Creates an encrypted tunnel through an untrusted network. The encryption is provided by Microsoft Point-to-Point Encryption (MPPE), a Microsoft proprietary protocol and is available at 40-bit or 128-bit levels. MPPE requires the use of MS-CHAP.

• L2TP - Layer Two Tunneling Protocol. Works like PPTP as it creates a tunnel, but it does not provide data encryption. Security is provided by using an encryption technology like IPSec.

• Windows XP Professional supports a single inbound VPN connection.

Multilink Support:

• Multilinking allows you to combine two or more modems or ISDN adapters into one logical link with increased bandwidth.

• BAP (Bandwidth Allocation Protocol) and BACP (Bandwidth Allocation Control Protocol) enhance multilinking by dynamically adding or dropping links on demand. Settings are configured through RAS policies.

• Enabled from the PPP tab of a RAS server's Properties dialog box.

Setting Callback Security

• Using callback allows you to have the bill charged to your phone number instead of the number of the user calling in. Also used to increase security.

• For roving users like a sales force, choose "Allow Caller to Set The Callback Number" (less secure).

Dial-up networking

• Microsoft technical documentation generally refers to dial-up networking when describing outbound connections. Inbound connections are usually associated with Remote Access Services (RAS).

• All new connections are added using the "Make New Connection" wizard.

Microsoft Windows XP Professional

• To create a VPN connection, choose Dial-Up To A Private Network Through The Internet, specify whether you need to establish a connection with an ISP first, enter the host name or IP address of the computer/network you are connecting to, and select whether connection is for yourself or all users.

• Dial-up networking entries can be created for modem connections, LAN connections, direct cable connections and Infrared connections.

• PPP is generally preferred because it supports multiple protocols, encryption, and dynamic assignment of IP addresses. SLIP is an older protocol that only supports TCP/IP and is used for dialing into legacy UNIX systems.

• Separate icons under Dial-up networking represent all network connections, inbound and outbound - properties, protocols, addresses and services can be individually configured for each.