Is RAS Safe?

You've probably seen the commercials in which businessmen and consumers alike are debating whether sending confidential information over the Internet is safe. You might even have pondered the issue as you were about to order flowers or send proprietary files over the Internet.

"Is it safe?" is a valid question, given that about 11 million Americans telecommute at least once a day. The increasing popularity of telecommuting is pressuring businesses to give employees and customers secure access to enterprise networks and the Internet. Network administrators and managers are spending thousands and even millions of dollars to secure their sites and networks.

In the past, companies often used clear text passwords for remote access connectivity. Although some Internet Service Providers (ISPs) still offer only clear text authentication, many are switching to more secure authentication methods, such as the one in Windows NT 4.0.

NT 4.0's Remote Access Service (RAS) offers much more than encrypted authentication. Microsoft claims that using NT RAS to dial in remotely is even more secure than logging on to a LAN file server. This claim carries some weight because RAS security features--such as authentication protocols, encryption standards, security hosts, and Point-to-Point Tunneling Protocol (PPTP)--are not usually available when you log on to a LAN.

Authentication Protocols
NT 4.0 uses various types of authentication protocols, including Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP), Challenge Handshake Authentication Protocol (CHAP), and Microsoft CHAP (MS-CHAP). These protocols directly affect the type of encryption that remote access clients can use.

PAP and SPAP
PAP is the least sophisticated authentication protocol. PAP encrypts the password database but not the user ID or password.

Because PAP uses clear-text passwords, you use PAP in only two circumstances: when you're dialing in to a Point-to-Point Protocol (PPP) server that does not support encrypted authentication and when you're dialing into a Serial Line IP (SLIP) server. (SLIP servers understand only clear-text passwords.) In general, you use PAP only when the client and server cannot negotiate a more secure form of authentication.

SPAP is Shiva's proprietary version of PAP. SPAP is more secure than PAP because SPAP uses a two-way (reversible) authentication method that encrypts passwords. Thus, SPAP offers a medium level of security for remote access.

Shiva uses SPAP in its remote access client software. Thus, you can use SPAP to connect an NT client to a Shiva LanRover or a Shiva client to an NT server. You can also use SPAP when a Windows 95 (Win95) client is set up for user-level security using a Novell NetWare account.

CHAP and MS-CHAP
An important distinction exists between CHAP and MS-CHAP. CHAP is a widely accepted industry authentication protocol; MS-CHAP, a proprietary protocol, is not. You can, however, use MS-CHAP with CHAP.

CHAP provides a higher level of security for remote access than PAP. CHAP encrypts the user ID or password, but the CHAP password database is in clear text.

CHAP uses a three-way handshake to provide encrypted authentication. The authenticator first sends out a challenge to the client. The client responds with a one-way encrypted value. The authenticator checks to see whether the value matches. If it does, the authenticator acknowledges the authentication. CHAP then periodically verifies the client's identity. It changes the challenge value every time it sends out a message, which protects against playback attacks (i.e., a hacker records the exchange and plays back the message to obtain fraudulent access).

MS-CHAP, the most secure encryption algorithm that NT supports, is Microsoft's version of RSA Data Security's MD4 standard. MS-CHAP uses a one-way hash function to produce a message-digest algorithm. A hash function takes a variable-size input and returns a fixed-size 128-bit string. This type of algorithm produces a secure checksum for each message, making it almost impossible to change the message if you don't know the checksum. (For more information on hashed passwords, see Mark Minasi, "Windows NT Logons," June 1997.)

Both NT 4.0 and Win95 RAS clients use MS-CHAP to negotiate a PPP connection to an NT RAS server. MS-CHAP corresponds to the Require Microsoft Encrypted Authentication encryption setting on the RAS server. MS-CHAP uses RSA Data Security's RC4 algorithm to support RAS session user data encryption. Currently, NT uses two versions of the algorithm: 128-bit RC4 encryption for the US and Canada and 40-bit RC4 encryption for export. Microsoft cannot export the 128-bit version because US law prevents American companies from exporting software with an encryption scheme exceeding 40 bits. (Congress is currently debating HR 695, a bill that would let US companies export 56-bit encryption software. For more information on this bill's history, see Mark Smith's editorial, "The Key to the Kingdom," June 1997. For updates on where HR 695 is in Congress, go to http://www.privacy.org.)

With MS-CHAP, you can configure the RAS server so that users connecting to the server can send only encrypted data. However, some vendors do not support MS-CHAP in their products, and therefore, you probably could not connect to those products.

Encryption Standards
Data encryption software often uses two types of encryption algorithms: public-key algorithms and shared-key algorithms. Public-key algorithms use two different keys for encryption and decryption, which is why people often refer to them as asymmetric algorithms. The software owner keeps a private key, and users share a public key.