For the correct interpretation of all the safety features that must be part of any VPN protocol, the first chapter deals with authentication and encryption. Various VPN protocols are supporting different security algorithms and their understanding greatly facilitates understanding of the establishment of the VPN connection. All of the following security protocols are part of any VPN protocol.
Protocols related to this article provide verification of the identity of participants for secure connection.
Often also the output of fix connection to bluetooth audio devices the key from which derive sub-key for future encrypted communication. In the case of non-authentication process would be for the client to allow access to the network could impersonate anyone, which would destroy the concept of de facto private network in Windows 10.
Since a number of attacks targeting just on appropriating the identity of authorized users access to a destination easier than direct-breaking ciphers connection, it should be the selection of authentication protocol in no way underestimated.
The following is a list of the protocols included in the embedded VPN client software Windows 10. Since it is not the aim of this article, we will devote authentication algorithms, their description is limited to the authentication procedure itself and mentioning vulnerability to various types of attack. More detailed information can be obtained at any of the publications available.
Password Authentication Protocol
The basic version of the authentication algorithm, which can be used in the protocols based on PPP, PPTP, L2TP, and SSTP.
It provides only the weakest form of identity authentication, the client sends its identification data transmission network as a pure, no unencrypted. In the first step authentication client sends a connection request containing your name and password.
The server verifies this information and respond in the second step of confirming or rejecting the connection. At first glance, the visible weakness of such an approach is the ability to read all the credentials of a client captured packet.
Then the attacker is nothing to prevent such data misuse and assume the identity and privileges of the affected user. The only advantage of the protocol are perhaps only negligible demands on computing power. Use is limited to situations where there is no available solution in the form of another protocol.
Microsoft Challenge-Handshake Authentication Protocol
This report was issued by Microsoft as a replacement for the previous PAP in situations that require a certain level of assurance about the identity authenticated.
The principle consists in the verification of challenge-response (challenge-response authentication). Client server provides authentication services for network systems Microsoft Windows, which include the connection PPTP, L2TP, and SSTP. CHAP was created by modifying the algorithm and uses a very similar message structure.
Each message has exactly one dimension PPP packet and contains the following items: message type identifier, message length and data. Permitted are four types of messages – Challenge, Response, Success and Failure. The identifier uniquely assigns to each message type Challenge and Response.