1 / 26

P oint-to- P oint T unneling P rotocol [PPTP]

P oint-to- P oint T unneling P rotocol [PPTP]. Team: Invincibles Deepak Tripathi Habibeh Deyhim Karthikeyan Gopal Satish Madiraju Tusshar RakeshNLN. Agenda. Overview PPTP Connections PPTP Architecture PPTP Underlying Technology PPP Architechure PPTP Security. PPTP ?.

newman
Download Presentation

P oint-to- P oint T unneling P rotocol [PPTP]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Point-to-Point Tunneling Protocol[PPTP] Team: Invincibles Deepak Tripathi Habibeh Deyhim Karthikeyan Gopal Satish Madiraju Tusshar RakeshNLN

  2. Agenda • Overview • PPTP Connections • PPTP Architecture • PPTP Underlying Technology • PPP Architechure • PPTP Security

  3. PPTP ? PPTP - enables secure data transfers between a remote client and an enterprise server by creating a VPN across an IP-based internetwork Success of PPTP • The use of PSTNs (Public Switched Telephone Networks). • Support to Non-IP protocols.

  4. PPTP Connections • For Remote Access: • PPTP Client connects to the ISP using Dial Up Networking • PPTP then creates a tunnel between the VPN client and VPN server. • For LAN internetworking: • It does not require the ISP connection phase so the tunnel could be directly created.

  5. PPTP Architecture PPTP employs three processes to secure PPTP-based communication over unsecured media • PPP-based connection establishment • PPTP Connection control • PPTP tunneling and data transfer

  6. PPTP Connection Control

  7. Common PPTP control messages

  8. PPTP Data Tunneling and Processing Recipient end Sender end

  9. Underlying Technology • PPTP is based on PPP • Operates at layer 2 of OSI • Advantages: • Can operate any DTE or DCE including EIA/TIA-232-C and ITUV.3 • Does not restrict transmission rates • Requirement: • Availability of a duplex connection • Synchronous • Asynchronous

  10. PPP architecture • PPP standards-based protocol. • PPP's frame format is based on the HDLC • PPP can negotiate link options dynamically • support multiple Layer 3 protocols, such as IP, IPX, and AppleTalk.

  11. PPP architecture - LCP • PPP defines the Link Control Protocol (LCP). • The job of the LCP • Establish, configure, and test the data-link connection. • Callback • Data compression • Multilink • PAP authentication • CHAP authentication

  12. LCP AuthenticationPAP vs. CHAP PAP(password authentication protocol) • Remote host is in control of login requests. (Trial and error attack) • Password is sent in clear text

  13. LCP AuthenticationPAP vs. CHAP CHAP(challenge handshake authentication protocol) • Access servers is in control of login attempts • Password is not transmitted in clear text

  14. CHAP Operation

  15. PPP architecture –NCP • Link partners exchange NCP packets to establish and configure different network-layer protocols including IP, IPX, and AppleTalk. • Each Layer 3 protocol has its own NCP. • The NCP can build up and tear down multiple Layer 3 protocol sessions over a single data link.

  16. PPTP Security • Data Encryption • Data Authentication • Packet Filtering • Firewalls & Routers

  17. Encryption • Microsoft Point to Point Encryption • RSA RC4 Algorithm with 40 or 128 Bit key • XOR Attack • Bit Flipping Attack

  18. Authentication Methods • Clear Text password • LANMAN Hash • NT Encryption Hash • Challenge/Response MSCHAP

  19. LAN Manager Hash • Password • Convert to uppercase • Divide into two 7 character strings • Encrypt a fixed constant with a string • Merge both 8 byte strings • 16 byte hashed string 14 Byte String

  20. NT Encryption Hash Unicode • Password • Hash using MD4 • 16 Byte hash

  21. MSCHAP • Client requests login challenge • Server sends 8 byte random challenge • Client calculates LANMAN hash or NT hash • Partitions the key into three keys • Each key encrypts the challenge • Three keys are merged and sent as response

  22. P0 P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12 P13 H0 H1 H2 H3 H4 H5 H6 H7 H8 R16 R8 R17 R9 H9 H10 R18 R10 R11 H11 R19 R20 R12 H12 H13 R13 R21 H14 R22 R14 R23 H15 R15 016 017 018 019 020 K0 K1 K2 K3 K4 K5 K6 K7 K8 K9 K10 K11 K12 K13 K14 K15 R0 R1 R2 R3 R4 R5 R6 R7 DES MSCHAP… Secret Password: LM hash of the password: 3 DES keys derived: Challenge response: 3 DES encryptions of 8-byte challenge:

  23. Packet Filtering & Firewalls • Packet filtering allows a server to route packets to only authenticated clients • Firewalls filter the traffic on the basis of ACL ( Access Control List )

  24. Cakewalk! AsLEAP

  25. No Such Thing As Free Lunch! • PPTP is weaker option, security wise, IPSec, L2TP are more secure • PPTP is platform dependent • Requires extensive configuration

  26. References • IPSec VPN DesignBy Vijay Bollapragada, ISBN-13: 978-1-58705-111-1 • http://cabrillo.edu/~rgraziani/courses/ccnp_sem6.html • http://www.faqs.org/rfcs/rfc1661.html • http://grok2.tripod.com/ppp.html

More Related