CompTIA A_ Certification All-In-One Exam Guide, Seventh Edition - Michael Meyers [470]
Figure 26-26 Control Panel, Category view
Network Authentication
Have you ever considered the process that takes place each time a person types in a user name and password to access a network, rather than just a local machine? What happens when this network authentication is requested? If you’re thinking that when a user types in a user name and password, that information is sent to a server of some sort to be authenticated, you’re right—but do you know how the user name and password get to the serving system? That’s where encryption becomes important in authentication.
In a local network, authentication and encryption are usually handled by the NOS. In today’s increasingly interconnected and diverse networking environment, there is a motivation to enable different network operating systems to authenticate any client system from any other NOS. Modern network operating systems such as Windows and OS X use standard authentication encryptions such as MIT’s Kerberos, enabling multiple brands of servers to authenticate multiple brands of clients. These LAN authentication methods are usually transparent and work quite nicely, even in mixed networks.
Figure 26-27 Essential programs (doesn’t everyone need to run Half-Life 2?)
Unfortunately, this uniformity falls away as you begin to add remote access authentications. There are so many different remote access tools, based on UNIX/Linux, Novell NetWare, and Windows serving programs, that most remote access systems have to support a variety of authentication methods.
PAP Password Authentication Protocol (PAP) is the oldest and most basic form of authentication. It’s also the least safe, because it sends all passwords in clear text. No NOS uses PAP for a client system’s login, but almost all network operating systems that provide remote access service support PAP for backward compatibility with a host of older programs (such as Telnet) that only use PAP.
CHAP Challenge Handshake Authentication Protocol (CHAP) is the most common remote access protocol, by which the serving system challenges the remote client by asking the remote client some secret—usually a password. If the remote client responds appropriately, the host allows the connection.
MS-CHAP MS-CHAP is Microsoft’s variation of the CHAP protocol, using a slightly more advanced encryption protocol. The version of MS-CHAP that comes with Vista is version 2 (MS-CHAP v2).
Configuring Dial-up Encryption
It’s the server, not the client, that controls the choice of dial-up encryption. Whoever configures the dial-up server determines how you have to configure the dial-up client. Microsoft clients handle a broad selection of authentication encryption methods, including no authentication at all. On the rare occasion when you have to change your client’s default encryption settings for a dial-up connection, you’ll need to journey deep into the bowels of its properties. Figure 26-28 shows the Windows Vista dialog box, called Advanced Security Settings, where you configure encryption. The person who controls the server’s configuration will tell you which encryption method to select here.
Figure 26-28 Setting dial-up encryption in the Windows Vista Advanced Security Settings dialog box
Data Encryption
Encryption methods don’t stop at the authentication level. There are a number of ways to encrypt network data as well. The choice of encryption method is dictated to a large degree by the method used by the communicating systems to connect. Many networks consist of multiple networks linked together by some sort of private connection, usually some kind of telephone line such as ISDN or T1. Microsoft’s encryption method of choice for this type of network is called IPSec (derived