week 12 discussion

Namratha’s

Which remote authentication offers the best protect? and why?

    Remote access servers can be configured as dial-in servers or VPN servers. Dial-in servers use the Point-to-Point Protocol (PPP) or in the case of some older servers, the Serial Line Internet Protocol (SLIP) as the link layer protocol. VPN servers can use the Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), or IPSec tunnel mode to establish a secure "tunnel" over the Internet (Shinder, 2006). Windows remote access servers support the following set of authentication methods:

· Password Authentication Protocol (PAP)

· Challenge Handshake Authentication Protocol (CHAP)

· Microsoft's implementation of CHAP (MS-CHAP)

· Updated version of MS-CHAP (MS-CHAP2)

· Extensible Authentication Protocol/Transport Layer Security (EAP/TLS)

    RADIUS provides for a centralized authentication database and can handle authorization and accounting in addition to authentication. Authorization refers to granting specific services to users based on their authenticated identity; restrictions can be imposed on certain users. Accounting refers to tracking the use of the network by users and can be done for billing, management, or security purposes. RADIUS is defined in RFCs 2865 and 2866. RADIUS is supported by dial-in remote access servers, VPN servers, and wireless access points (WAPs). In addition to the authentication protocols listed above, RADIUS supports Protected EAP (PEAP) for wireless access. Microsoft's implementation of RADIUS is the Internet Authentication Service (IAS). It's built into the Windows 2000 Server and Windows Server 2003 operating systems. Microsoft vendor-specific RADIUS attributes are defined in RFC 2548. IAS integrates with the Active Directory service and allows AD user credentials to be used for remote access (single sign-on) (Shinder, 2006).

Reference

Shinder, D. (2006). Choosing a remote access authentication scheme. Retrieved March 27, 2019, from https://www.techrepublic.com/article/choosing-a-remote-access-authentication-scheme/

The Password Authentication Protocol (PAP)

Abhilash Reddy Lekkala

University of Cumberland

The most secure remote authentication protocol is the Password Authentication Protocol (PAP) in IT systems. There are different security layers on a Password Authentication Protocol to effectively help the user from hacker’s threats such as data breaches, data phishing, and other cyber threats.

The user password is more secure since it is encrypted to restrict intruder’s access to the user private network access information. Besides, when the user engages in the use of PAP, it limits the access of network trafficking. Ultimately, the user can create Password Authentication Protocol as one of the access control keys when accessing its operating system thus restricting unauthorized user access. It is more secure when applied to the user access control system since it limits the number of retries for a more secure operating system operation.

It is possible for different users to have one common credential information that can be used in accessing their network server systems but all the information are encrypted and everyone has private key encryption (Lee, 2016). Therefore, the user is required to have its own role in managing and controlling their use of confidential information that can be used in a login server.

However, it has little information when the user has created a weak password which can be manipulated easily. When the system has a weak password, therefore, the hackers can easily access the confidential data causing the risks (Shen, 2017). The user should be trained and educated on the password privacy to avoid sharing their login credentials with the third party in accessing their private access control system.

In summary, it is important to understand different approaches that require the use of Password Authentication Protocol for security protection purposes against threats and vulnerabilities. It is advisable to use different characters when creating a strong password.

Reference

Lee, Y. (2016). Improvement of the ElGamal Based Remote Authentication Scheme Using Smart Cards.

Shen, W. (2017). Remote data possession checking with privacy-preserving authenticators for cloud storage. Future Generation Computer Systems, 76(3):136-145.