p oint-to- p oint t unneling p rotocol [pptp]
DESCRIPTION
P oint-to- P oint T unneling P rotocol [PPTP]. Team: Invincibles Deepak Tripathi Habibeh Deyhim Karthikeyan Gopal Satish Madiraju Tusshar RakeshNLN. Agenda. Overview PPTP Connections PPTP Architecture PPTP Underlying Technology PPP Architechure PPTP Security. PPTP ?. - PowerPoint PPT PresentationTRANSCRIPT
Point-to-Point Tunneling Protocol[PPTP]
Team: Invincibles
Deepak TripathiHabibeh Deyhim
Karthikeyan GopalSatish Madiraju
Tusshar RakeshNLN
Agenda
• Overview• PPTP Connections• PPTP Architecture• PPTP Underlying Technology• PPP Architechure• PPTP Security
PPTP ?
PPTP - enables secure data transfers between a remote client and an enterprise server by creating a VPN across an IP-based internetwork
Success of PPTP The use of PSTNs (Public Switched Telephone
Networks).
Support to Non-IP protocols.
PPTP Connections
For Remote Access:
•PPTP Client connects to the ISP using Dial Up Networking
• PPTP then creates a tunnel between the VPN client and VPN server.
For LAN internetworking:
•It does not require the ISP connection phase so the tunnel could be directly created.
PPTP Architecture
PPTP employs three processes to secure PPTP-based communication over unsecured media
PPP-based connection establishment
PPTP Connection control
PPTP tunneling and data transfer
PPTP Connection Control
Common PPTP control messages
Name Description
Start-Control-Connection-Request Request from the PPTP client to establish control connection.
Start-Control-Connection-Reply Reply from the PPTP server to the client.
Outgoing-Call-Request Request from the PPTP client to the server to establish a PPTP tunnel
Outgoing-Call-Reply Response from the PPTP server to the client
Echo-Request Keep-alive mechanism from either server or client.
Echo-Reply Response to the Echo-Request message.
Stop-Control-Connection-Request Request Message from the PPTP client or server notifying the other end of the termination of control connection.
Stop-Control-Connection-Reply Reply Response from the opposite end.
PPTP Data Tunneling and Processing
Recipient endSender end
Underlying Technology
PPTP is based on PPP Operates at layer 2 of OSI Advantages:
Can operate any DTE or DCE including EIA/TIA-232-C and ITUV.3
Does not restrict transmission rates
Requirement: Availability of a duplex connection
Synchronous Asynchronous
PPP architecture
PPP standards-based protocol. PPP's frame format is based on the HDLC PPP can negotiate link options dynamically support multiple Layer 3 protocols, such as IP,
IPX, and AppleTalk.
PPP architecture - LCP
PPP defines the Link Control Protocol (LCP). The job of the LCP
Establish, configure, and test the data-link connection.
Callback Data compression Multilink PAP authentication CHAP authentication
LCP Authentication
PAP vs. CHAP
PAP(password authentication protocol) Remote host is in control of login
requests. (Trial and error attack) Password is sent in clear text
LCP Authentication
PAP vs. CHAP
CHAP(challenge handshake authentication protocol)
Access servers is in control of login attempts Password is not transmitted in clear text
CHAP Operation
PPP architecture –NCP
Link partners exchange NCP packets to establish and configure different network-layer protocols including IP, IPX, and AppleTalk.
Each Layer 3 protocol has its own NCP. The NCP can build up and tear down
multiple Layer 3 protocol sessions over a single data link.
PPTP Security
Data Encryption Data Authentication Packet Filtering Firewalls & Routers
Encryption
Microsoft Point to Point Encryption RSA RC4 Algorithm with 40 or 128
Bit key XOR Attack Bit Flipping Attack
Authentication Methods
Clear Text password LANMAN Hash NT Encryption Hash Challenge/Response MSCHAP
LAN Manager Hash
Password Convert to uppercase Divide into two 7 character strings Encrypt a fixed constant with a
string Merge both 8 byte strings 16 byte hashed string
14 Byte String
NT Encryption Hash
Password
Hash using MD4
16 Byte hash
Unicode
MSCHAP Client requests login challenge Server sends 8 byte random
challenge Client calculates LANMAN hash or NT
hash Partitions the key into three keys Each key encrypts the challenge Three keys are merged and sent as
response
P0 P1 P2 P3 P4 P5 P6 P7 P8 P9 P10 P11 P12 P13
H0 H1 H2 H3 H4 H5 H6 H7 H8 H9 H10H11H12H13 H15H14
K0 K1 K2 K3 K4 K5 K6 K7 K8 K9 K10K11K12K13
R0 R1 R2 R3 R4 R5 R6 R7
K15K14 018 019 020017016
R8 R9 R10R11R12R13 R15R14 R16 R17 R18 R19 R20 R21 R23R22
Secret Password:
LM hash of the password:
3 DES keys derived:
Challenge response: 3 DES encryptions of 8-byte challenge: DES
MSCHAP…
Packet Filtering & Firewalls
Packet filtering allows a server to route packets to only authenticated clients
Firewalls filter the traffic on the basis of ACL ( Access Control List )
Cakewalk! AsLEAP
No Such Thing As Free Lunch!
PPTP is weaker option, security wise, IPSec, L2TP are more secure
PPTP is platform dependent
Requires extensive configuration
References
IPSec VPN DesignBy Vijay Bollapragada, ISBN-13: 978-1-58705-111-1
http://cabrillo.edu/~rgraziani/courses/ccnp_sem6.html
http://www.faqs.org/rfcs/rfc1661.html
http://grok2.tripod.com/ppp.html