Remote Access Protocols

Posted on by Darril

If you plan on taking the Security+ exam you should have a good understanding of remote access protocols used within TCP/IP .  This blog covers many, including those used with VPNs:

Remote Access Protocols

Some common remote access and virtual private network (VPN) tunneling protocols include:

  • PPP. Point-to-Point Protocol is used to create dial-up connections between a dial-up client and a remote access server, or between a dial-up client and an Internet Service Provider (ISP).
  • IPsec. Internet Protocol security (IPsec) can be used as a remote access tunneling protocol to encrypt traffic going over the Internet. It uses the Internet Key Exchange (IKE) over port 500 to create a security association for the VPN.
  • PPTP. Point-to-Point Tunneling Protocol is a tunneling protocol used with VPNs that has some known vulnerabilities. PPTP uses TCP port 1723.
  • L2TP. Layer 2 Tunneling Protocol combines the strengths of Layer 2 Forwarding (L2F) and PPTP. L2TP is commonly used with IPsec for VPNs. Since NAT is not compatible with IPsec, L2TP/IPsec can’t go through a device running NAT. L2TP uses UDP port 1701.
  • RADIUS. Remote Authentication Dial-In User Service provides central authentication to remote access clients. When an organization uses more than one remote access server, each remote access server can forward authentication requests to the central RADIUS server. RADIUS only encrypts passwords.
  • TACACS/XTACACS. Terminal Access Controller Access-Control System and Extended TACACS are older network authentication protocols. TACACS is generic, and XTACACS is proprietary to Cisco. TACACS uses UDP port 49.
  • TACACS+. TACACS+ is used as an alternative over RADIUS. Cisco VPN concentrators use TACACS+ and it encrypts the entire authentication process. It uses multiple challenge responses for authentication, authorization, and audit (AAA). TACACS+ has wider uses including as an authentication service for network devices. TACACS+ uses TCP port 49.

Remember this

IPsec uses port 500 for IPsec VPN connections. RADIUS only encrypts the password in the authentication process. TACACS+ encrypts the entire authentication process. TACACS+ uses multiple challenge responses for authentication, authorization, and audit. TACACS+ is also used as an authentication service for network devices. TACACS uses UDP and TACACS+ uses TCP.

Remote Access Authentication

Remote Access Services (RAS) are used to provide access to an internal network from an outside source. The previous section covered some of the protocols used for remote access connections, but this section covers different authentication mechanisms that can be used with RAS.

Clients access a RAS server via either dial-up or a virtual private network (VPN). A VPN allows a client to access a private network over a public network (such as the Internet).

Remote access methods are useful for personnel that need access to the private network from remote locations. However, no matter what method of remote access you use, you still need to ensure that only authorized clients can access your network remotely. Authorization begins with authentication, and there are multiple methods of authentication used with remote access.

The different authentication mechanisms that may be used with remote access services are:

  • PAP. Password Authentication Protocol. Passwords are sent in clear text so PAP is rarely used today.
  • CHAP. Challenge Handshake Authentication Protocol. CHAP uses a handshake process where the server challenges the client. The client then responds with appropriate authentication information.
  • MS-CHAP. Microsoft’s implementation of CHAP, which is used only by Microsoft clients.
  • MS-CHAPv2. An improvement over MS-CHAP. A significant improvement of MS-CHAPv2 over MS-CHAP is the ability to perform mutual authentication.
  • RADIUS. Remote Authentication Dial-In User Service. Radius provides a centralized method of authentication for multiple remote access services servers. RADIUS encrypts the password packets, but not the entire authentication process.
  • TACACS and XTACACS. Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that was commonly used in UNIX networks. Extended TACACS (XTACACS) is an improvement over TACACS developed by Cisco Systems and is proprietary to Cisco systems. Neither of these are commonly used today with most organizations using either RADIUS or TACACS+.
  • TACACS+. Terminal Access Controller Access-Control System+ (TACACS) is an alternative to RADIUS and is proprietary to Cisco systems. A benefit of TACACS+ is that it can interact with Kerberos allowing it to work with a broader range of environments including Microsoft. Additionally, TACACS+ encrypts the entire authentication process (RADIUS encrypts only the password).
Apps for Your Mobile Devices
Are you looking for an app that includes quality practice test questions and flashcards? Learnzapp has published several including apps on A+, Network+, and Security+. Some of the features include:
  • Extremely easy to navigate.
  • Excellent performance and stability.
  • Fluid user interface with colorful tiles design.
  • Available for most mobile smartphones and tablets.
  • Versions are available for Apple iOS 7, Android 4.X, and Amazon Kindle Fire.

See the Security+ app in action in this short video:

https://www.youtube.com/watch?v=xhbvBcXEvYA

See the Network+ app in action in this short video:

https://www.youtube.com/watch?v=MVy0eKZkp2I

See the A+ app in action in this short video:

https://www.youtube.com/watch?v=Yrkf-piY0EA
Free No Risk Discount CompTIA Voucher Code

Discount CompTIA Vouchers

Are you ready to take your CompTIA certification exam? If so, get a free discount code here. No risk. Use the code at CompTIAs site and get a discount that is often better than sellers of discount vouchers.

Other Security+ Study Resources

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!