WEBVTT 00:00.000 --> 00:01.800 >> Let's move on to our next section 00:01.800 --> 00:03.990 which covers Remote Access. 00:03.990 --> 00:05.730 We're looking at connecting to 00:05.730 --> 00:08.265 the network without being physically plugged in. 00:08.265 --> 00:10.500 We'll talk a little bit about dial-up, 00:10.500 --> 00:12.480 and then we'll talk about VPN access 00:12.480 --> 00:15.490 through a process we refer to as tunneling. 00:15.800 --> 00:18.270 Let's take a look at dial-up. 00:18.270 --> 00:19.920 Normally, when we're connected 00:19.920 --> 00:21.554 >> to our local area network, 00:21.554 --> 00:24.540 >> we're connected via our network card and that 00:24.540 --> 00:26.670 network card provides Layer 2 framing 00:26.670 --> 00:28.260 for a local network. 00:28.260 --> 00:30.720 But if we take a step back and we think about 00:30.720 --> 00:33.000 our remote access clients, maybe 00:33.000 --> 00:35.970 using a modem to connect into a remote access server, 00:35.970 --> 00:37.290 which is likely not the way 00:37.290 --> 00:39.015 we're communicating mainstream, 00:39.015 --> 00:43.415 but remote access server and modem usage still exists. 00:43.415 --> 00:45.650 But in this case, I've a client who's no 00:45.650 --> 00:48.275 longer connecting to the network via network card, 00:48.275 --> 00:50.390 which means they don't have a device that does 00:50.390 --> 00:52.900 the work that a network card typically does. 00:52.900 --> 00:55.670 One of the things a network card does is provide 00:55.670 --> 00:58.655 Layer 2 framing for LAN connections. 00:58.655 --> 01:00.590 It adds the information that's 01:00.590 --> 01:03.475 necessary to communicate across the LAN. 01:03.475 --> 01:06.500 If we have a client dialing up with a modem, 01:06.500 --> 01:09.260 there is no device to provide that Layer 2 framing. 01:09.260 --> 01:12.055 That's where Point-to-Point Protocol comes in. 01:12.055 --> 01:14.390 PPP is how it's often 01:14.390 --> 01:17.375 referred to, point-to-point protocol through, 01:17.375 --> 01:19.190 is what does that Layer 2 framing 01:19.190 --> 01:21.380 for connections to the WAN. 01:21.380 --> 01:23.930 It was traditionally used with dial-up clients. 01:23.930 --> 01:26.210 But today, now that we're connecting out to 01:26.210 --> 01:30.200 our WANs through our cable modems and DSL modems, 01:30.200 --> 01:33.080 now we have something called PPPoE, 01:33.080 --> 01:35.845 which is Point-to-Point Protocol over Ethernet. 01:35.845 --> 01:38.375 It basically means you're using your network card, 01:38.375 --> 01:39.590 but you're still connecting to 01:39.590 --> 01:43.060 a WAN as opposed to a local area network. 01:43.060 --> 01:45.020 The primary protocol is 01:45.020 --> 01:46.730 going to be allowing us to connect to 01:46.730 --> 01:49.100 a WAN and still have that Layer 2 01:49.100 --> 01:53.160 information added, that's point-to-point protocol. 01:53.390 --> 01:56.060 With point-to-point protocol, it's 01:56.060 --> 01:57.845 not designed to add security, 01:57.845 --> 02:00.500 it's specifically for Layer 2 framing. 02:00.500 --> 02:02.870 For security, there are a handful of 02:02.870 --> 02:05.455 authentication protocols that would be used. 02:05.455 --> 02:07.785 The first which is PAP. 02:07.785 --> 02:11.705 PAP stands for Password Authentication Protocol. 02:11.705 --> 02:15.230 PAP transmits passwords in plain text. 02:15.230 --> 02:17.120 We don't want that anymore. 02:17.120 --> 02:20.125 PAP really is irrelevant for use today. 02:20.125 --> 02:23.790 PAP was replaced by a protocol called CHAP, 02:23.790 --> 02:26.760 Challenge Handshake Authentication Protocol. 02:26.760 --> 02:30.020 Then Microsoft extended beyond that and there's 02:30.020 --> 02:35.060 MS-CHAP and MS-CHAP version 2. 02:35.060 --> 02:38.050 But ultimately, this is something called a challenge 02:38.050 --> 02:41.495 handshake protocol or a challenge response. 02:41.495 --> 02:44.050 Basically, when one device is trying to make 02:44.050 --> 02:45.280 a connection with another 02:45.280 --> 02:47.275 based on the password that's entered, 02:47.275 --> 02:48.880 let's say I've to connect to 02:48.880 --> 02:51.085 a router from one router from another, 02:51.085 --> 02:52.630 I'm setting up a static route, 02:52.630 --> 02:55.905 for instance, there may be a password protection. 02:55.905 --> 02:58.390 Only if I type in the correct password 02:58.390 --> 02:59.530 can my device respond 02:59.530 --> 03:00.670 to a challenge issued by 03:00.670 --> 03:03.460 the server or the system on the other end. 03:03.460 --> 03:05.380 Basically, what it is is 03:05.380 --> 03:07.210 a system where I can prove the password 03:07.210 --> 03:08.830 that's being entered correctly without 03:08.830 --> 03:11.365 having to put the password on network. 03:11.365 --> 03:14.020 Challenge response systems are good 03:14.020 --> 03:15.700 because they do keep the passwords off 03:15.700 --> 03:17.980 the network. That's desirable. 03:17.980 --> 03:21.070 But the problem with CHAP and PAP 03:21.070 --> 03:23.200 also is that they only provide 03:23.200 --> 03:26.120 a means to authenticate using passwords. 03:26.120 --> 03:28.900 There are a lot of ways we can authenticate today. 03:28.900 --> 03:32.349 We can use smartcards, biometrics, cookies, 03:32.349 --> 03:34.630 certificates, tokens, and none of 03:34.630 --> 03:37.375 that can be used with PAP or CHAP. 03:37.375 --> 03:39.220 We needed a protocol that could 03:39.220 --> 03:41.170 extend beyond just passwords and 03:41.170 --> 03:42.730 really provide capabilities to 03:42.730 --> 03:45.280 authenticate in any manner you choose. 03:45.280 --> 03:49.775 That's where EAP, Extensible Authentication Protocol. 03:49.775 --> 03:53.260 EAP extends the capabilities beyond passwords. 03:53.260 --> 03:55.195 You can think of it in that way. 03:55.195 --> 03:56.755 At any point in time 03:56.755 --> 03:58.060 you're using anything beyond 03:58.060 --> 04:00.455 passwords, you're definitely using EAP. 04:00.455 --> 04:03.485 It will also allow you to use passwords as well. 04:03.485 --> 04:06.180 EAP is the way of the future.