Windows Server 2008 R2 Unleashed (168 page)

Without a Certificate Authority (CA) server or smart cards, MS-CHAP v2 is highly recom-

mended because it provides a stronger authentication protocol than MS-CHAP. MS-CHAP

v2 also provides mutual authentication, which allows the VPN client to be authenticated

by the VPN server and the VPN server to be authenticated by the VPN client.

If a password-based authentication protocol must be used, it is good practice to enforce

the use of strong passwords (passwords greater than eight characters) that contain a

random mixture of upper- and lowercase letters, numbers, and punctuation. Group poli-

cies can be used in Active Directory to enforce strong user passwords.

ptg

EAP and PEAP Authentication Protocols

Extensible Authentication Protocol (EAP) and Protected Extensible Authentication

Protocol (PEAP) are designed to be used along with a certificate infrastructure that uses

user certificates or smart cards.

With EAP, the VPN client sends its user certificate for authentication, and the VPN server

sends a computer certificate for authentication. This is the strongest authentication

method because it does not rely on passwords. Third-party CAs can be used as long as the

certificate in the computer store of the Network Policy Server (NPS) server contains the

Server Authentication certificate purpose (also known as a certificate usage or certificate

issuance policy). A certificate purpose is identified using an object identifier (OID). If the

OID for Server Authentication is 1.3.6.1.5.5.7.3.1, the user certificate installed on the

Windows remote access client must contain the Client Authentication certificate purpose

(OID 1.3.6.1.5.5.7.3.2).

PEAP does not specify an authentication method, but rather secures EAP by creating an

encrypted channel between the client and the server. As such, it provides additional secu-

rity on top of EAP. PEAP can even be used with MS-CHAP v2 to provide additional security

to the password authentication protocol.

Authentication Protocols for L2TP/IPSec Connections

For L2TP/IPSec connections, any authentication protocol can be used because the authen-

tication occurs after the VPN client and VPN server have established a secure connection

known as an IPSec security association (SA). The use of a strong authentication protocol

such as MS-CHAP v2, EAP, or PEAP is recommended to provide strong user authentication.

858

CHAPTER 24

Server-to-Client Remote Access and DirectAccess

Choosing the Best Authentication Protocol

Organizations spend very little time choosing the most appropriate authentication proto-

col to use with their VPN connections. In many cases, the lack of knowledge about the

differences between the various authentication protocols is the reason a selection is not

made. In other cases, the desire for simplicity is the reason heightened security is not

chosen as part of the organization’s authentication protocol decisions. Whatever the case,

we make the following suggestions to assist you in selecting the best authentication proto-

col for VPN connections:

. Using the EAP or PEAP authentication protocol for PPTP, L2TP, and SSTP connec-

tions is highly recommended if the following conditions exist in an organization. If

a smart card will be used, or if a certificate infrastructure that issues user certificates

exists, then EAP is the best and most secure option. Note that EAP is supported only

by VPN clients running Windows XP, Windows 2000 client, Windows Vista,

Windows 7, Windows 2000 Server, Windows Server 2003, Windows Server 2008, and

Windows Server 2008 R2.

. Use PEAP with EAP-MS-CHAP v2 as a method of easing the deployment burden. In

this configuration, certificates are required only for the VPN server infrastructure and

not for the clients. However, the key generation is done using Transport Level

Security (TLS) with mutual authentication for greatly enhanced security.

ptg

. Use MS-CHAP v2 and enforce strong passwords using Group Policy if you must use a

password-based authentication protocol. Although not as strong of a security proto-

col as PEAP or EAP, MS-CHAP v2 is supported by computers running Windows Server

2008, Windows Server 2008 R2, Windows Server 2003, Windows 2000 Server,

Windows Vista, Windows 7, Windows XP, Windows 2000 client, Windows NT 4.0

with Service Pack 4 and higher, Windows Me, Windows 98, and Windows 95 with

the Windows Dial-Up Networking 1.3 or higher Performance and Security Update.

VPN Protocols

PPTP, L2TP, and SSTP are the communication standards used to manage tunnels and

encapsulate private data. It is important to note that data traveling through a tunnel must

also be encrypted to be a VPN connection. Windows Server 2008 R2 includes PPTP, L2TP,

and SSTP tunneling protocols.

To establish a tunnel, both the tunnel client and tunnel server must be using the same

tunneling protocol. Tunneling technology can be based on either a Layer 2 or Layer 3

tunneling protocol that corresponds to the Open System Interconnection (OSI) reference

model. Layer 2 protocols correspond to the Data-link layer and use frames as their unit of

exchange. PPTP and L2TP are Layer 2 tunneling protocols that encapsulate the payload in

a PPP frame before it is sent across the Internet. Layer 3 protocols correspond to the

VPN Protocols

859

Network layer and use packets. IPSec tunnel mode is a Layer 3 tunneling protocol that

encapsulates IP packets in an additional IP header before sending them across the Internet.

Windows 7, Windows Vista, Windows XP, and Windows 2000 workstation VPN client and

server computers support both L2TP/IPSec and PPTP by default. Both PPTP and L2TP/IPSec

use PPP to provide an initial envelope for the data and then append additional headers for

24

transport through the Internet. PPTP and L2TP also provide a logical transport mechanism

to send PPP payloads and provide tunneling or encapsulation so that PPP payloads based

on any protocol can be sent across the Internet. PPTP and L2TP rely on the PPP connec-

tion process to perform user authentication and protocol configuration.

There are a few differences between the three protocols. First, when using PPTP, the data

encryption begins after the PPP connection process is completed, which means PPP

authentication is used. With L2TP/IPSec, data encryption begins before the PPP connec-

tion process by negotiating an IPSec security association. In SSTP, the session is encrypted

by SSL before authentication begins. In DirectAccess, communications are encrypted trans-

parently before user data begins to flow.

Second, PPTP connections use MPPE, a stream cipher that is based on the Rivest-Shamir-

Adleman (RSA) RC-4 encryption algorithm and uses 40-, 56-, or 128-bit encryption keys.

Stream ciphers encrypt data as a bit stream. L2TP/IPSec connections use the Data

Encryption Standard (DES), which is a block cipher that uses either a 56-bit key for DES or

ptg

three 56-bit keys for 3DES. Block ciphers encrypt data in discrete blocks (64-bit blocks, in

the case of DES). SSTP uses SSL with RC4 or AES. DirectAccess uses 3DES or AES.

Finally, PPTP connections require only user-level authentication through a PPP-based

authentication protocol. L2TP/IPSec connections require the same user-level authentica-

tion as well as computer-level authentication using computer certificates. In contrast, SSTP

and DirectAccess only require computer-level certificates for the VPN servers.

Table 24.2 compares some of the characteristics of the three tunneling protocols.

TABLE 24.2

Comparing VPN Protocols

Characteristics PPTP

L2TP/IPSec

SSTP

Encapsulation

GRE

L2TP over UDP

SSTP over TCP

Encryption

Microsoft Point-to- IPSec ESP with Triple Data

SSL with RC4 or AES

Point Encryption

Encryption Standard (3DES)

(MPPE) with RC4

or Advanced Encryption

Standard (AES)

Tunnel mainte-

PPTP

L2TP

SSTP

nance protocol

When user

Before encryption

After the IPSec session is

After the SSL session is

authentication

begins

established

established

occurs

860

CHAPTER 24

Server-to-Client Remote Access and DirectAccess

TABLE 24.2

Comparing VPN Protocols

Characteristics PPTP

L2TP/IPSec

SSTP

Certificates

None

Computer certificates on

Computer certificate on the

needed

both the VPN client and VPN

VPN server and root CA

server

certificate on the VPN client

Client

Windows 9x and

Windows 2000 and above

Windows Server 2008,

above

Windows XP SP3, and

Windows Vista SP1

Tunneling Within a Windows Server 2008 R2 Networking

Environment

For Layer 2 tunneling technologies, such as PPTP, L2TP, and SSTP, a tunnel is similar to a

session; both of the tunnel endpoints must agree to the tunnel and must negotiate config-

uration variables, such as address assignment or encryption or compression parameters. In

most cases, data transferred across the tunnel is sent using a datagram-based protocol. A

tunnel maintenance protocol is used as the mechanism to manage the tunnel.

Layer 3 tunneling technologies generally assume that all the configuration settings are

ptg

preconfigured, often by manual processes. For these protocols, there might be no tunnel

maintenance phase. For Layer 2 protocols (PPTP, L2TP, and SSTP), however, a tunnel must

be created, maintained, and then terminated.

After the tunnel is established, tunneled data can be sent. The tunnel client or server uses

a tunnel data transfer protocol to prepare the data for transfer. For example, as illustrated

in Figure 24.4, when the tunnel client sends a payload to the tunnel server, the tunnel

client first appends a tunnel data transfer protocol header to the payload. The client then

sends the resulting encapsulated payload across the internetwork, which routes it to the

tunnel server. The tunnel server accepts the packets, removes the tunnel data transfer

protocol header, and forwards the payload to the target network. Information sent

between the tunnel server and tunnel client behaves similarly.

Internet

PAYLOAD

HEADER

PAYLOAD

VPN Tunnel

PAYLOAD

VPN

Server

VPN Client

FIGURE 24.4

Tunneling payload through a VPN connection.

VPN Protocols

861

Point-to-Point Tunneling Protocol

The Point-to-Point Tunneling Protocol (PPTP) is a Layer 2 protocol that encapsulates PPP

frames in IP datagrams for transmission over the Internet. PPTP can be used for remote

access and router-to-router VPN connections. It uses a TCP connection for tunnel mainte-

nance and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP

24

frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted

and/or compressed. Figure 24.5 shows the structure of a PPTP packet containing user data.

ENCRYPTED

IP

GRE

PPP

PPP

HEADER

HEADER

HEADER

PAYLOAD

PPP FRAME

FIGURE 24.5

Structure of the PPTP packet.

ptg

Layer 2 Tunneling Protocol

Layer 2 Tunneling Protocol (L2TP) is a combination of the Point-to-Point Tunneling

Protocol (PPTP) and Layer 2 Forwarding (L2F), a technology proposed by Cisco Systems,

Inc. L2TP encapsulates PPP frames that are sent over IP, X.25, frame relay, and ATM

networks. The payloads of encapsulated PPP frames can be encrypted and/or compressed.

When sent over the Internet, L2TP frames are encapsulated as User Datagram Protocol

(UDP) messages, as shown in Figure 24.6.

UDP MESSAGE

IP

UDP

L2TP

PPP

PPP

HEADER

HEADER

HEADER

HEADER

PAYLOAD

PPP FRAME

L2TP FRAME

FIGURE 24.6

Structure of the L2TP packet.

862

CHAPTER 24

Server-to-Client Remote Access and DirectAccess

L2TP frames include L2TP connection maintenance messages and tunneled data. L2TP

connection maintenance messages include only the L2TP header. L2TP tunneled data

includes a PPP header and PPP payload. The PPP payload can be encrypted or compressed

(or both) using standard PPP encryption and compression methods.

In Windows Server 2008 R2, L2TP connections do not negotiate the use of PPP encryp-

tion through Microsoft Point-to-Point Encryption (MPPE). Instead, encryption is provided

through the use of the IP Security (IPSec) Encapsulating Security Payload (ESP) header

and trailer.

IP Security

IP Security (IPSec) was designed as an end-to-end mechanism for ensuring data security in

IP-based communications. Illustrated in Figure 24.7, the IPSec architecture includes an

authentication header to verify data integrity and an encapsulation security payload for

both data integrity and data encryption. IPSec provides two important functions that