Page 397 - StudyBook.pdf
P. 397

Infrastructure Security: Devices and Media • Chapter 6  381

                         4. As seen in Figure 6.7, dialing a large range like this can take a
                             very long time. Normally it is best to do only a small range at a
                             time and span it over a number of days. After answering Y to the
                             “Begin dialing sequence” question, the dialer begins dialing
                             every number in the range and creates a report showing which
                             numbers have modems connected.




                 RAS


                 RAS is a common method of allowing users of a corporate network to access net-
                 work resources either from home or on the road.This is another network feature
                 that provides additional functionality while increasing the risk of security breaches
                 of the network.A security professional’s job is to minimize this risk and still pro-
                 vide the necessary services that users need to perform their duties.
                    RAS servers typically have an array of modems and dial-in lines available for
                 users to connect through.They provide some form of authentication and then con-
                 nect the user to the corporate network as if their system was physically located on
                 the local area network (LAN).The authentication for RAS servers is typically done
                 with Challenge Handshake Authentication Protocol (CHAP), Microsoft Challenge
                 Handshake Authentication Protocol (MS-CHAP), Password Authentication
                 Protocol (PAP), Secure Password Authentication Protocol (SPAP), or Extensible
                 Authentication Protocol (EAP). CHAP and MS-CHAP are more secure than PAP
                 or SPAP as they do not send an actual password to the RAS server. EAP offers
                 additional features in that it can be configured to accept a plethora of third-party
                 authentication methods, which could include Smart Cards, Kerberos, or biometric
                 authentication. (Additional information on CHAP can be found in Chapter 3.)
                    Most RAS servers offer additional security features such as mandatory callback.
                 This feature requires users to connect from a number the administrator has entered
                 into the system.After initial connection and authentication, the server disconnects
                 and dials the user’s callback number.The user’s system is then required to answer
                 this call to complete the connection process. Some RAS servers use caller ID to
                 identify the number the user is connecting from and then to either authorize the
                 connection based on the number or log it.
                    RAS servers also allow technicians to implement security features that control
                 the protocols available to communicate with their corporate network. For example,
                 they can block protocols not in use within the network such as Internetwork




                                                                              www.syngress.com
   392   393   394   395   396   397   398   399   400   401   402