0blivion1:(NT-RAS.txt):15/03/2000 << Back To 0blivion1


+------------------------------------------------------+ ▌ Oblivion Underground Magazine - Issue 1 - 15/03/2000 ▌ ▌ Windows NT Remote Access by Cyber0ptix ▌ ▌ E-Mail : cyberoptix@email.com ▌ +------------------------------------------------------+ This article has appeared in SWAT 26 written by me so I thought i'd include it in here for you to read if you missed it the first time. ---------------------------------------- [Windows NT Remote Access - by cyber0ptix] ---------------------------------------- Remote Access is a way of ataching a PC to a remote computer or LAN via a Wide Area Network (PSTN, ISDN, X25 etc) connection to gain access to a remote computers system resources. There are two forms of remote access. - Remote Control, where the users PC takes control of a remote host running the same software (e.g. PC anywhere, Back Orrifice) - Remote Node, where the users PC attaches to a remote computer or network via a server, in a similar way to a local LAN connection. -------------- [Windows NT RAS] -------------- Remote Access Service (RAS) is offered, as a part of Windows NT, for both servers and workstations and is a remote node of remote access. The RAS dial-out client is also known as Dial-Up-Networking (DUN) in windows NT 4.0 and Windows 95-98, but is simply called RAS in earlier versions of Windows NT. RAS allows a workstation to dial up and conneect to a RAS server, and if configured to do so, then gain access to the remaining network. RAS can also be configured to restrict access only to the server to which the workstation dials and connects. RAS mainly uses the PPP (Point to Point Protocol) for negotiating and establishing a connection, but can also be configured to use SLIP, but only as a client dialing out, not as a server waiting for connections. Once a workstation is connected via RAS, it can map drives, print to network printers, exchange files, run email clients, and generally gain access to the network just as if it was a workstation connected directly to the network. The only difference is that response tends to be slower for data transfers. Figure 1 illustrates a RAS remote node connection. [Figure 1] (Telephone Line) ----[MODEM]/\/\/\/\/\/\/\/\/\/\/\/\/\/\/[MODEM]---- | | | | | | ------- ------- |*******| |*******| |*******| |*******| ------- ------- ------- ------- | - -- | | - -- | ------- ------- NT RAS SERVER RAS CLIENT Windows NT RAS supports ISDN, a null modem, X.25, and asynchronous transmissions via a modem on dial-up or leased lines. If the leased line modem does not work with Windows NT RAS. RAS may work if it treats the leased line like a null modem. ------------------------------ [Remote Control v's Remote Node] ------------------------------ RAS provides remote node functionality to RAS clients such that the remote users have completely transparent access to all network and local resources just as if they were directly connected to the network. Applications run on the remote users PC, utilizing its CPU. The best applications for remote node are word proccessing and spreadsheet applications since the data transferred tends to be small, and so uses limited bandwidth. Also, these applications are flexible in the way that they allow the user to work wile disconnected from the network. Remote Control is the ability to connect to a remote host computer and have its graphical user interface (GUI) transmitted to your screen so that you use whatever programs are running on it, just as if you were sitting infront of that computer. In this scenario, presentation data (display, keyboard and mouse movement) are exchanged on the wire. The application logic is executed on the host PC, while the remote users PC executes the remote control software in order to access and maintain a connection to the host PC. Currently, remote control functionality is only available in third party software programs for Windows-based computers. Some examples of remote control software are PC Anywhere, Remotely Possible, Reachout Remote and the latest versions of LapLink also have this capability. The main difference between remote node and remote control is that in remote node, the application executes on the remote workstation and that data travels between the remote computer and network consists of files that are transfered or printed, or electronic messages. In remote control, the data that travels between the remote computer and the network is the GUI. --------------------------- [RAS Protocols: PPP and SLIP] --------------------------- Point to Point Protocol (PPP) and Serial Line Internet Protocol (SLIP) are most commonly used over analog lines, but also over ISDN and high speed lines, to provide a node-to-network connection. Some routers use these protocols to connect two networks from router to router. SLIP is a legacy UNIX communications standard. It provides a remote node connection between a workstation and a network or in router-to-router network connections. SLIP does not have the encyption capability of PPP. Neither does it automatically negotiate the connection when connecting to a network. Instead, user intervention is required. SLIP works at the Pysical Layer of the OSI stack, so does not provide either error control or security. N.B Windows NT RAS can be configured as a client for, but cannot be a server for SLIP. PPP is the successor of SLIP. Again, it provides remote node-to-network or router-to-router connections over telephone lines and modems, ISDN and high speed links. PPP improved on slip by functioning at both the Physical and Data Link Layers, thereby being capable of providing error control, security, dynamic IP addressing, and support for multiple protocols. Within the Data Link Layer, the MAC (Media Access Control) portion handles the physical addressing of the device, and the LLC (Logical Link Control) portion handles the error control for connection services. The PPP frame consists of six fields, FLAG, ADDRESS, CONTROL, PROTOCOL, DATA and FRAME CHECK SEQUENCE. The FLAG field is one byte 01111110, indicating the begining or ending of a frame. The ADDRESS field is a signle byte 11111111, which is the standard broadcast address since PPP does not allow specific station addresses. The CONTROL field is a single byte 00000011 that sets up transmission of data in an unsequenced frame. The PROTOCOL field is two bytes identifying the protocol. The DATA field is a variable-length datagram for the appropriate protocol of the data being sent. Default size for the DATA field is 1500 bytes. The FRAME CHECK SEQUENCE field, used for error handling is either two bytes, or four bytes if set up for better error detection. Figure 2 shows the format of a PPP frame. [Figure 2] A PPP Frame diveded by Fields: Numbers represent the length of each field in bytes 1 1 1 2 Variable Length 2 -------------------------------------------------------------------------- [ FLAG | ADDRESS | CONTROL | PROTOCOL | DATA | FCS ] -------------------------------------------------------------------------- Multi-Link PPP is the protocol that allows RAS to use more than one comms link to gain access to network recources. It can be used to allow multiple modem links to be aggregated to increase the bandwidth of analogue connection, but is most often used with ISDN to allow the bonding of two bearer channels to give fast access ( 2 x 64k = 128kbps) to ISPs that support ISDN. N.B. Remote Access Protocols are defined in Requests for Comments (RFC's) which are published on the internet eg RFC 1661,2 define the PPP Link control protocol. RCF 1990 is the Multilink Protocol document. ----------- [RAS Servers] ----------- Windows NT Remote Access Service offers PPP as the default connection type for remote nodes. PPP is protocol independent and can be used with any of Windows NT native protocols: NetBEUI, NWLINK (IPX/SPX) and TCP/IP. PPP is also the default client type for Dial-up Networking and for the older RAS client in older versions of Windows NT. Internet Service Providers (ISPs) commonly use PPP as the protocol for Dial-up connections. The ymay also use SLIP for Dial-up connections if the ISPs servers are *NIX based. In order to create a connection to an ISP using Windows 95 or Windows NT, TCP/IP and Dial-Up Networking/Remote Access Client must be installed. A local area network can conect to an ISP using a leased lineor other high speed access connection type. In that scenario, TCP/IP is routed directly over the line to the Internet. Both Windows NT and Windows 95 support all the protocols needed to connect to an ISP, including their native 32-bit implementations of TCP/IP and PPP or the SLIP client. In addition, both operating systems offer basic FTP and Telnet clients, which are used to download files and Access Internet Telnet Servers. ---------------- [Security and RAS] ---------------- After physically connecting to a remote server or host computer the user must be authenticated before being granted access to network recources. Security is a major concern when remote access to computer networks is required, especially when accessing via the Internet. Many techniques are employed to ensure data remains safe from attack. Password Authentication and Encryption are used to prevent illegal logons to servers. Valid users are given a password and to prevent this being intercepted it is normally encrypted. NT PPP supports various authentication methods with different levels of security including PAP (Password Authentication Protocol), and CHAP (Challenge Handshake Authentication Protocol). PPP allows automated login to a network without the lengthy dialogue script of SLIP. Call Back is another technique, supported by NT, which allows the server to dial back to the calling modem or ISDN adapter to restrict access to known user locations. It also passes the cost of dial in calls on to the company rather than the telecommuter. CLI (Caller Line Identification) is also being used by ISPs to restrict users on a particular telephone number. Another mothod of ensuring privacy accross the Internet is a technique called tunneling. --------------------------------------- [Tunneling and Virtual Private Networks] --------------------------------------- Tunnelling a protocol refers to the ability to route a protocol, such as IPX over a network that uses a different protocol, such as TCP/IP. The result is a connection between two networks that uses the networks native protocol, IPX, but which is encapsulated and transmitted in a TCP/IP packet format. In response to public demand, Microsoft created Point to Point Tunnelling Protocol (PPTP). This protocol tunnels the point-to-point Protocol (PPP) over an IP netowrk to create a network connection. The primary use for this capability is to use the internet as a network connection. Like a standard tunnel system, PPTP encapsulates the packets of information (IP, IPX or NetBEUI) within IP packets for transmission through the internet. At the destination the IP packet encapsulation is discarded, and the original packets are forwarded to their appropriate destinations. Both encryption and Authentication are used in PPTP. Encryption of the transmitted data protects the data. Authentication is used to verify the identity of the user in order to grant network recources. Once connected via PPTP, a remote user has a virtual connection to the network. It is transparent in that the end user may use network recources as if they were connected directly to the network. The use of PPTP, in effect, creates a Virtual Private Network (VPN). This is sometimes refered to as an ExtraNet, and is a form of an ExtraNet, but is not limited to WWW or FTP applications. Unlike the Internet, a VPN is not wide open, even though it used the Internet as a backbone network. It is, in fact, virtually private. VPN can be accomplished using tunneling protocols, since the data is encapsulated the way it is, it is secure. Right that is the end of my first ever text file!!! Hope it helps you, the readers, understand Remote Access networking and how it works. cyber0ptix ---------- Email: cyberoptix@email.com