Please enable JavaScript.

Coggle requires JavaScript to display documents.

VPN - Coggle Diagram

- - - - Extensible Authentication Protocol (EAP)
        
        EAP was designed specifically with PPTP and is meant to work as part of PPP. EAP works from within PPP’s authentication protocol. It provides a framework for several different authentication methods. EAP is meant to supplant proprietary authentication systems and includes a variety of authentication methods to be used, including passwords, challenge-response tokens, and public key infrastructure certificates.
      - CHAP
        
        What makes CHAP particularly interesting is that it periodically repeats the process. This means that even after a client connection is authenticated, CHAP repeatedly seeks to re-authenticate that client, providing a robust level of security.
  - - - MS-CHAP
        
        As the name suggests, MS-CHAP is a Microsoft-specific extension to CHAP. Microsoft created MS-CHAP to authenticate remote Windows workstations. The goal is to provide the functionality available on the LAN to remote users while integrating the encryption and hashing algorithms used on Windows networks.
      - SPAP
        
        Shiva Password Authentication Protocol (SPAP) is a proprietary version of PAP. Most experts consider SPAP somewhat more secure than PAP because the username and password are both encrypted when they are sent, unlike with PAP. However, SPAP is still susceptible to playback attacks (that is, a person records the exchange and plays the message back to gain fraudulent access). Playback attacks are possible because SPAP always uses the same reversible encryption method to send the passwords over the wire.
      - Kerberos
        
        Kerberos is one of the most well-known network authentication protocols. It was developed at MIT and it’s named from the mythical three-headed dog that guarded the gates to Hades.
      - PAP
        
        Password Authentication Protocol (PAP) is the most basic form of authentication. With PAP, a user’s name and password are transmitted over a network and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted. However, the transmissions of the passwords are in clear text, unencrypted, the main weakness with PAP. The basic authentication feature built into the HTTP protocol uses PAP. This method is no longer used and is only presented for historical purposes.
- - - - The information below covers what is required to set up a VPN connection on a VPN gateway device using IPsec. It is not really aimed at any specific vendor and is fairly generic.
      - To start with, you would need to decide how you are going to authenticate both VPN peer devices to each other. You need to either agree upon a Pre-shared key or install digital certificates. This is used for authentication and to ensure the VPN gateway devices are authorised. This would prove their identities to each other. Both gateways must use the same type of credentials, so either both sides will use pre-shared keys or both sides will use digital certificates. Also if you are using pre-shared keys, then both keys would have to match.
      - Phases
        
        phase 1
        
        VPN's are configured and processed in two phases, phase 1 and 2. In phase 1, you would use Main mode or Aggressive mode to set up a secure and encrypted channel, to protect your phase 2 negotiations.
        
        phase 2
        
        In phase 2, using Quick mode, you would establish the IPsec Security Association (SA). Here, you would tell the gateway what traffic you will be sending over the VPN, how to encrypt and authenticate it.