Remote Access

As telecommuting increases, users must be able to access NT servers and domains from remote locations, and do so securely. Remote users may connect directly through dial-up modems and ISDN adapters over telephone company facilities, or indirectly through an Internet service provider (ISP) and the Internet. Either way, NT must be able to authenticate that user reliably and then exchange data with that user with integrity and privacy. As we explained in the earlier discussion of the login process, NT logins don't involve the exchange of cleartext passwords or any other cryptographic secret over private or public networking facilities. The use of nonces and encrypted responses help prevent casual interception and replay of the authentication process. However, once NT authenticates a user, there still remains the problem of communicating securely between the server or servers and the remote client across public facilities. Remote Access Service (RAS) offers a configurable option for encrypting data exchanges between the RAS server and the remote client using Point-to-Point Tunneling Protocol (PPTP). Since it is an option, users and network administrators can, by invoking the Network applet on NT's Control Panel, choose between cleartext and encrypted sessions. Designed for users that connect through ISPs, Microsoft developed PPTP in cooperation with 3Com/U.S. Robotics, Ascend Communications, Copper Mountain Networks, and ECI Telematics. Microsoft has submitted its specification to the Internet Engineering Task Force (IETF) as an Internet Draft. The protocol uses a hashed version of the user's password to set up session keys and establishes a secure tunnel for IP, IPX, and NetBEUI connections across the Internet. For more information about PPTP, see the Network Strategy Report "NT Server 4.0."