Manualshelf

User`s guide

ManualsBrandsAMX ManualsComputer equipmentDESIGN XPRESS V 1.5 - PROGRAMMER GUIDE
241242243244245246247248249250
KwikNet PPP Option
K
A
DAK
233
File KN_PPPAA.C provides the authentication parameters for one user on a single PPP
network interface. You must edit this module to define the authentication parameters
which apply to each of your PPP network interfaces.
The KwikNet PPP network driver accesses these authentication parameters by calling the
KwikNet PPP administration function kn_ppp_admin() within module KN_PPPAA.C. You
must review this function and, if necessary, alter it to meet your specific requirements. A
description of this function is presented later in this chapter.
Security Issues
Since the PPP administration function kn_ppp_admin() is the funnel through which all
PPP authentication parameters flow, you may wish to enhance this function to include
security features to prevent unauthorized access to this critical information. For example,
your authentication parameters might be derived by reading the magnetic strip on an
authorization card.
If your network supports both local and peer authentication, you should use different
authentication parameters for the local network and its peer. If one set of parameters is
used to authenticate both, then the security provided by PPP is trivial to crack.
If your network supports multiple authentication protocols, you should use different
authentication parameters for each to avoid a security breach. Suppose that you use the
same passwords for both PAP and CHAP. Since PAP sends the password as unencrypted
text, a "rogue peer" could negotiate PAP to obtain the password and then use the
password as the secret for subsequent CHAP negotiations with a more secure
authenticator.
For more information on PPP security issues, refer to pages 66-68 in Carlson's book PPP
Design and Debugging (see Appendix A of the KwikNet TCP/IP Stack User's Guide).