Windows NT RAS
Remote Access Service (RAS) allows remote access to networks and not remote control. Remote control uses a local computer as a terminal and keystrokes and other inputs are used to send inputs to the driver interface of the computer being attached to. Remote control allows too great a security risk to be used on NT networks since the WinLogon package could not be properly implemented. RAS may be installed from the control panel network applet, services tab. You will also need to configure a modem for telephone connections or a network adapter for ISDN or X.25. RAS is required for NT is you want to dial into a computer, but dial up networking (DUN) is only required to dial from a computer. If looking for the RAS monitor in the control panel, you may also want to check for the DUN monitor. It is installed from "My computer", "Dial-up networking".
RAS works on the following media:
- PSTN - Public switched telephone network using a modem.
- ISDN - Integrated services digital network treated like a network adapter. Normas ISDN service includes two 64-kilobit data channels (B channels) and 1 16-kilobit data channel (D channel). The D channel is used for control and management of the link.
- X.25 - Frame relay over leased line treated like a network adapter.
RAS supported protocols are:
- SLIP - Only TCP/IP can be used as a transport protocol with SLIP. Does not support dynamic IP address assignments. You must provide an IP address.
- PPP - Supports AppleTalk, IPX, TCP/IP, and NetBEUI as a transport protocol.
- TCP/IP - Use TCP/IP when running applications requiring the Windows sockets interface.
- NetBEUI - If the RAS gateway option is enabled, access to all NetBIOS network resources the RAS server has access to will be available even if those resources do not use NetBEUI as their transport protocol. This is because the RAS server will support these protocols.
Versions of NT before 3.5 supported RAS only using NetBEUI, but now IPX/SPX and TCP/IP connections are supported. NT RAS hosts only answer when PPP is used, but the other protocols are supported for dial out.
NT RAS supports:
- Point to point tunneling protocol (PPTP) for virtual private networking (VPN) over RAS. PPTP encrypts and encapsulates other networking protocols into TCP/IP packets to send them over the internet. It can encapsulate TCP/IP, IPX/SPX, or NetBEUI and send them over the internet, establishing a virtual network backbone for those protocols.
- Multilink allows a combination of serial lines to be used together to increase bandwidth of a connection. The calling and receiving host must have the same number and type of multilink connections. This is supported in any combination of connections by NT. This is based on RFC 1717.
- Callback feature - It can only call a single number which means multilink ability to a single number rather than to multiple numbers may be used with the call back feature. Two ISDN channels may share the same number which will allow the callback feature to be used with multilink ability.
RAS Authentification Methods
RAS requires authentication and can use one of the following methods. An ACL on the RAS server identifies users that have permission to use RAS services.
- CHAP (MD5) - Challenge handshake authentication protocol is supported for outbound connections.
- MS-CHAP (MD4) - Uses a Microsoft version of RSA message digest 4 challenge and reply protocol. It only works on Microsoft systems and enables data encryption. Selecting this authentification method causes all data to be encrypted.
- PAP - Password Authentication Protocol is a plain text password used on older SLIP systems. It is not secure.
- DES - Data Encryption Standard for older clients and servers.
- SPAP - Shiva PAP. Only NT RAS server supports this for clients dialing in.
Script programs may be needed to connect to non NT servers or UNIX servers. To set up a script see the SWITCH.INF file and the help information. Connection logging may be enabled in the system registry at:
Setting the above value to 1 enables connection logging which is recorded in the \WINNT40\SYSTEM32\RAS\DEVICE.LOG file which stores all serial communications.
RAS user administration is done using the Remote Access Administration Administrative tool. The callback feature is enabled at the User menu of Remote Access Admin or the properties dialog box of the dial-in button of a user account in User Manager. The modem.inf file may be used to automate the login to an ISP server
Telephony Application Programming Interface (TAPI) is a set of standards that manage dial up functions. Dial Up Networking is compliant with TAPI In the Control Panel, the Telephony applet may be used to configure TAPI properties which include area code, the number dialed for an outside line. Also some modem parameters may be configured here. The number of data bits and other options may be set. The type of access such as SLIP, PPPP, or PPTP may be selected here.