For dial-up services, ensure remote endpoints and remote access servers are configured to use PPP instead of SLIP to provide client dial-up communication.

Part of SRC-RAS-010 Use of PPP for dial-up

Associated with IA controls: ECSC-1

SV-22007r1_rule For dial-up services, ensure remote endpoints and remote access servers are configured to use PPP instead of SLIP to provide client dial-up communication.

Vulnerability discussion

The most significant advantage PPP provides is authentication and configuration negotiation. With SLIP, the remote user must configure communication parameters such as maximum transmission unit (MTU) and maximum receive unit (MRU). In addition, SLIP does not support authentication; hence, chat scripts must be used to provide some form of authentication before SLIP is started. On the other hand, PPP negotiates the configuration parameters at the start of the connection to include which authentication method will be used, as well as all required transmission parameters.

Check content

Review the configuration for the RAS. Verify that PPP is used as the communication protocol that enables a remote computer to connect to a network over standard asynchronous serial lines.

Fix text

Ensure the RAS is configured to accept only communications protocols that use an accepted method of encryption to authenticate the remote node (e.g. CHAP with MD5 or MS-CHAP with MD4).

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.