If PPP is used for dial-up access, then authentication will be provided by one of the following protocols: EAP (recommended); CHAP with MD5; or MS-CHAP with MD4.

Part of Authentication method approved for PPP

Associated with IA controls: ECSC-1

SV-22008r2_rule If PPP is used for dial-up access, then authentication will be provided by one of the following protocols: EAP (recommended); CHAP with MD5; or MS-CHAP with MD4.

Vulnerability discussion

PPP provides authentication methods such as Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), and Microsoft Challenge Handshake Authentication Protocol (MS-CHAP). These protocols are used for authentication at the Data Link Layer—that is, between the remote client and the remote access server. These methods provide the means for the remote client to send logon userid and password information to the remote access server. These two security features working together help to ensure data transfer security in the PPP network.

Check content

Review the configuration for the RAS . Verify use of an approved encryption algorithm if PPP is used for remote access.

Fix text

Ensure that an accepted method of encryption to authenticate the remote node is used (e.g. CHAP with MD5 or MS-CHAP with MD4).

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.