Tactical Security Inc’s Blog

PPP – An Overview

Point to Point links are physical or logical direct connections between two endpoints.  These connections are often dial-up or T-1 /E-1 connections.  These connections allow the exchange of bits between two end devices, but do not manage the flow of data.  Imagine two people sending a file via a dial-up modem.  Now imagine that the file in question is a large 100KB data file.  A file that large on dial up is likely to take forever and the chances of there being no transmission errors during the entire duration of the transmission is very small.  Without a framing protocol the entire file would have to resent every time there was a single bit error on the line.  With framing, the missing bit can be detected and a single frame, or chunk, of the file can be re-transmitted to replace frame containing the errored bit.

 Synchronous Data Link Protocol was developed by IBM in 1975 and was designed to carry SNA (IBM proprietary) protocols.  HDLC was the follow on protocol developed by the International Organization for Standardization (ISO).  HDLC lacked the ability to identify the contained data type and was later modified by Cisco to include a type field used to designate the upper layer protocols within the frame.  Cisco’s HDLC is not compatible with standard HDLC.

Point to Point Protocol (PPP) (RFC 1661) is today’s standardized framing protocol of choice.  PPP includes provisions for carrying numerous upper layer protocols and PPP further included provisions for an OSI Layer 2 authentication.  The lower the layer of the OSI model that authentication takes place, the more secure the system.  As an analogy think about the means used to authenticate a caller on your phone.  You might have caller ID, or you may ask the caller’s identity directly after greetings are exchanged.   Either way, your process (dinner perhaps) was interrupted, your phone rang, and a connection was established between an unknown remote entity and yourself.  Now, imagine requiring people to authenticate before they could ring your phone, thereby eliminating the unwanted evening caller.   Often computer systems authenticate at the Application Layer after a TCP connection has been established.  This can allow an unauthenticated user to disrupt your CPU and potentially gain unwanted access to your PC.  PPP can require authentication prior to establishing any upper layer communications.

The secret to this authentication lies in the fact that PPP is made of two families of protocols, Link Control Protocol (LCP) and Network Core Protocol (NCP).  LCP establishes and defines the Layer 2 connection, while NCP carries the upper layer protocols.

Prior to link establishment, both ends of the PPP link must send LCP packets and may require authentication.  The LCP packets negotiate such things as authentication requirements, encapsulation format, packet size, errors and link termination.  Once the parameters of the link have been established, NCP packets choose and configure at least one network layer protocol.  If PPP has been configured to require authentication – typically thru PAP, CHAP, or EAP – authentication success messages must be passed on the LCP link prior to passing of NCP packets.