Windows 98 전화 접속 네트워킹 보안 업그레이드 릴리스 (1998년 8월)

중요: 본 문서는 전문 번역가가 번역한 것이 아니라 Microsoft 기계 번역 소프트웨어로 번역한 것입니다. Microsoft는 번역가가 번역한 문서 및 기계 번역된 문서를 모두 제공하므로 Microsoft 기술 자료에 있는 모든 문서를 한글로 접할 수 있습니다. 그러나 기계 번역 문서가 항상 완벽한 것은 아닙니다. 따라서 기계 번역 문서에는 마치 외국인이 한국어로 말할 때 실수를 하는 것처럼 어휘, 구문 또는 문법에 오류가 있을 수 있습니다. Microsoft는 내용상의 오역 또는 Microsoft 고객이 이러한 오역을 사용함으로써 발생하는 부 정확성, 오류 또는 손해에 대해 책임을 지지 않습니다. Microsoft는 이러한 문제를 해결하기 위해 기계 번역 소프트웨어를 자주 업데이트하고 있습니다.

이 문서가 보관되었습니다. "그대로" 제공되었으며, 업데이트가 되지 않을 것입니다.
참고: 이 문서에는 목적으로만 것입니다. 문제 해결 정보는 포함하지 않습니다. 문제 해결 이 문서에서 설명하는 정보를 검색 중인 경우 다음 Microsoft 기술 자료 문서에 나열된 키워드를 사용하여 Microsoft 기술 자료를 다시 검색:
242450키워드를 사용하여 Microsoft 기술 자료 쿼리 방법
이 문서에서는 Windows 98 전화 접속 네트워킹 보안 업그레이드 릴리스 정보를 1998년 8월에서 에서 복사본이 들어 있습니다.
추가 정보
Microsoft(r) Windows(r) 98 Dial-Up Networking Security UpgradeRelease Notes1. INTRODUCTION===============This security upgrade for Windows 98 Dial-up Networking is designed toenhance the protection of both dial-up and VPN connections by strengtheningseveral aspects of password management and data encryption.1.1 INSTALLATION NOTES======================Execute the Dun40.exe file and follow the instructions it displays. At theend of the installation process you will be required to reboot your PC.1.2 MSCHAP V2=============A new MSCHAP secure mode (MSCHAP V2) has been implemented, providing mutualauthentication, stronger initial data encryption keys, and differentencryption keys for the transmit and receive paths.To minimize the risk of password compromise during MSCHAP exchanges, MSCHAPV2 drops support for the MSCHAP password change V1, and will not transmitthe LM password response.For VPN connections, a Windows NT 4.0 server (updated as described below)will negotiate MSCHAP V2 before negotiating the original MSCHAP. An updatedWindows 98 client will accept this offer and use MSCHAP V2 as theauthentication method. To ensure that no VPN clients authenticate usingMSCHAP, the server can be set to require MSCHAP V2. This will preventlegacy clients from presenting their credentials in an MSCHAP or PAP orCHAP exchange, and is a likely configuration for networks that require themost secure authentication method.1.3 SECURE VPN MODE===================If there are special circumstances in which you wish to ensure that your PCuses only the new MSCHAP V2 for all VPN connection attempts, a newclient-side registry flag, SecureVPN, can be used to force this behavior.When this flag is set, your PC will only accept MSCHAP V2 authenticationfor any VPN connections. In addition, this flag will require dataencryption for all VPN connections. Dial-up connections are not affected.   NOTE: Most users will not need to use the Secure VPN flag. This flag   should be used with care because it will affect the behavior of all VPN   connections from your machine. In general, the required use of MSCHAP V2   and data encryption can be enforced more easily on the server.The registry setting which will force a Windows 98 client to use only thenew MSCHAP V2 secure mode and require data encryption for PPTP connectionsis defined below. By default, this registry variable is absent, meaning "donot force secure mode on PPTP connections". The value of this variable ischecked just before a connection is attempted.      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess      DWORD: SecureVPN      Value: 0x00000001 == Force secure mode (MSCHAP V2 plus data                           encryption) on all PPTP connections      Value: 0x00000000 == Do not force secure mode on PPTP connections                           (default)1.4 LM RESPONSE SUPPRESSION===========================This release also provides a new registry variable which prevents theclient from sending the LM response to a legacy MSCHAP challenge, asdefined below. By default, this variable is absent, meaning that the clientshould send the LM response (in order to maintain compatibility with legacyservers). This variable affects both dial-up and VPN connections; its valueis checked just before a connection is attempted.      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess      DWORD: UseLmPassword      0x00000001 == Send LM challenge response (default)      0x00000000 == Do not send LM challenge response (send only NT                    challenge response)1.5 FORCING STRONG ENCRYPTION=============================Windows 98 Dial-up Networking already supports a checkbox to requireencryption for a specific connection. Clients which support 128-bitencryption will accept any level of encryption (128-bit or 40-bit) offeredby the server. This upgrade provides a new registry flag,ForceStrongEncryption. When set, this flag will require 128-bit encryptionfor any connection which has already been set to require encryption. (Inother words, setting the new registry flag essentially changes the meaningof the existing checkbox from "require encryption" to "require strongencryption".)   NOTE: As originally installed, Windows 98 Dial-up Networking supports   40-bit encryption. An optional upgrade will be available to users in   North America which adds the ability to support 128-bit encryption as   well.The registry flag which forces strong encryption is defined below. Bydefault, the flag is absent. The value of this flag is checked just beforea connection is attempted.      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess      DWORD: ForceStrongEncryption      0x00000001 == Requires 128-bit encryption for any connection which                    already requires encryption      0x00000000 == No effect; does not force strong encryption (default)1.6 SERVER UPDATES==================This upgrade is fully compatible with legacy Dial-up and PPTP systems.However, in order to benefit from MSCHAP V2, both the client and servermust support this new mode. Server support for MSCHAP V2 is included inWindows NT 4.0 Service Pack 4. For more information, please see thefollowing article in the Microsoft Knowledge Base.   ARTICLE-ID: Q152734   TITLE     : How to Obtain the Latest Windows NT 4.0 Service PackServers running the Routing and Remote Access Upgrade should first applythe above, and then also apply rras30-fix from the same location.   NOTE: RAS and PPTP servers must be maintained to current Windows NT   Service Pack levels. A Windows 98 client machine may not connect to a   Windows NT Server that has not been updated to Service Pack 3 or above.1.7 OTHER CHANGES=================The details section of the connection status display has been modified toidentify the specific form of CHAP that was used in the connection.Standard CHAP is displayed as "Challenge Authentication Protocol"; legacyMSCHAP is displayed as "Microsoft Challenge Authentication Protocol"; andMSCHAP V2 is displayed as "Microsoft Mutual Challenge AuthenticationProtocol".1.8 REMOVING THIS UPDATE========================IMPORTANT: This section is different from the same section in the ReleaseNotes that is available with the Windows 98 Dial-Up Networking SecurityUpgrade.This security upgrade does not provide its own uninstall program. If youwish to remove the upgrade, you can accomplish this by removing andre-installing Dial-up Networking as a whole. If you installed Windows 98 asan upgrade, this process may ask for your original Windows 98 CD. If youhave defined connections in the Dial-up Networking folder, these will notbe lost. However, all information regarding ISDN devices (including switchtype and spid) will be lost, so you should record this information beforeproceeding. (ISDN information can be created or reviewed by running theISDN Setup Wizard which can be found in the Start -> Programs ->Accessories -> Communications menu.)Perform the following steps to uninstall Dial-Up Networking:1. In Control Panel, double-click the Add/Remove Programs tool, click the   Windows Setup tab, click Communications (do not click the check box,   click the word "communications"), and then click Details.2. Click the Dial-Up Networking check box so that it is no longer selected,   click OK, and then click OK again. Please note that this removes VPN as   well.3. When prompted to restart your computer, click No.4. Click the Start button, point to Find, click Files or Folders, and then   click the Name And Location tab.5. In the Named field, find and delete the following files from the   Windows\System folder:      Pppmac.vxd      Rasapi32.dll      Rnaapp.exe6. Close the Find dialog box.7. In Control Panel, double-click the Add/Remove Programs tool, click the   Windows Setup tab, click Communications (do not click the check box,   click the word "communications"), and then click Details.8. Add Dial-Up Networking and VPN, click OK, and then click OK again.9. Restart your computer when prompted.				
98 dun relnote

경고: 이 문서는 자동으로 번역되었습니다.


문서 ID: 189771 - 마지막 검토: 01/09/2015 12:21:15 - 수정: 1.3

Microsoft Windows 98 Standard Edition

  • kbnosurvey kbarchive kbmt kbinfo kbreadme KB189771 KbMtko