Security
protocols protect a computer from attacks. To understand how security protocols
work, you must first understand what types of attacks they protect against.
Networks and data are vulnerable to both active attacks, in which information
is altered or destroyed, and passive attacks, in which information is
monitored. Attacks that you might encounter include the following:
Altering data
This
active attack takes place when data is interrupted in transit and modified
before it reaches its destination, or when stored data is altered. This passive
attack takes advantage of network traffic that is transmitted across the wire
in clear text. The attacker simply uses a device that monitors traffic and
"listens in" to discover information. You'll hear this term referred
to as sniffing the wire, and sometimes as snooping.
IP address spoofing
One
way to authenticate data is to check the IP address in data packets. If the IP
address is valid, that data is allowed to pass into the private network. IP
address spoofing is the process of changing the IP
address so that data packets will be accepted. IP address spoofing can be used
to modify or delete data, or to perpetuate an additional type of attack.
Password pilfering
A
hacker will obtain user IDs and passwords, or even encryption keys, to gain
access to network data, which can then be altered, deleted, or even used to
create another attack. This type of attack is usually done by asking
unsuspecting users, reading sticky notes containing passwords that are posted
next to computers, or sniffing the wire for password information. Sometimes a
hacker will attempt to get hired at a company merely to obtain an ID and
password with access rights to the network.
Denial of service
This
active attack is intended to cause full or partial network outages so that
people will not be able to use network resources and productivity will be
affected. The attacker floods so many packets through the network or through
specific resources that other users can't access those resources. The
denial-of-service attack can also serve as a diversion while the hacker alters
information or damages systems.
Virus
A
virus is an attack on a system. It is a piece of software code that is buried
inside a trusted application (or even an e-mail message) that invokes some
action to wreak havoc on the computer or other network resources.
|
Security Method
|
Type of Attack
|
Notes
|
|
Authentication
|
Password guessing
attacks
|
Verifies the user's
identity
|
|
Access control
|
Password pilfering
|
Protects sensitive
data from access by the average user
|
|
Encryption
|
Data alteration
|
Prevents the content
of the packets from being tampered with
|
|
Certificates
|
Eavesdropping
|
Transmits identity
information securely
|
|
Firewalls
|
Denial of service
(as well as others)
|
When configured
correctly, can prevent many denial-of-service attacks
|
|
Signatures
|
Data alteration
|
Protects stored data
from tampering
|
|
Public key infrastructure
|
Spoofing
|
Ensures that data
received is from correct sender
|
|
Code authentication
|
Virus and other code
attacks
|
Protects the
computer from altered executables
|
|
Physical security
|
Password pilfering
|
Protects unauthorized
persons from having access to authorized users and their IDs and passwords
|
|
Password policies
|
Password pilfering
|
Ensures that
passwords are difficult to guess or otherwise decipher
|
IPSec (Internet
Protocol Security)
IPSec
Is a set of protocols used to support secure exchange of packets at the IP
layer. IPsec supports two encryption modes: Transport and Tunnel.
Transport mode encrypts only the data
portion of each packet, but leaves the header untouched.
The more secure Tunnel mode encrypts both the
header and the data portion.
For
IPsec to work, the sending and receiving devices must share a public key. This
is accomplished through a protocol known as Internet
Security Association and Key
Management Protocol/Oakley, which allows the receiver to obtain a
public key and authenticate the sender using digital certificates. IPsec
protocols operate at the network layer, layer 3 of the OSI model. Other
Internet security protocols in widespread use, such as SSL and TLS, operate
from the transport layer up (OSI layers 4 - 7). This makes IPsec more flexible,
as it can be used for protecting both TCP and UDP based protocols
L2TP (Layer 2
Tunneling Protocol)
Layer 2 Tunneling Protocol is a tunneling
protocol used to support virtual private networks VPNs. L2TP is an extension to
the PPP protocol that enables ISPs to operate Virtual Private Networks. L2TP
combines the best features of two other tunneling protocols:PPTP
from Microsoft and L2F from Cisco Systems.
SSL (Secure Sockets
Layer)
Secure Sockets Layer is a protocol that
supplies secure data communication through data encryption and decryption. SSL
enables communications privacy over networks by using a combination of public
key, and bulk data encryption.
WEP (Wired Equivalent
Privacy)
Wired Equivalent Privacy is a scheme that is
part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11
wireless networks. Because a wireless network broadcasts messages using radio,
it is particularly susceptible to eavesdropping.
WEP was intended to provide comparable confidentiality to a traditional wired network and thus it does not protect users of the network from each other.
WEP was intended to provide comparable confidentiality to a traditional wired network and thus it does not protect users of the network from each other.
WPA (Wi-Fi Protected
Access)
A
security protocol for wireless networks that builds on the basic foundations of
WEP. It secures wireless data transmission by using a key similar to WEP, but
the added strength of WPA is that the key changes dynamically. The changing key
makes it much more difficult for a hacker to learn the key and gain access to
the network.
WPA2 (Wi-Fi Protected
Access 2)
WPA2
is the second generation of WPA security and provides a stronger encryption
mechanism through Advanced Encryption Standard (AES), which is a requirement
for some government users.
802.11x
IEEE
802.11 also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN
standards developed by working group 11 of the IEEE LAN/MAN Standards Committee
(IEEE 802). The term 802.11x is also used to denote this set of standards and
is not to be mistaken for any one of its elements. There is no single 802.11x
standard.
|
Protocol
|
Release Date
|
Op. Frequency
|
Data Rate (Typ)
|
Data Rate (Max)
|
Range (Indoor)
|
Range (Outdoor)
|
|
802.11a
|
1999
|
5.15-5.35/5.47-5.725/5.725-5.875
GHz
|
25 Mbit/s
|
54 Mbit/s
|
~25 meters
|
~75 meters
|
|
802.11b
|
1999
|
2.4-2.5 GHz
|
6.5 Mbit/s
|
11 Mbit/s
|
~35 meters
|
~100 meters
|
|
802.11g
|
2003
|
2.4-2.5 GHz
|
25 Mbit/s
|
54 Mbit/s
|
~25 meters
|
~75 meters
|
|
802.11n
|
2007
|
2.4 GHz or 5 GHz
bands
|
200 Mbit/s
|
540 Mbit/s
|
~50 meters
|
~125 meters
|
Identify authentication protocols:
CHAP (Challenge
Handshake Authentication Protocol)
Challenge
Handshake Authentication Protocol is a challenge-response authentication
protocol that uses the industry-standard Message Digest 5 (MD5) hashing scheme
to encrypt the response. CHAP is used by various vendors of network access
servers and clients.
MS-CHAP (Microsoft
Challenge Handshake Authentication Protocol)
MS-CHAP
Microsoft Challenge Handshake Authentication Protocol. MS-CHAP is a
nonreversible, encrypted password authentication protocol. The challenge
handshake process works as follows:
·
The
remote access server or the IAS server sends a challenge to the remote access
client that consists of a session identifier and an arbitrary challenge string.
·
The
remote access client sends a response that contains the user name and a
nonreversible encryption of the challenge string, the session identifier, and
the password.
·
The
authenticator checks the response and, if valid, the user's credentials are
authenticated.
PAP (Password
Authentication Protocol)
Password
Authentication Protocol uses plaintext passwords and is the least sophisticated
authentication protocol. It is typically negotiated if the remote access client
and remote access server cannot negotiate a more secure form of validation.
RADIUS (Remote
Authentication Dial-In User Service)
Is
an AAA (authentication, authorization and accounting) protocol for applications
such as network access or IP mobility. It is intended to work in both local and
roaming situations.
Some
ISPs (commonly modem, DSL, or wireless 802.11 services) require you to enter a
username and password in order to connect on to the Internet. Before access to
the network is granted, this information is passed to a Network Access Server
(NAS) device over the Point-to-Point Protocol (PPP), then to a RADIUS server
over the RADIUS protocol. The RADIUS server checks that the information is
correct using authentication schemes like PAP, CHAP or EAP.
If
accepted, the server will then authorize access to the ISP system and select an
IP address. RADIUS is also widely used by VoIP service providers.
Kerberos and EAP
(Extensible Authentication Protocol)).
An
authentication system, Kerberos is designed to enable
two parties to exchange private information across an open network. It works by
assigning a unique key, called a ticket, to each user that logs on to the
network. The ticket is then embedded in messages to identify the sender of the
message.
Extensible Authentication Protocol, or EAP, is a
universal authentication framework frequently used in wireless networks and
Point-to-Point connections. Although the EAP protocol is not limited to
wireless LANs and can be used for wired LAN authentication, it is most often
used in wireless LANs. Recently, the WPA and WPA2 standard has officially
adopted five EAP types as its official authentication mechanisms.
Smart Cards
Smart
cards are gaining in popularity as a way to ensure secure authentication using
a physical key. Smart cards are able to provide an interactive logon, secure
e-mail messages, and authenticate access to network services.
Smart
cards contain chips to store a user's private key and can also store logon
information; public key certificates; and other information, depending on the
smart card's usage. When a user needs to access a resource, the user inserts
the smart card into a reader attached to the network. After typing in the
user's personal identification number (PIN), the user is authenticated and can
access network resources. The private key is automatically available for
transparent access to encrypted information.
Smart
cards require Public Key Infrastructure (PKI), a method of distributing
encryption keys and certificates. In addition, each protected resource will
require a smart-card reader. Some implementations of smart cards combine the
smart card with employee badges so that employees need a single card for
building and network access.
Remote access protocols and services:
RAS (Remote Access
Service)
Remote
Access Service A service that provides remote networking for telecommuters,
mobile workers, and system administrators who monitor and manage servers at
multiple branch offices. Users with RAS can dial in to remotely access their
networks for services such as file and printer sharing, electronic mail,
scheduling, and SQL database access.
PPP (Point-to-Point
Protocol)
PPP
is based on an open standard defined in RFCs 1332, 1661, and 2153. PPP works
with asynchronous and synchronous serial connections as well as High-Speed
Serial Interfaces (HSSI) and ISDN interfaces (BRI and PRI).
PPP Components
PPP has many more features than HDLC. Like HDLC, PPP defines a frame type and how two PPP devices communicate with each other, including the multiplexing of network and data link layer protocols across the same link. However, PPP also does the following:
PPP has many more features than HDLC. Like HDLC, PPP defines a frame type and how two PPP devices communicate with each other, including the multiplexing of network and data link layer protocols across the same link. However, PPP also does the following:
·
Performs
dynamic configuration of links
·
Allows
for authentication
·
Compresses
packet headers
·
Tests
the quality of links
·
Performs
error detection and correction
·
Allows
multiple PPP physical connections to be bound together as a single logical
connection (referred to as multilink)
PPP has three main components:
·
Frame
format (encapsulation)
·
Link
Control Protocol (LCP)
·
Network
Control Protocol (NCP)
Each
of these three components plays an important role in the setup, configuration,
and transfer of information across a PPP connection.
SLIP (Serial Line
Internet Protocol)
An
older industry standard that is part of Windows remote access client to ensure
interoperability with other remote access software.
PPPoE (Point-to-Point
Protocol over Ethernet)
Point-to-Point
Protocol over Ethernet encapsulates PPP frames in Ethernet frames and is
usually used in conjunction with ADSL services.
It
gives you a lot of the familiar PPP features like authentication, encryption,
and compression, but there’s a downside—it has a lower maximum transmission
unit (MTU) than standard Ethernet does, and if your firewall isn’t solidly
configured, this little attribute can really give you some grief! Still
somewhat popular in the United States, PPPoE on Ethernet’s.
main
feature is that it adds a direct connection to Ethernet interfaces while
providing DSL support as well. It’s often used by many hosts on a shared
Ethernet interface for opening PPP sessions to various destinations via at
least one bridging modem.
PPTP (Point-to-Point
Tunneling Protocol)
Networking
technology that supports multiprotocol virtual private networks (VPNs),
enabling remote users to access corporate networks securely across the Internet
or other networks by dialing into an Internet service provider (ISP) or by
connecting directly to the Internet. The Point-to-Point Tunneling Protocol
(PPTP) tunnels, or encapsulates, IP, IPX, or NetBEUI traffic inside of IP
packets. This means that users can remotely run applications that are dependent
upon particular network protocols.
VPN (Virtual Private
Network)
Virtual
private network A remote LAN that can be accessed through the Internet by using
PPTP (see above)
RDP (Remote Desktop Protocol)
Remote
Desktop Protocol (RDP) is a multi-channel protocol that allows a user to
connect to a computer running Microsoft Terminal Services. Clients exist for
most versions of Windows (including handheld versions), and other operating
systems such as Linux, FreeBSD, Solaris Operating System and Mac OS X. The
server listens by default on TCP port 3389.
·
Version
4.0 was introduced with Terminal Services in Windows NT 4.0 Server, Terminal
Server Edition.
·
Version
5.0, introduced with Windows 2000 Server, added support for a number of
features, including printing to local printers, and aimed to improve network
bandwidth usage.
·
Version
5.1, introduced with Windows XP Professional, included support for 24-bit color
and sound.
·
Version
5.2, introduced with Windows Server 2003, included support for console mode
connections, a session directory, and local resource mapping.
·
Version,
6.0, introduced with Windows Vista and Windows Server includes a significant
number of new features, most notably being able to remotely access a single
application instead of the entire desktop, and support for 32 bit color.
0 comments:
Post a Comment