This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to accompany the courseware may be copied, photocopied, reproduced, or re-used in any form or by any means without permission in writing from a director of gtslearning International Limited. Violation of these laws will lead to prosecution. All trademarks, service marks, products, or services are trademarks or registered trademarks of their respective holders and are acknowledged by the publisher. All gtslearning products are supplied on the basis of a single copy of a course per student. Additional resources that may be made available from gtslearning may only be used in conjunction with courses sold by gtslearning. No material changes to these resources are permitted without express written permission by a director of gtslearning. These resources may not be used in conjunction with content from any other supplier. If you suspect that this course has been copied or distributed illegally, please telephone or gtslearning. 5.2 Remote Access Services CompTIA Server+ Certification (Exam SK0-004)
Objectives Understand the use of encryption and hashing technologies and PKI Identify the use of protocols to configure a remote access server or VPN 5.2 Remote Access Services 396
Encryption o Scramble a message (plaintext) in such a way (ciphertext) that it can only be unscrambled with the key Confidentiality / privacy / integrity o Users cannot read the messages without the key o Users should be confident the message is as the sender composed it Authentication o Possessing the key might demonstrate that only the holder could have composed a message Digital Security 5.2 Remote Access Services 396
The same key is used both to encrypt and decrypt messages Referred to as secret key or single key Distribution of the key is difficult Symmetric encryption is not processor intensive – suitable for encrypting and decrypting large files quickly DES, AES, RC (Rivest Cipher), IDEA, Blowfish/Twofish, and CAST Key size Symmetric Encryption 5.2 Remote Access Services 396
Uses two linked keys (a key pair) – one to encrypt and the other to decrypt Referred as public key cryptography Public key is distributed to anyone Private key is kept secret by the owner Processor-intensive – only works well on short messages Often used for authentication and exchanging symmetric encryption keys securely Asymmetric Encryption 5.2 Remote Access Services 397
Means of vouching for a subject’s identity A Certificate Authority (CA) issues a Digital Certificates to a web server computer whose identity they have validated The digital certificate contains the server’s public key and is digitally signed by the CA Clients can use the public key to communicate with the server securely Clients can trust that the server is genuine if they trust the CA Clients are installed with the root certificates of CAs that they trust Public Key Infrastructure (PKI) 5.2 Remote Access Services 397
Cryptographic Hashes A hash creates a shorter fixed length digest from an original message A cryptographic creates a one-way digest – the original message cannot be recovered from the digest Secure Hash Algorithm (SHA-1 and SHA-2) Message Digest (MD5) 5.2 Remote Access Services 398
Remote Access Services (RAS) Tunneling / encapsulation Remote Access Services 5.2 Remote Access Services 398
Virtual Private Networks Host-to-site Site-to-site Host-to-host 5.2 Remote Access Services 399
Point-to-Point Protocol (PPP) PPP over Ethernet (PPPoE) Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) IPsec Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Remote Access Protocols 5.2 Remote Access Services 400
Remote Access Servers Dial-up o Configure user rights o Callback o Authentication o Encryption VPN RAS 5.2 Remote Access Services 401
RADIUS and TACACS+ 5.2 Remote Access Services 401
PAP and CHAP Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Standard authentication protocol for PPP Three-way handshake o Challenge o Response o Accept Handshake is repeated during the session to prevent replay MS-CHAP 5.2 Remote Access Services 402
EAP / IEEE 802.1X Extensible Authentication Protocol (EAP) Designed to provide for interoperable security devices and software o Supplicant o Authenticator o Authentication Server EAP-TLS (Transport Layer Security) Protected EAP (PEAP) EAP-TTLS (Tunneled Transport Layer Security) 5.2 Remote Access Services 403
Review Understand the use of encryption and hashing technologies and PKI Identify the use of protocols to configure a remote access server or VPN 5.2 Remote Access Services 405