Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Encrypting Wireless Data with VPN Techniques
Enabling Secure Internet Access with ISA Server
Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Chapter 12 Network Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Firewall Slides by John Rouda
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
1/28/2010 Network Plus Security Review Identify and Describe Security Risks People –Phishing –Passwords Transmissions –Man in middle –Packet sniffing.
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Mobile and Wireless Communication Security By Jason Gratto.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
WIRELESS LAN SECURITY Using
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Module 7: Implementing Security Using Group Policy.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Defining Network Infrastructure and Network Security Lesson 8.
Working at a Small-to-Medium Business or ISP – Chapter 8
Securing the Network Perimeter with ISA 2004
Security in Networking
Network Security: IP Spoofing and Firewall
ISMS Information Security Management System
Introduction to Network Security
Protection Mechanisms in Security Management
Presentation transcript:

Network Security

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)  RADIUS systems authenticate users on a client/server network  Used for dial-in, wireless, and Internet access  The server that hosts RADIUS is referred to as the Network Access Server (NAS)  The NAS stores user names and passwords and records user activity on the network

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Rogue Wireless Access Points  Rogue access point An unauthorized WAP that is installed on a network system. Rogue access point  can compromise wireless network security  Can be prevented by using a wireless intrusion prevention system (WIPS) or setting up an 802.1x system

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Authentication, Authorization, and Accounting (AAA)  Standard that is most common model used for network access  They dominant client/server security models that support AAA are RADIUS, TACACS+, and Diameter  Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Challenge Handshake Authentication Protocol (CHAP)  CHAP was designed to be used with PPP(Point to Point Protocol)- is a data link protocol used to establish a direct connection between two nodes.  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an enhanced version of CHAP and can only be used on Microsoft operating systems Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. How CHAP Works 1.Client connects to a remote system using PPP 2.Server sends a challenge to the client 3.Server (authentication agent) sends a key to the client so it can encrypt its user name and password 4.Client responds with a key that represents its user name and password 5.Server accepts or rejects client user name and password based on a matching encryption key

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Kerberos  Client and server authenticated to each other  Encryption key (encodes data) and decryption key (decrypts data) used for privacy

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Extensible Authentication Protocol (EAP)  Used for network access and authentication in a client/server environment when IP is not available  Sends clear text messages  Originally developed to be used with PPP  Also used for 802.1x wireless connections and for access and authentication to network switches

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Protected Extensible Authentication Protocol (PEAP)  Extension of EAP  Works by first establishing a secure connection using Transport Layer Security (TLS)  TLS provides encryption for the EAP connection and ensures data integrity

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Lightweight Extensible Authentication Protocol (LEAP)  An improved EAP standard developed by Cisco Systems for its line of Wireless Access Points (WAPs)  LEAP periodically re-authenticates the wireless connection  This ensures client is still the original authenticated client and connection has not been hijacked

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Security Implementations  Various measures include:  Installing latest software updates and patches  Setting up an account for daily administrative tasks  Changing the default administrator’s name  Educating system users in security practices

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Software Patches  Should be applied:  Immediately after installing new software  As they become available  Contain fixes that close security holes and fix software bugs  Periodically, Microsoft releases a service pack for its software and operating systemsservice pack

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Administrator Account  User provides password for default administrator account  Default administrator account name should be changed to better secure network  Ability to delete or rename the administrator account varies according to operating system

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. User Account Passwords  To make passwords more secure administrators should:  Set defaults for password histories, age, and length  Educate users about poor and secure passwords

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Poor Passwords  Poor passwords contain:  Words that are found in a dictionary  Names familiar to the password owner  Keyboard patterns  Social security numbers  Secure passwords are less vulnerable to hashing techniqueshashing A technique that relies on an algorithm or encryption device based on mathematical algorithms for guessing a password.

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Windows Server 2008 Password Policies

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall  Can consist of hardware, software, or a combination  Servers, routers, and PCs may be used  Designed to filter inbound and outbound flow of network packets based on factors such as  IP address  Port number  Software application  Packet contents  Protocol

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall Example

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Windows Firewall with Advanced Security

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Packet Filter  Stateless packet inspection Stateless packet inspection  Does not take into account packet sequence or missing packets  Aligns with layer 3 of the OSI model  Stateful packet inspection Stateful packet inspection  Applies a filter based on packet sequence  Detects missing packets  Aligns with layer 3 and 4 of the OSI model

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Application Gateway

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Content Filter  Configured to block specific Web sites or packet contents that contain specific terms  Administrator can control the list of terms  Can also incorporate protection from malware

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Circuit-Level Gateway  After connection is established, packet can flow freely between the two hosts  Packet sequence is encoded, making it difficult for intruders to access stream of data

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Demilitarized Zone (DMZ)  Can be created with a router or a server with three network adapters installed  When configured with a server  One network adapter connects to the Internet  A second network adapter connects to the DMZ  The third network adapter connects to the private section of the network

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Proxy Server  Can be configured to allow packets to flow into and out of the network if they meet certain conditions  Specific IP addresses  Certain protocols  Server names or URLs  May cache frequently visited Web sites, making it faster to access those Web sites

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Security Tools  Identify network security weaknesses  Probe network, searching for vulnerabilities  Some security tools used are  GFI LANguard  Netstat utility  Audit tools  Self-hack tools  Protocol analyzer Protocol analyzer  Packet sniffer Packet sniffer

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. GFI LANguard

Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. In class lab 1. Apply for a trial version of a digital certificate from a CA such as Verisign. After obtaining the digital certificate try it out with a classmate. 2. Labsim Roberts Lab 74 N EXT C LASS Labsim Homework

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.