Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Access Control Methodologies
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures
Virtual Private Networks
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
Virtual Private Network
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
Understanding VPN Concepts Virtual Private Network (VPN) enables computers to –Communicate securely over insecure channels –Exchange private encrypted.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
1 L2TP OVERVIEW 18-May Agenda VPN Tunneling PPTP L2F LT2P.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Chapter 13 – Network Security
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
Remote Access Chapter 4. IEEE 802.1x An internet standard created to perform authentication services for remote access to a central LAN. An internet standard.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Virtual Private Network. VPN In the most basic definition, VPN is a connection which allows 2 computers or networks to communicate with each other across.
Security fundamentals Topic 7 Securing network communications.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Privilege Management Chapter 22.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Module 9: Configuring Network Access
Virtual Private Networks
Microsoft Windows NT 4.0 Authentication Protocols
Remote Access Lecture 2.
Radius, LDAP, Radius used in Authenticating Users
CompTIA Security+ Study Guide (SY0-401)
Presentation transcript:

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Remote Access Connection, Authentication, Authorization Chapter 11

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Layer 2 Tunneling Protocol (L2TP) Mandatory access control (MAC) Point-to-Point Tunneling Protocol (PPTP) Remote Access Server (RAS) Role-based access control (RBAC) Rule-based access control (RBAC)

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Remote Access Process Requires two things: –A temporary network connection –A series of protocols to negotiate privileges and commands To establish proper privileges, three steps are used: –Authentication –Authorization –Accounting

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionIdentification The process of assigning a computer ID to a specific user, computer, network device or computer process. User IDs should not be shared or descriptive of job function. Links the logon ID or user ID to previously assigned credentials.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionAuthentication The process of binding a specific ID to a specific computer connection Four categories of secrets are used: –What users know (password) –What users have (tokens/key cards) –What users are (biometrics) –What users do

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionKerberos A network authentication protocol designed for the client/server environment. Uses tickets in a two-step process with the client. –An authentication server issues a ticket-granting ticket to the client. –The ticket is then presented to a Kerberos server to request a ticket granting access to that server. –The server the issues a client-to-server ticket to the client. The entire session is encrypted.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Kerberos Operations

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionTokens A hardware device that counts as both something-you- have and something-you-know. A number is displayed on the screen that is used in conjunction with a user ID. The number changes at a constant interval. Even if someone finds the token, they won’t know the corresponding user ID.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition One-Time Password Generator Token

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionMultifactor Uses more than one authentication mechanism at the same time. Examples include: –Biometric scanners and a PIN –Hardware tokens –ATM card and a PIN Increase the level of security, as multiple methods would need to be spoofed accurately and simultaneously.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Single Sign-On One authentication method works for every system that a user needs to access. Reduces login hassles: –Fewer usernames and passwords to remember Inherently less secure: –If a login is compromised for one system, all systems the user can access are also compromised

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Access Control Access is the ability of a subject to interact with an object. An access control matrix shows what can be accessed by whom.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Models of Access Control Discretionary access control (DAC) Mandatory access control (MAC) Role-based access control (RBAC) Rule-based access control (RBAC)

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Discretionary Access Control The owner of an object can decide what other subjects can access the object and what specific access they may have. Often use access control lists

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Mandatory Access Control The operating system decides what access will be granted to an object, based on its label. Every subject and every object in the system has a label, and they must match before access is granted. –For example, a subject with a “secret” label cannot access an object with a “top-secret” label.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Role-Based Access Control Users are assigned a set of roles that they can perform. Each role is assigned the access permissions needed to carry out its function. Simplifies access control: people who need the same level of access are assigned to the same role, instead of having to give them all permission individually.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Rule-Based Access Control The ACL contains a series of rules, and these rules are used to determine whether or not access to a resource is granted. Can be used in addition to other access control methods or as a stand-alone method.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Authentication Protocols Numerous authentication protocols exist. Some of them include: –L2TP and PPTP –PPP –EAP –CHAP –SSH

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition L2TP and PPTP Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP) are both OSI Layer 2 tunneling protocols. Tunneling is the encapsulation of one packet within another: –This allows you to hide the original packet from view –Provides greater security

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionPPP Point-to-Point Protocol (PPP) is an OSI Layer 2 protocol used to connect devices. Used for establishing dial-in connections over serial lines or Integrated Services Digital Network (ISDN) services. Has several authentication mechanisms: PAP, CHAP, and EAP.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionPPTP An extension of PPP that enables the creation of virtual private networks (VPNs) Enables the secure transfer of data from a remote PC to a server by creating a VPN across a TCP/IP network Involves three computers: –The PPTP client –The NAS (usually an ISP) –The PPTP server

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionL2TP Designed for use across all kinds of networks, including ATM and Frame Relay Can be implemented by both hardware and software Designed to work with established AAA services such as RADIUS and TACACS+

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionTelnet Allows users to log in remotely and access resources as if they had a local terminal connection Offers little security, as usernames, passwords, and all data are passed in clear text over the TCP/IP connection Access control to Telnet on machines and routers should be implemented when they are first set up Uses TCP port 23

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Secure Shell (SSH) Secure Shell is a protocol series designed to facilitate secure network functions across an insecure network. SSH was designed as a replacement for the insecure telnet. SSH uses TCP port 22. SSH has three major components: –Transport layer protocol –User authentication protocol –Connection protocol

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionVPNs A virtual private network is a secure network built on top of a physical network. It’s not a protocol in and of itself, but rather a method of using protocols to achieve secure communications. It is typically used to access a corporate data network from a home PC across the Internet.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition VPN Service Over an Internet Connection

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionIPsec Operates at OSI Layer 3, the network layer Content and context protection Provides a sweeping array of services: –Access control –Connectionless integrity –Traffic-flow confidentiality –Rejection of replayed packets –Data security (encryption)

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Vulnerabilities of Remote Access Methods Plaintext credential passing Strength of the encryption algorithm Bugs can open the system to attack Vendor responsiveness to fixing the bugs once they are discovered

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Discuss the methods and protocols for remote access to networks. Explain authentication methods and the security implications in their use. Implement virtual private networks (VPNs) and their security aspects. Describe Internet Protocol Security (IPsec) and its use in securing communications.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.