11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Network Security.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Guide to Network Defense and Countermeasures Second Edition
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
Virtual Private Networks and IPSec
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
1 IP VPN Nikolay Scarbnik. 2 Agenda Introduction………………………………………………………….3 VPN concept definition……………………………………………..4 VPN advantages……………...…………………………………….5.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Internet Protocol Security (IPSec)
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
Remote Networking Architectures
Virtual Private Networks
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
Virtual Private Network
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Chapter 13 – Network Security
Network Admin Course Plan Accede Institute Of Science & Technology.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 Chapter 12: VPN Connectivity in Remote Access Designs Designs That Include VPN Remote Access Essential VPN Remote Access Design Concepts Data Protection.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Security fundamentals Topic 7 Securing network communications.
Securing Access to Data Using IPsec Josh Jones Cosc352.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Introduction to Networking Technologies Wireless Security.
Port Based Network Access Control
Virtual Private Networks and IPSec
Virtual Private Networks
Microsoft Windows NT 4.0 Authentication Protocols
Virtual Private Networks (VPN)
Topic 12: Virtual Private Networks
Presentation transcript:

11 SECURING COMMUNICATIONS Chapter 7

Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how to secure wireless communications.  Describe how to use Internet Protocol Security (IPSec) to secure network communications.  Explain how to secure remote connections.  Describe how to secure wireless communications.  Describe how to use Internet Protocol Security (IPSec) to secure network communications.

Chapter 7: SECURING COMMUNICATIONS3 SECURING REMOTE ACCESS  More workers are telecommuting now.  Remote users have various types of communication connections.  Remote connections have special security requirements.  More workers are telecommuting now.  Remote users have various types of communication connections.  Remote connections have special security requirements.

Chapter 7: SECURING COMMUNICATIONS4 CHOOSING REMOTE CONNECTION METHODS  Modems support user dial-in connections.  A remote connection grants Internet access to network users via remote access services.  Internet connectivity supports virtual private network (VPN) links.  Connection media are often insecure.  Modems support user dial-in connections.  A remote connection grants Internet access to network users via remote access services.  Internet connectivity supports virtual private network (VPN) links.  Connection media are often insecure.

Chapter 7: SECURING COMMUNICATIONS5 DIAL-UP VS. VPN

Chapter 7: SECURING COMMUNICATIONS6 DIAL-UP CONNECTIONS  Modems establish the network link.  The remote access server  Hosts modem banks  Authenticates remote users  Acts as a router or proxy  Modems establish the network link.  The remote access server  Hosts modem banks  Authenticates remote users  Acts as a router or proxy

Chapter 7: SECURING COMMUNICATIONS7 DIAL-UP CONNECTIONS (CONT.)

Chapter 7: SECURING COMMUNICATIONS8 DIAL-UP PROTOCOLS  Point-to-Point Protocol (PPP)  Serial Line Internet Protocol (SLIP)  Point-to-Point Protocol (PPP)  Serial Line Internet Protocol (SLIP)

Chapter 7: SECURING COMMUNICATIONS9 CONNECTION-LEVEL SECURITY  Callback Control Protocol (CBCP)  Predefined  User-defined  Caller ID  Automatic number identification (ANI)  Callback Control Protocol (CBCP)  Predefined  User-defined  Caller ID  Automatic number identification (ANI)

Chapter 7: SECURING COMMUNICATIONS10 ADVANTAGES OF DIAL-UP  Limited access for attackers  Low likelihood of eavesdropping  Limited access for attackers  Low likelihood of eavesdropping

Chapter 7: SECURING COMMUNICATIONS11 DISADVANTAGES OF DIAL-UP  Cost  Low productivity  War dialing  Cost  Low productivity  War dialing

Chapter 7: SECURING COMMUNICATIONS12 VPNs  VPNs are an alternative to dial-up networks.  VPNs use the Internet as a connection medium.  A VPN connection is a tunnel.  VPN tunnels typically encrypt data.  VPNs are an alternative to dial-up networks.  VPNs use the Internet as a connection medium.  A VPN connection is a tunnel.  VPN tunnels typically encrypt data.

Chapter 7: SECURING COMMUNICATIONS13 VPN CONNECTIONS

Chapter 7: SECURING COMMUNICATIONS14 ADVANTAGES OF VPN  Low costs  High productivity  Fewer external connection points  Low costs  High productivity  Fewer external connection points

Chapter 7: SECURING COMMUNICATIONS15 DISADVANTAGES OF VPN  Risk of attacks  Risk of eavesdropping  High exposure to attackers  Risk of attacks  Risk of eavesdropping  High exposure to attackers

Chapter 7: SECURING COMMUNICATIONS16 REMOTE CONNECTION REQUIREMENTS  Remote communications between two computers require using the same protocol.  Both computers should use secured protocols and applications.  The server should require user authentication.  Remote communications between two computers require using the same protocol.  Both computers should use secured protocols and applications.  The server should require user authentication.

Chapter 7: SECURING COMMUNICATIONS17 REMOTE CONNECTION REQUIREMENTS (CONT.)

Chapter 7: SECURING COMMUNICATIONS18 COMMON AUTHENTICATION PROTOCOLS  Password Authentication Protocol (PAP)  Shiva Password Authentication Protocol (SPAP)  Challenge Handshake Authentication Protocol (CHAP)  Password Authentication Protocol (PAP)  Shiva Password Authentication Protocol (SPAP)  Challenge Handshake Authentication Protocol (CHAP)

Chapter 7: SECURING COMMUNICATIONS19 COMMON AUTHENTICATION PROTOCOLS (CONT.)  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)  Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)  Extensible Authentication Protocol (EAP)  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)  Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2)  Extensible Authentication Protocol (EAP)

Chapter 7: SECURING COMMUNICATIONS20 CENTRALIZED AUTHENTICATION  Centralized authentication provides a single authentication control.  Remote access servers forward authentication requests.  Centralized authentication increases security.  Centralized authentication provides a single authentication control.  Remote access servers forward authentication requests.  Centralized authentication increases security.

Chapter 7: SECURING COMMUNICATIONS21 REMOTE ACCESS SERVER WITH CENTRALIZED AUTHENTICATION

Chapter 7: SECURING COMMUNICATIONS22 CENTRALIZED AUTHENTICATION PROTOCOLS  Remote Authentication Dial-In User Service (RADIUS)  Terminal Access Controller Access Control Service (TACACS)  TACACS+  Remote Authentication Dial-In User Service (RADIUS)  Terminal Access Controller Access Control Service (TACACS)  TACACS+

Chapter 7: SECURING COMMUNICATIONS23 RADIUS  Provides authentication, authorization, and accounting services  Is vendor independent  Provides authentication encryption  Provides authentication, authorization, and accounting services  Is vendor independent  Provides authentication encryption

Chapter 7: SECURING COMMUNICATIONS24 RADIUS AUTHENTICATION PROCESS

Chapter 7: SECURING COMMUNICATIONS25 TACACS AND TACACS+  Provide centralized access controls  Used by routers and remote access servers  Developed by Cisco Systems, Inc.  Provide centralized access controls  Used by routers and remote access servers  Developed by Cisco Systems, Inc.

Chapter 7: SECURING COMMUNICATIONS26 DIFFERENCES BETWEEN RADIUS AND TACACS+  RADIUS  Runs over the User Datagram Protocol (UDP)  Provides combined authentication and authorization  Used mainly by computers  TACACS+  Runs over the Transmission Control Protocol (TCP)  Provides separate authentication and authorization  Used mainly by network devices such as routers and switches  RADIUS  Runs over the User Datagram Protocol (UDP)  Provides combined authentication and authorization  Used mainly by computers  TACACS+  Runs over the Transmission Control Protocol (TCP)  Provides separate authentication and authorization  Used mainly by network devices such as routers and switches

Chapter 7: SECURING COMMUNICATIONS27 VPN PROTOCOLS  Point-to-Point Tunneling Protocol (PPTP)  Layer 2 Tunneling Protocol (L2TP)  IPSec  Point-to-Point Tunneling Protocol (PPTP)  Layer 2 Tunneling Protocol (L2TP)  IPSec

Chapter 7: SECURING COMMUNICATIONS28 PPTP  Is a Layer 2 protocol that encapsulates PPP frames in IP datagrams  Uses PAP, CHAP, and MS-CHAP  Requires an IP-based network  Does not support header compression  Is a Layer 2 protocol that encapsulates PPP frames in IP datagrams  Uses PAP, CHAP, and MS-CHAP  Requires an IP-based network  Does not support header compression

Chapter 7: SECURING COMMUNICATIONS29 L2TP  Is an extension of PPP  Encapsulates PPP frames to be sent over IP, X.25, frame relay, or Asynchronous Transfer Mode (ATM) networks  Can use encrypted or compressed frames  Includes no mechanisms for authentication or encryption  Often used with IPSec  Is an extension of PPP  Encapsulates PPP frames to be sent over IP, X.25, frame relay, or Asynchronous Transfer Mode (ATM) networks  Can use encrypted or compressed frames  Includes no mechanisms for authentication or encryption  Often used with IPSec

Chapter 7: SECURING COMMUNICATIONS30 L2TP OVER IPSEC (L2TP/IPSEC)  IPSec is used with L2TP to create tunnels.  Client L2TP/IPSec connections are used to access networks.  L2TP/IPSec offers gateway-to-gateway (network- to-network) connections.  L2TP/IPSec supports a wide range of user authentication options.  IPSec is used with L2TP to create tunnels.  Client L2TP/IPSec connections are used to access networks.  L2TP/IPSec offers gateway-to-gateway (network- to-network) connections.  L2TP/IPSec supports a wide range of user authentication options.

Chapter 7: SECURING COMMUNICATIONS31 VPN ISSUES  IPSec provides for multi-vendor interoperability.  Some network address translation (NAT) implementations cannot use IPSec tunnel mode.  PPTP security depends on using a password.  IPSec provides for multi-vendor interoperability.  Some network address translation (NAT) implementations cannot use IPSec tunnel mode.  PPTP security depends on using a password.

Chapter 7: SECURING COMMUNICATIONS32 SECURING VPN CONNECTIONS  Encrypt authentication and data.  Monitor traffic leaving a VPN connection.  Use strong multi-factor authentication.  Require VPN clients to comply with security policy.  VPN clients should not bypass security for Internet access.  Encrypt authentication and data.  Monitor traffic leaving a VPN connection.  Use strong multi-factor authentication.  Require VPN clients to comply with security policy.  VPN clients should not bypass security for Internet access.

Chapter 7: SECURING COMMUNICATIONS33 TERMINAL SESSIONS  Provide remote access  Let you control a system using a remote client  Reduce hardware costs  Create inherent security risks  Provide remote access  Let you control a system using a remote client  Reduce hardware costs  Create inherent security risks

Chapter 7: SECURING COMMUNICATIONS34 SECURE SHELL PROTOCOL (SSH)  Is a secure, low-level transport protocol  Provides remote control and access  Replaces Telnet, rlogin, and FTP  Has strong security features  Is a secure, low-level transport protocol  Provides remote control and access  Replaces Telnet, rlogin, and FTP  Has strong security features

Chapter 7: SECURING COMMUNICATIONS35 WHAT SSH PROTECTS AGAINST  Packet spoofing  IP/host spoofing  Password sniffing  Eavesdropping  Packet spoofing  IP/host spoofing  Password sniffing  Eavesdropping

Chapter 7: SECURING COMMUNICATIONS36 WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted using radio waves.  Physical security is no longer sufficient.  Transmissions can be intercepted outside the building where the data originates.  Wireless connections are becoming popular.  Network data is transmitted using radio waves.  Physical security is no longer sufficient.  Transmissions can be intercepted outside the building where the data originates.

Chapter 7: SECURING COMMUNICATIONS37 HOW WIRELESS NETWORKING WORKS  Institute of Electrical and Electronics Engineers (IEEE) is the standard  OSI Layers 1 and 2  Can use various upper-layer protocols  Institute of Electrical and Electronics Engineers (IEEE) is the standard  OSI Layers 1 and 2  Can use various upper-layer protocols

Chapter 7: SECURING COMMUNICATIONS38 WIRELESS INFRASTRUCTURE MODE NETWORKING

Chapter 7: SECURING COMMUNICATIONS39 WIRELESS THREATS  Theft of service  Eavesdropping  Unauthorized access  Theft of service  Eavesdropping  Unauthorized access

Chapter 7: SECURING COMMUNICATIONS40 BASIC DEFENSES AGAINST WIRELESS ATTACKS  Limit the range of radio transmissions.  Conduct a site survey.  Measure the signal strength.  Search for unauthorized access points (APs).  Restrict access by using a service set identifier (SSID) or by limiting access to specific media access control (MAC) addresses.  Separate the wireless segment from the rest of the network.  Limit the range of radio transmissions.  Conduct a site survey.  Measure the signal strength.  Search for unauthorized access points (APs).  Restrict access by using a service set identifier (SSID) or by limiting access to specific media access control (MAC) addresses.  Separate the wireless segment from the rest of the network.

Chapter 7: SECURING COMMUNICATIONS41 WIRED EQUIVALENCY PRIVACY (WEP)  Provides encryption and access control  Uses the RC4 encryption algorithm  Uses checksums  Supports 64-bit and 128-bit encryption  Supports shared key authentication and open authentication  Provides encryption and access control  Uses the RC4 encryption algorithm  Uses checksums  Supports 64-bit and 128-bit encryption  Supports shared key authentication and open authentication

Chapter 7: SECURING COMMUNICATIONS42 WEP KEYS  An attacker can discover the WEP key by using a brute-force attack.  All computers use a single shared WEP key.  WEP does not define a secure means to distribute the key.  WEP keys can use manual or automated distribution methods.  An attacker can discover the WEP key by using a brute-force attack.  All computers use a single shared WEP key.  WEP does not define a secure means to distribute the key.  WEP keys can use manual or automated distribution methods.

Chapter 7: SECURING COMMUNICATIONS43 ADVANTAGES OF WEP  All messages are encrypted.  Privacy is maintained.  WEP is easy to implement.  WEP provides a basic level of security.  Keys are user definable and unlimited.  All messages are encrypted.  Privacy is maintained.  WEP is easy to implement.  WEP provides a basic level of security.  Keys are user definable and unlimited.

Chapter 7: SECURING COMMUNICATIONS44 DISADVANTAGES OF WEP  A hacker can easily discover the shared key.  You must tell users about key changes.  WEP alone does not provide sufficient wireless local area network (WLAN) security.  WEP must be implemented on every client and AP.  A hacker can easily discover the shared key.  You must tell users about key changes.  WEP alone does not provide sufficient wireless local area network (WLAN) security.  WEP must be implemented on every client and AP.

Chapter 7: SECURING COMMUNICATIONS X PROTOCOL  Is a standard for port-based network access control  Requires authentication before access  Uses the Extensible Authentication Protocol over LAN (EAPOL)  Uses standard security protocols  Access is based on identity, not on media access control (MAC)  Supports extended forms of authentication  Is a standard for port-based network access control  Requires authentication before access  Uses the Extensible Authentication Protocol over LAN (EAPOL)  Uses standard security protocols  Access is based on identity, not on media access control (MAC)  Supports extended forms of authentication

Chapter 7: SECURING COMMUNICATIONS46 WIRELESS PROTECTED ACCESS (WPA)  IEEE is developing a new standard, i.  WPA is an interim standard that  Uses 802.1x authentication  Uses native key management  Can support WEP simultaneously  IEEE is developing a new standard, i.  WPA is an interim standard that  Uses 802.1x authentication  Uses native key management  Can support WEP simultaneously

Chapter 7: SECURING COMMUNICATIONS47 WIRELESS APPLICATION PROTOCOL (WAP)  Secures communications in OSI Layers 3–7  Is commonly used for mobile devices  Uses Wireless Transport Layer Security (WTLS)  Is vulnerable to weak algorithms  Is vulnerable to physical control of wireless gateways  Secures communications in OSI Layers 3–7  Is commonly used for mobile devices  Uses Wireless Transport Layer Security (WTLS)  Is vulnerable to weak algorithms  Is vulnerable to physical control of wireless gateways

Chapter 7: SECURING COMMUNICATIONS48 USING IPSEC  Is a network-layer protocol  Provides authentication and encryption  Secures communications between any two devices  Secures routers or network to network communications  Is an industry standard  Is a network-layer protocol  Provides authentication and encryption  Secures communications between any two devices  Secures routers or network to network communications  Is an industry standard

Chapter 7: SECURING COMMUNICATIONS49 IPSEC PRINCIPLES  End-to-end security  Remote-access VPN client and gateway functions  Site-to-site VPN connections  End-to-end security  Remote-access VPN client and gateway functions  Site-to-site VPN connections

Chapter 7: SECURING COMMUNICATIONS50 IPSEC ELEMENTS  Encapsulating Security Payload (ESP) and Authenticated Header (AH)  Tunnel and transport modes  Encapsulating Security Payload (ESP) and Authenticated Header (AH)  Tunnel and transport modes

Chapter 7: SECURING COMMUNICATIONS51 USES FOR IPSEC

Chapter 7: SECURING COMMUNICATIONS52 IPSEC PROTECTION IPSec protects against  Man-in-the-middle attacks  Spoofing  Replay attacks IPSec protects against  Man-in-the-middle attacks  Spoofing  Replay attacks

Chapter 7: SECURING COMMUNICATIONS53 IPSEC SECURITY COMPONENTS  Security association (SA)  Internet Key Exchange (IKE)  Kerberos v5  Certificates  Preshared authentication keys  Security association (SA)  Internet Key Exchange (IKE)  Kerberos v5  Certificates  Preshared authentication keys

Chapter 7: SECURING COMMUNICATIONS54 HOW IPSEC SECURES TRAFFIC

Chapter 7: SECURING COMMUNICATIONS55 IPSEC LIMITATIONS  Computers and devices must support IPSec.  IPSec is limited by the encryption and authentication methods that devices support.  IPSec does not secure broadcast and multicast traffic.  Initialization traffic is not secured.  IPSec increases the load on system processors.  There are no software controls because IPSec can be handled by hardware.  Computers and devices must support IPSec.  IPSec is limited by the encryption and authentication methods that devices support.  IPSec does not secure broadcast and multicast traffic.  Initialization traffic is not secured.  IPSec increases the load on system processors.  There are no software controls because IPSec can be handled by hardware.

Chapter 7: SECURING COMMUNICATIONS56 SUMMARY  RADIUS and TACACS+ are used for centralized authentication of remote access users.  VPNs are a cost-effective method for users to establish remote connections across the Internet. PPTP and L2TP/IPSec are the most commonly used protocols for VPN connections.  Terminal sessions and SSH are methods for accessing one computer from another computer over a secure network connection.  RADIUS and TACACS+ are used for centralized authentication of remote access users.  VPNs are a cost-effective method for users to establish remote connections across the Internet. PPTP and L2TP/IPSec are the most commonly used protocols for VPN connections.  Terminal sessions and SSH are methods for accessing one computer from another computer over a secure network connection.

Chapter 7: SECURING COMMUNICATIONS57 SUMMARY (CONT.)  Wireless networks present specific security challenges for administrators. WEP is a commonly used protocol for securing wireless connections, but it has many shortcomings that reduce the security that it provides. The 802.1x and WPA protocols provide better security.  IPSec secures network traffic at the IP level by providing authentication and encryption. IPSec is transparent to upper layer protocols and to applications.  Wireless networks present specific security challenges for administrators. WEP is a commonly used protocol for securing wireless connections, but it has many shortcomings that reduce the security that it provides. The 802.1x and WPA protocols provide better security.  IPSec secures network traffic at the IP level by providing authentication and encryption. IPSec is transparent to upper layer protocols and to applications.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.