Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Published byMarilynn Howard Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)"— Presentation transcript:

1 Network Security

2 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)  RADIUS systems authenticate users on a client/server network  Used for dial-in, wireless, and Internet access  The server that hosts RADIUS is referred to as the Network Access Server (NAS)  The NAS stores user names and passwords and records user activity on the network

3 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Rogue Wireless Access Points  Rogue access point An unauthorized WAP that is installed on a network system. Rogue access point  can compromise wireless network security  Can be prevented by using a wireless intrusion prevention system (WIPS) or setting up an 802.1x system

4 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Authentication, Authorization, and Accounting (AAA)  Standard that is most common model used for network access  They dominant client/server security models that support AAA are RADIUS, TACACS+, and Diameter  Terminal Access Controller Access Control System) is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system.

5 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Challenge Handshake Authentication Protocol (CHAP)  CHAP was designed to be used with PPP(Point to Point Protocol)- is a data link protocol used to establish a direct connection between two nodes.  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an enhanced version of CHAP and can only be used on Microsoft operating systems Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

6 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. How CHAP Works 1.Client connects to a remote system using PPP 2.Server sends a challenge to the client 3.Server (authentication agent) sends a key to the client so it can encrypt its user name and password 4.Client responds with a key that represents its user name and password 5.Server accepts or rejects client user name and password based on a matching encryption key

7 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Kerberos  Client and server authenticated to each other  Encryption key (encodes data) and decryption key (decrypts data) used for privacy

8 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Extensible Authentication Protocol (EAP)  Used for network access and authentication in a client/server environment when IP is not available  Sends clear text messages  Originally developed to be used with PPP  Also used for 802.1x wireless connections and for access and authentication to network switches

9 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Protected Extensible Authentication Protocol (PEAP)  Extension of EAP  Works by first establishing a secure connection using Transport Layer Security (TLS)  TLS provides encryption for the EAP connection and ensures data integrity

10 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Lightweight Extensible Authentication Protocol (LEAP)  An improved EAP standard developed by Cisco Systems for its line of Wireless Access Points (WAPs)  LEAP periodically re-authenticates the wireless connection  This ensures client is still the original authenticated client and connection has not been hijacked

11 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Security Implementations  Various measures include:  Installing latest software updates and patches  Setting up an account for daily administrative tasks  Changing the default administrator’s name  Educating system users in security practices

12 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Software Patches  Should be applied:  Immediately after installing new software  As they become available  Contain fixes that close security holes and fix software bugs  Periodically, Microsoft releases a service pack for its software and operating systemsservice pack

13 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Administrator Account  User provides password for default administrator account  Default administrator account name should be changed to better secure network  Ability to delete or rename the administrator account varies according to operating system

14 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. User Account Passwords  To make passwords more secure administrators should:  Set defaults for password histories, age, and length  Educate users about poor and secure passwords

15 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Poor Passwords  Poor passwords contain:  Words that are found in a dictionary  Names familiar to the password owner  Keyboard patterns  Social security numbers  Secure passwords are less vulnerable to hashing techniqueshashing A technique that relies on an algorithm or encryption device based on mathematical algorithms for guessing a password.

16 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Windows Server 2008 Password Policies

17 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall  Can consist of hardware, software, or a combination  Servers, routers, and PCs may be used  Designed to filter inbound and outbound flow of network packets based on factors such as  IP address  Port number  Software application  Packet contents  Protocol

18 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall Example

19 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Windows Firewall with Advanced Security

20 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Packet Filter  Stateless packet inspection Stateless packet inspection  Does not take into account packet sequence or missing packets  Aligns with layer 3 of the OSI model  Stateful packet inspection Stateful packet inspection  Applies a filter based on packet sequence  Detects missing packets  Aligns with layer 3 and 4 of the OSI model

21 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Application Gateway

22 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Content Filter  Configured to block specific Web sites or packet contents that contain specific terms  Administrator can control the list of terms  Can also incorporate protection from malware

23 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Circuit-Level Gateway  After connection is established, packet can flow freely between the two hosts  Packet sequence is encoded, making it difficult for intruders to access stream of data

24 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Demilitarized Zone (DMZ)  Can be created with a router or a server with three network adapters installed  When configured with a server  One network adapter connects to the Internet  A second network adapter connects to the DMZ  The third network adapter connects to the private section of the network

25 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Proxy Server  Can be configured to allow packets to flow into and out of the network if they meet certain conditions  Specific IP addresses  Certain protocols  Server names or URLs  May cache frequently visited Web sites, making it faster to access those Web sites

26 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Security Tools  Identify network security weaknesses  Probe network, searching for vulnerabilities  Some security tools used are  GFI LANguard  Netstat utility  Audit tools  Self-hack tools  Protocol analyzer Protocol analyzer  Packet sniffer Packet sniffer

27 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. GFI LANguard

28 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. In class lab 1. Apply for a trial version of a digital certificate from a CA such as Verisign. After obtaining the digital certificate try it out with a classmate. 2. Labsim 8.34 3. Roberts Lab 74 N EXT C LASS Labsim Homework 8.4.1-8.4.3

Download ppt "Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)"

Similar presentations

Authentication.

Authentication.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Network Security.

Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
Chapter 12 Network Security.

Chapter 12 Network Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures

Remote Networking Architectures

Similar presentations

Ads by Google