Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Published byJohn O’Brien’ Modified over 9 years ago

Similar presentations

Presentation on theme: "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"— Presentation transcript:

1 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Remote Access Connection, Authentication, Authorization Chapter 11

2 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Key Terms (continued) Layer 2 Tunneling Protocol (L2TP) Mandatory access control (MAC) Point-to-Point Tunneling Protocol (PPTP) Remote Access Server (RAS) Role-based access control (RBAC) Rule-based access control (RBAC)

3 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Remote Access Process Requires two things: –A temporary network connection –A series of protocols to negotiate privileges and commands To establish proper privileges, three steps are used: –Authentication –Authorization –Accounting

4 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionIdentification The process of assigning a computer ID to a specific user, computer, network device or computer process. User IDs should not be shared or descriptive of job function. Links the logon ID or user ID to previously assigned credentials.

5 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionAuthentication The process of binding a specific ID to a specific computer connection Four categories of secrets are used: –What users know (password) –What users have (tokens/key cards) –What users are (biometrics) –What users do

6 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionKerberos A network authentication protocol designed for the client/server environment. Uses tickets in a two-step process with the client. –An authentication server issues a ticket-granting ticket to the client. –The ticket is then presented to a Kerberos server to request a ticket granting access to that server. –The server the issues a client-to-server ticket to the client. The entire session is encrypted.

7 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Kerberos Operations

8 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionTokens A hardware device that counts as both something-you- have and something-you-know. A number is displayed on the screen that is used in conjunction with a user ID. The number changes at a constant interval. Even if someone finds the token, they won’t know the corresponding user ID.

9 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition One-Time Password Generator Token

10 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionMultifactor Uses more than one authentication mechanism at the same time. Examples include: –Biometric scanners and a PIN –Hardware tokens –ATM card and a PIN Increase the level of security, as multiple methods would need to be spoofed accurately and simultaneously.

11 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Single Sign-On One authentication method works for every system that a user needs to access. Reduces login hassles: –Fewer usernames and passwords to remember Inherently less secure: –If a login is compromised for one system, all systems the user can access are also compromised

12 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Access Control Access is the ability of a subject to interact with an object. An access control matrix shows what can be accessed by whom.

13 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Models of Access Control Discretionary access control (DAC) Mandatory access control (MAC) Role-based access control (RBAC) Rule-based access control (RBAC)

14 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Discretionary Access Control The owner of an object can decide what other subjects can access the object and what specific access they may have. Often use access control lists

15 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Mandatory Access Control The operating system decides what access will be granted to an object, based on its label. Every subject and every object in the system has a label, and they must match before access is granted. –For example, a subject with a “secret” label cannot access an object with a “top-secret” label.

16 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Role-Based Access Control Users are assigned a set of roles that they can perform. Each role is assigned the access permissions needed to carry out its function. Simplifies access control: people who need the same level of access are assigned to the same role, instead of having to give them all permission individually.

17 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Rule-Based Access Control The ACL contains a series of rules, and these rules are used to determine whether or not access to a resource is granted. Can be used in addition to other access control methods or as a stand-alone method.

18 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Authentication Protocols Numerous authentication protocols exist. Some of them include: –L2TP and PPTP –PPP –EAP –CHAP –SSH

19 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition L2TP and PPTP Layer 2 Tunneling Protocol (L2TP) and Point-to-Point Tunneling Protocol (PPTP) are both OSI Layer 2 tunneling protocols. Tunneling is the encapsulation of one packet within another: –This allows you to hide the original packet from view –Provides greater security

20 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionPPP Point-to-Point Protocol (PPP) is an OSI Layer 2 protocol used to connect devices. Used for establishing dial-in connections over serial lines or Integrated Services Digital Network (ISDN) services. Has several authentication mechanisms: PAP, CHAP, and EAP.

21 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionPPTP An extension of PPP that enables the creation of virtual private networks (VPNs) Enables the secure transfer of data from a remote PC to a server by creating a VPN across a TCP/IP network Involves three computers: –The PPTP client –The NAS (usually an ISP) –The PPTP server

22 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionL2TP Designed for use across all kinds of networks, including ATM and Frame Relay Can be implemented by both hardware and software Designed to work with established AAA services such as RADIUS and TACACS+

23 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionTelnet Allows users to log in remotely and access resources as if they had a local terminal connection Offers little security, as usernames, passwords, and all data are passed in clear text over the TCP/IP connection Access control to Telnet on machines and routers should be implemented when they are first set up Uses TCP port 23

24 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Secure Shell (SSH) Secure Shell is a protocol series designed to facilitate secure network functions across an insecure network. SSH was designed as a replacement for the insecure telnet. SSH uses TCP port 22. SSH has three major components: –Transport layer protocol –User authentication protocol –Connection protocol

25 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionVPNs A virtual private network is a secure network built on top of a physical network. It’s not a protocol in and of itself, but rather a method of using protocols to achieve secure communications. It is typically used to access a corporate data network from a home PC across the Internet.

26 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition VPN Service Over an Internet Connection

27 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third EditionIPsec Operates at OSI Layer 3, the network layer Content and context protection Provides a sweeping array of services: –Access control –Connectionless integrity –Traffic-flow confidentiality –Rejection of replayed packets –Data security (encryption)

28 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Vulnerabilities of Remote Access Methods Plaintext credential passing Strength of the encryption algorithm Bugs can open the system to attack Vendor responsiveness to fixing the bugs once they are discovered

29 Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond, Third Edition Chapter Summary Discuss the methods and protocols for remote access to networks. Explain authentication methods and the security implications in their use. Implement virtual private networks (VPNs) and their security aspects. Describe Internet Protocol Security (IPsec) and its use in securing communications.

Download ppt "Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Access Control Methodologies

Access Control Methodologies
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Networks

Virtual Private Networks
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Similar presentations

Ads by Google