Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)

Published byAvice Blankenship Modified over 9 years ago

Similar presentations

Presentation on theme: "Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)"— Presentation transcript:

1 Network Security

2 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)  RADIUS systems authenticate users on a client/server network  Used for dial-in, wireless, and Internet access  The server that hosts RADIUS is referred to as the Network Access Server (NAS)  The NAS stores user names and passwords and records user activity on the network

3 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Rogue Wireless Access Points  Rogue access point An unauthorized WAP that is installed on a network system. Rogue access point  can compromise wireless network security  Can be prevented by using a wireless intrusion prevention system (WIPS) or setting up an 802.1x system

4 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Authentication, Authorization, and Accounting (AAA)  Standard that is most common model used for network access  The dominate client/server security models that support AAA are RADIUS, TACACS+, and Diameter

5 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Diameter  Applicable to roaming devices such as cell phones  Allows for attributes to be added to basic Diameter protocol to meet AAA security requirements  Any device acting as a relay between AAA authenticator and client is referred to as AAA proxyAAA proxy

6 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. TACACS+  Represents Terminal Access Controller Access- Control System plus  Should not to be confused with TACACS; they are completely different systems  Alternative to RADIUS

7 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. RADIUS and TACACS+ Comparison

8 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Password Authentication Protocol (PAP)  Basic password authentication technique used for HTTP and remote dial-up access  No longer used because user name and password are not encrypted

9 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Challenge Handshake Authentication Protocol (CHAP)  CHAP was designed to be used with PPP  Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an enhanced version of CHAP and can only be used on Microsoft operating systems Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

10 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. How CHAP Works 1.Client connects to a remote system using PPP 2.Server sends a challenge to the client 3.Server (authentication agent) sends a key to the client so it can encrypt its user name and password 4.Client responds with a key that represents its user name and password 5.Server accepts or rejects client user name and password based on a matching encryption key

11 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Kerberos  Client and server authenticated to each other  Encryption key (encodes data) and decryption key (decrypts data) used for privacy

12 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Extensible Authentication Protocol (EAP)  Used for network access and authentication in a client/server environment when IP is not available  Sends clear text messages  Originally developed to be used with PPP  Also used for 802.1x wireless connections and for access and authentication to network switches

13 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Protected Extensible Authentication Protocol (PEAP)  Extension of EAP  Works by first establishing a secure connection using Transport Layer Security (TLS)  TLS provides encryption for the EAP connection and ensures data integrity

14 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Lightweight Extensible Authentication Protocol (LEAP)  An improved EAP standard developed by Cisco Systems for its line of Wireless Access Points (WAPs)  LEAP periodically re-authenticates the wireless connection  This ensures client is still the original authenticated client and connection has not been hijacked

15 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Security Implementations  Various measures include:  Installing latest software updates and patches  Setting up an account for daily administrative tasks  Changing the default administrator’s name  Educating system users in security practices

16 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Software Patches  Should be applied:  Immediately after installing new software  As they become available  Contain fixes that close security holes and fix software bugs  Periodically, Microsoft releases a service pack for its software and operating systemsservice pack

17 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Administrator Account  User provides password for default administrator account  Default administrator account name should be changed to better secure network  Ability to delete or rename the administrator account varies according to operating system

18 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. User Account Passwords  To make passwords more secure administrators should:  Set defaults for password histories, age, and length  Educate users about poor and secure passwords

19 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Poor Passwords  Poor passwords contain:  Words that are found in a dictionary  Names familiar to the password owner  Keyboard patterns  Social security numbers  Secure passwords are less vulnerable to hashing techniqueshashing

20 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Windows Server 2008 Password Policies

21 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall  Can consist of hardware, software, or a combination  Servers, routers, and PCs may be used  Designed to filter inbound and outbound flow of network packets based on factors such as  IP address  Port number  Software application  Packet contents  Protocol

22 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall Example

23 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Windows Firewall with Advanced Security

24 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Packet Filter  Stateless packet inspection Stateless packet inspection  Does not take into account packet sequence or missing packets  Aligns with layer 3 of the OSI model  Stateful packet inspection Stateful packet inspection  Applies a filter based on packet sequence  Detects missing packets  Aligns with layer 3 and 4 of the OSI model

25 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Application Gateway

26 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Content Filter  Configured to block specific Web sites or packet contents that contain specific terms  Administrator can control the list of terms  Can also incorporate protection from malware

27 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Circuit-Level Gateway  After connection is established, packet can flow freely between the two hosts  Packet sequence is encoded, making it difficult for intruders to access stream of data

28 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Firewall Signature Identification  Requires constant updates of new signatures  No signature immediately available for new malware

29 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Demilitarized Zone (DMZ)  Can be created with a router or a server with three network adapters installed  When configured with a server  One network adapter connects to the Internet  A second network adapter connects to the DMZ  The third network adapter connects to the private section of the network

30 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Proxy Server  Can be configured to allow packets to flow into and out of the network if they meet certain conditions  Specific IP addresses  Certain protocols  Server names or URLs  May cache frequently visited Web sites, making it faster to access those Web sites

31 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Physical Security  Physically securing file servers, hubs, routers, workstations, or any other point of access  Locating network devices in secure rooms  Biometrics—Identifying unique features such as fingerprints, speech, eye color, and facial features Biometrics  Smart card—Access to computer systems is granted after correct PIN is entered Smart card

32 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Security Tools  Identify network security weaknesses  Probe network, searching for vulnerabilities  Some security tools used are  GFI LANguard  Netstat utility  Audit tools  Self-hack tools  Protocol analyzer Protocol analyzer  Packet sniffer Packet sniffer

33 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. GFI LANguard

34 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Data Security Compliance Requirements  Several security standards and laws have been created to secure user personal information  Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act (HIPAA)  Payment Card Industry Data Security Standard (PCI DSS) Payment Card Industry Data Security Standard (PCI DSS)  California SB 1386 California SB 1386  Sarbanes-Oxley (SOX) Sarbanes-Oxley (SOX)

35 Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. In class lab 1. Apply for a trial version of a digital certificate from a CA such as Verisign. After obtaining the digital certificate try it out with a classmate. 2. Labsim 8.34 3. Roberts Lab 74 N EXT C LASS November 18 th, 2013 Labsim Homework 8.4.1-8.4.3

Download ppt "Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)"

Similar presentations

Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Network Security.

Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
HIPAA Security Standards What’s happening in your office?

HIPAA Security Standards What’s happening in your office?
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols

802.1x EAP Authentication Protocols
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Georgy Melamed Eran Stiller

Georgy Melamed Eran Stiller
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures

Remote Networking Architectures

Similar presentations

Ads by Google