2 Intrusion Detection and Intrusion Prevention Systems Intrusion Detection System (IDS)—Only detects unauthorized activity. Example: MS Event ViewerIntrusion Prevention System (IPS)—Detects unauthorized activity and performs some function to stop the activity. Example: Most antivirus softwareIDS and IPS require some form of port monitoringWhen a particular port on a switch is connected directly to the IDS or IPS and monitors all activity through another port on the same switch.
3 Public Key Infrastructure (PKI) Provides encryption and authenticationThe method of using an algorithm to encode data.Algorithm converts data into ciphertextencrypted dataCryptology—Science of encrypting dataGenerates key and uses it for encryptionGenerates certificate to verify authentication
4 Key Encryption Methods Symmetric-key encryption—Generally used when large amounts of data need to be encryptedAsymmetric-key encryption—Both the public and private keys are needed to encode and decode data
5 Digital Certificate A file that commonly contains data such as the user’s name and address,the public key value assigned to the user,the validity period of the public key,issuing authority identifier information
6 Certificate Authority (CA) 1. Station1 applies for digital certificate from a CA to send an encrypted message to Station2 2. CA issues digital certificate to Station1 3. Station1 uses private key to encrypt message 4. Station1 sends encrypted message to Station2 5. Station2 uses the public key to decode encrypted message
8 Security Sockets Layer (SSL) and Transport Layer Security (TLS) Application layer protocolsSupport VoIP, , and remote connectionsBased on public key encryption technologyDisplays https:// when securing Web site connectionNot compatible with each otherTLS more secure; SSL more popular
9 Secure HTTP (S-HTTP)Uses symmetric, or private, keys for encoding and decoding messagesNot supported by all Web browsers
10 Virtual Network Connection (VNC) Describes point-to-point connection to a remote deviceConnection considered “virtual” because user’s network device is not a physical part of remote network
11 Independent Computer Architecture (ICA) Citrix ICA and Microsoft Remote Desktop Protocol are the two main choices for this type of application
12 Internet Protocol Security (IPSec) Collection of security protocols, hashes, and algorithmsAuthentication can be verified with Kerberos, a preshared key, or digital certificatesIPSec VPNs typically use public and private keys for encryption
13 IPSec ModesTransport mode An IPSec mode that only encrypts the payload.Tunnel mode An IPSec mode that encrypts the payload and the header.
14 Secure Shell (SSH)Originally designed for UNIX to replace Remote Login (rlogin), Remote Shell (rsh), and Remote Copy (rcp)Uses port 22Requires a private key, public key, and passwordCan be used on operating systems that support TCP/IP
16 Secure Copy Protocol (SCP) Replacement for rcp commandDoes not require password
17 Service Set Identifier (SSID) Identifies wireless networkSimilar to workgroup nameAll wireless network devices are configured with a default SSIDTo secure the wireless network, the default SSID should be changed
18 Media Access Control (MAC) Filtering To configure MAC filtering, administrator creates an Access Control List (ACL)ACL is located on Wireless Access Point (WAP)ACL contains list of MAC addresses belonging to authorized wireless network devices
19 Wired Equivalent Privacy (WEP) First attempt to secure with encryption the data transferred across a wireless networkAlgorithm not complex and can be easily crackedA VPN can add to the security set in place by WEP
20 Wi-Fi Protected Access (WPA) Developed by the Wi-Fi organization to overcome the vulnerabilities of WEPCompatible with devicesWi-Fi Protected Access 2 (WPA2) is an enhanced version of WPAWPA2 is compatible with the i standard
21 802.11iIEEE ratified standard to remedy original security flawsSpecifies the use of a 128-bit Advanced Encryption Standard (AES) for data encryptionGenerates fresh set of keys for each new connectionDownward compatible with existing devices
22 802.1x Authentication Provides port-based, network access control Used for client/server-based networksSupplicant—Wireless network device requesting network accessAuthenticator—WAP provides authenticationAuthentication server—Server running Remote Authentication Dial-In User Service (RADIUS)
23 In class labLanguard Lab – download lab from course websiteLabsim 8.25Next ClassNo class on Monday November 11th, 2013November 13th, 2013Labsim Homework 8.3.1–8.3.3
Your consent to our cookies if you continue to use this website.