Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Slides:



Advertisements
Similar presentations
Encrypting Wireless Data with VPN Techniques
Advertisements

Internet Protocol Security (IP Sec)
Network Security.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures
Virtual Private Networks
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
1 © J. Liebeherr, All rights reserved Virtual Private Networks.
VPN TUNNELING PROTOCOLS PPTP, L2TP, L2TP/IPsec Ashkan Yousefpour Amirkabir University of Technology.
Overview of Routing and Remote Access Service (RRAS) When RRAS was implemented in Microsoft Windows NT 4.0, it added support for a number of features.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 23 Virtual Private Networks (VPNs)
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
WAN Technologies Dial-up modem connections
Secure Socket Layer (SSL)
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 Chapter 8 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Authentication and Access Control Chapter 13 Networking Essentials Spring, 2013.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Security fundamentals Topic 7 Securing network communications.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Click to edit Master subtitle style Chapter 13: Authentication and Access Control.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Virtual Private Networks
Virtual Private Networks
Virtual Private Network (VPN)
Microsoft Windows NT 4.0 Authentication Protocols
Remote Access Lecture 2.
Radius, LDAP, Radius used in Authenticating Users
Virtual Private Network (VPN)
Server-to-Client Remote Access and DirectAccess
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Presentation transcript:

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication

Topic A Topic A: Network access security methods Topic B: User authentication

Network Access Control Ensures that computers comply with security policies Network Access Protection (NAP) Overall NAC architecture

Access control lists MAC address filtering IP address and port filtering

VPN technologies Authentication Tunneling Encryption

VPN security models Authentication before connection Trusted delivery network Secure VPNs

VPN protocols PPTP L2TP IPSec SSL/TLS

PPTP vs. L2TP Encryption Authentication Data protocols Port

IPSec protocols Authentication Header (AH) Encapsulating Security Payload (ESP) IP Payload Compression Protocol (IPComp) Internet Key Exchange (IKE)

IPSec encryption Transport mode Tunnel mode

PPPoE Encapsulates PPP inside Ethernet frames Allows users to establish a secure connection from one computer to another Used to connect multiple users to the Internet through DSL and cable modem connections

Remote desktop services RDP (Remote Desktop Protocol) ICA (Independent Computing Architecture)

SSH Remote command-line access Server service and client program Native to Linux distributions SSH-2 –Transport layer –User Authentication layer –Connection layer

Activity A-1 Discussing network access security methods

Topic B Topic A: Network access security methods Topic B: User authentication

AAA Authentication Authorization Accounting

Authentication factors Something you know Something you have Something you are

One-factor authentication Something you know OR something you have OR something you are

Two-factor authentication Something you know PLUS –Something you have OR something you are

Three-factor authentication Something you know + something you have + something you are

Single sign-on User is authenticated to other resources based on strength of initial sign-on SSL, LDAP Windows Live ID, Microsoft Passport, Open ID

Kerberos Current version is 5 Provides authentication on physically insecure networks Freely available in U.S. and Canada Authenticates users over open multi- platform network using single login

Kerberos system components Principal Authentication server Ticket-granting server Key distribution center Realm Remote ticket-granting server

Kerberos data types Credentials Session key Authentication Ticket Ticket-granting ticket

Kerberos authentication process

CHAP

EAP PPP extension Used in wireless connections Can use token cards, one-time passwords, certificates, biometrics Runs over Data Link layers Defines formats –LEAP –EAP-TLS –EAP-FAST

PPPoE PPP encapsulated inside Ethernet frames Connects multiple uses to Internet

Mutual authentication Client and server authenticate to each other Also known as two-way authentication Trust other computer’s digital certificate Can block rogue services

Cryptography Science of encryption Encryption = convert to unreadable format Decryption = convert back to readable format Algorithm = procedure for encrypting or decrypting Cipher = encryption & decryption algorithm pair

ROT13 cipher

Keys Secret information used by cipher Symmetric = same key for encryption and decryption Asymmetric = differing keys for encryption and decryption Key sharing and management issues

Symmetric encryption in action

Public key cryptography Asymmetric Two keys –What one encrypts, only the other can decrypt –One kept private –One shared (public) Encryption process Keys mathematically related

Asymmetric encryption in action

Public key cryptography Mathematically difficult to derive private key from public key Data encrypted with public key can be decrypted with only private key Data encrypted with private key can be decrypted with only public key

Public key infrastructure Certificate authority (CA) Registration authority (RA) Certificate server

Setup and initialization phase Process components –Registration –Key pair generation –Certificate generation –Certificate dissemination

RADIUS Remote Authentication Dial-in User Service Client = network access server or device (e.g., wireless router) Server = AAA service provider

RADIUS authentication 1.User connects to NAS 2.RADIUS client requests authentication from server 3.User supplies logon credentials 4.Client encrypts and forwards to server 5.Server authenticates, returns message 6.Client receives message and acts –Accept –Reject –Challenge

TACACS+ Terminal Access Controller Access Control System –TACACS –XTACACS AAA functions

TACACS+ vs. RADIUS TCP rather than UDP Message body fully encrypted AAA services provided independently Flexible –Username/password, ARA, SLIP, PAP, CHAP, Telnet Multiprotocol –TCP/IP, AppleTalk, NetBIOS Novell Asyc Services Interface, X.25

802.1x Authentication protocol Device access control Works with RADIUS and TACACS+ Device roles –Supplicant (end-user device) –Authenticator –Authentication server

Activity B-1 Discussing methods of authenticating users

Unit summary Explained the methods of ensuring network access security Explained methods of user authentication

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.