Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.

Slides:



Advertisements
Similar presentations
Enabling Secure Internet Access with ISA Server
Advertisements

Network Security.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Implementing Security for Wireless Networks Presenter Name Job Title Company.
Security+ Guide to Network Security Fundamentals
Module 10: Configuring Virtual Private Network Access for Remote Clients and Networks.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Chapter 7 HARDENING SERVERS.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
Security Awareness: Applying Practical Security in Your World
802.1x EAP Authentication Protocols
11 WIRELESS SECURITY by Prof. Russell Jones. WIRELESS COMMUNICATION ISSUES  Wireless connections are becoming popular.  Network data is transmitted.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Lesson 10 – SECURING YOUR NETWORK Security devices Internal security External security Viruses and other malicious software OVERVIEW.
Top-Down Network Design Chapter Eight Developing Network Security Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.
Remote Networking Architectures
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Windows 2003 and 802.1x Secure Wireless Deployments.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
VPN Wireless Security at Penn State Rich Cropp Senior Systems Engineer Information Technology Services The Pennsylvania State University © All rights.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Mobile and Wireless Communication Security By Jason Gratto.
Module 8: Configuring Virtual Private Network Access for Remote Clients and Networks.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Securing Microsoft® Exchange Server 2010
Module 6: Configuring and Troubleshooting Routing and Remote Access
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Guide to Network Defense and Countermeasures Second Edition Chapter 10 Firewall Topology.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
70-411: Administering Windows Server 2012
Module 14: Configuring Server Security Compliance
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Module 11: Remote Access Fundamentals
Module 7 Planning Server and Network Security. Module Overview Overview of Defense-in-Depth Planning for Windows Firewall with Advanced Security Planning.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Module 11: Designing Security for Network Perimeters.
Module 9: Designing Security for Data. Overview Creating a Security Plan for Data Creating a Design for Security of Data.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Module 7: Implementing Security Using Group Policy.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Module 7: Designing Security for Accounts and Services.
LM/NTLMv1 Retirement Hosted by LSP Services.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Module 5: Designing Physical Security for Network Resources
Module 3: Enabling Access to Internet Resources
Configuring and Troubleshooting Routing and Remote Access
Implementing Client Security on Windows 2000 and Windows XP Level 150
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Module 8: Designing Security for Authentication

Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication

Lesson 1: Creating a Security Plan for Authentication MSF and Security of Authentication Defense in Depth and Security of Authentication Authentication Security STRIDE Threat Model and Security of Authentication Activity: Identifying Threats to Authentication

MSF and Security of Authentication The MSF envisioning and planning phases help you to: Decide which locations your plan will help to protect Consider all the authentication used in your environment: Operating systems Applications Remote access Decide which locations your plan will help to protect Consider all the authentication used in your environment: Operating systems Applications Remote access Plan Envision

Defense in Depth and Security of Authentication Policies, Procedures, and Awareness Physical Security Data Host Application Internal Network Perimeter

Authentication Security VulnerabilityText Passwords Passwords are transmitted in plaintext Password hashes are transmitted across the network Passwords are intercepted by Trojan horse applications Compatibility Older software uses weaker authentication methods Authentication protocols are weakened for use with other applications Incompatibility with non-Microsoft applications Encryption An application uses weak authentication Older operating systems use weaker authentication methods An attacker intercepts and relays authentication packets

STRIDE Threat Model and Security of Authentication An attacker intercepts and relays authentication packets Spoofing Passwords are transmitted in plaintext Tampering Authentication protocols are weakened for use with other applications Repudiation An application uses weak encryption Information disclosure Older software uses weak authentication methods Denial of service Incompatibility with non-Microsoft applications Elevation of privilege

Activity: Identifying Threats to Authentication In this practice you will: Read the scenario Answer the questions Discuss with the class Read the scenario Answer the questions Discuss with the class

Lesson 2: Creating a Design for Security of Authentication Determine Authentication Methods Considerations for Securing Authentication on a Network Considerations for Authenticating Web Users Considerations for Authenticating VPN Users What Is Multifactor Authentication? What Is RADIUS? Considerations for Authenticating Wireless Users Considerations for Authenticating Network Devices

To determine authentication requirements Analyze requirements for authentication security Identify compatibility requirements of operating systems Identify compatibility requirements of applications Identify authentication requirements of applications Design an implementation strategy Analyze requirements for authentication security Identify compatibility requirements of operating systems Identify compatibility requirements of applications Identify authentication requirements of applications Design an implementation strategy Determine Authentication Methods

When using the Kerberos version 5 authentication protocol, consider: Considerations for Securing Authentication on a Network Interoperability with Kerberos realms Time synchronization Interoperability with Kerberos realms Time synchronization When using the LAN Manager and NTLM authentication protocols, consider: Removing LAN Manager password hashes Configuring the LAN Manager compatibility level Removing LAN Manager password hashes Configuring the LAN Manager compatibility level

Considerations for Authenticating Web Users IIS authenticationConsiderations Anonymous authentication Uses a single account Does not require users to provide credentials Basic authentication Sends user names and passwords in plaintext Supported by all browsers Secure with SSL or TLS Digest authentication Uses a user name, a password, and a nonce Supported by all web browsers Advanced digest authentication Uses credentials stored as part of Active Directory Internet Explorer only Integrated Windows authentication Internet Explorer only Cannot be used with proxy servers or firewalls Windows Live ID Users create a single sign-in name and password for access to all Windows Live ID-enabled Web sites Certificate-based authentication Requires a PKI Does not require a user to enter a password

Considerations for Authenticating VPN Users VPN authentication Considerations CHAP Requires that passwords are stored with reversible authentication Is compatible using Macintosh and UNIX-based clients Disallows data encryption MS-CHAP Used by client computers running Windows 95 Supports only client computers running Microsoft applications MS-CHAPv2 Performs mutual authentication Installed by default EAP-TLS Requires a PKI Enables multifactor authentication RADIUS RADIUS servers can provide a proxy service to forward authentication requests

What Is Multifactor Authentication? FactorsExamples Pass code User name and password PIN Physical item Smart card Hardware or software token Personal characteristic Thumbprint Voice

What Is RADIUS? Network VPN Server VPN Server RADIUS Server VPN User User connects to VPN server VPN server sends credentials to RADIUS server for authentication

Considerations for Authenticating Wireless Users Wireless authentication Consideration WEP Uses a shared key to control access Uses same key as a base for encrypting traffic MAC filtering Allows only a predefined group of client computers to access the network WPA or WPA2 Uses TKIP to continually change key, unlike WEP Can use a pre-shared key WPA2 uses stronger encryption algorithm PEAP A one-way authentication scheme that uses TLS to create an encrypted channel from the authentication server Does not require a PKI EAP-TLS Requires a PKI Provides mutual authentication

Considerations for Authenticating Network Devices To design user authentication for network devices, determine: How user accounts and passwords are stored How to integrate the authentication protocol with Windows-based computers How credentials are transmitted across the network How you can audit authentication How user accounts and passwords are stored How to integrate the authentication protocol with Windows-based computers How credentials are transmitted across the network How you can audit authentication

Lab: Designing Security for Authentication Exercise 1 Identifying Potential Authentication Vulnerabilities Exercise 2 Implementing Countermeasures

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.