11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Security Data Transmission and Authentication
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
IT:Network:Apps.  RRAS does nice job of routing ◦ NAT is nice ◦ BASIC firewall ok but somewhat weak  Communication on network (WS to SRV) is in clear.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
IP Security: Security Across the Protocol Stack. IP Security There are some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS.
Hands-On Microsoft Windows Server 2003 Networking Chapter 9 IP Security.
Securing Network Communications Using IPSec Chapter Twelve.
Designing a Security Infrastructure Chapter Thirteen.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 10: Planning and Managing IP Security.
Wireless Security Rick Anderson Pat Demko. Wireless Medium Open medium Broadcast in every direction Anyone within range can listen in No Privacy Weak.
Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.
11 SECURING A NETWORK INFRASTRUCTURE Chapter 7. Chapter 7: SECURING A NETWORK INFRASTRUCTURE2 OVERVIEW  List the criteria for selecting operating systems.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
K. Salah1 Security Protocols in the Internet IPSec.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 27 November 23, 2004.
Securing Access to Data Using IPsec Josh Jones Cosc352.
Security Data Transmission and Authentication Lesson 9.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
11 SECURING NETWORK TRAFFIC WITH IPSEC Chapter 6.
IPSec Detailed Description and VPN
Chapter 18 IP Security  IP Security (IPSec)
SECURING NETWORK TRAFFIC WITH IPSEC
Module 8: Securing Network Traffic by Using IPSec and Certificates
Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls
Module 8: Securing Network Traffic by Using IPSec and Certificates
Lecture 36.
Lecture 36.
Presentation transcript:

11 SECURING NETWORK COMMUNICATION Chapter 9

Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications.  Describe the functions of Internet Protocol Security (IPSec).  Understand the functions and architecture of the IPSec protocols.  List the components of a Microsoft Windows Server 2003 IPSec implementation.  List the default IPSec policies included in Windows Server 2003 and their applications.  List the major threats to network communications.  Describe the functions of Internet Protocol Security (IPSec).  Understand the functions and architecture of the IPSec protocols.  List the components of a Microsoft Windows Server 2003 IPSec implementation.  List the default IPSec policies included in Windows Server 2003 and their applications.

Chapter 9: SECURING NETWORK COMMUNICATION3 OVERVIEW (CONTINUED)  Understand the functions of an IPSec policy’s components.  Use the IP Security Policies snap-in to manage IPSec policies.  List the standards that define common wireless local area network (WLAN) technologies.  Describe the security problems inherent in wireless networking.  List the mechanisms that WLANs running IEEE based on the Microsoft Windows operating system can use to authenticate clients and encrypt transmitted data.  Understand the functions of an IPSec policy’s components.  Use the IP Security Policies snap-in to manage IPSec policies.  List the standards that define common wireless local area network (WLAN) technologies.  Describe the security problems inherent in wireless networking.  List the mechanisms that WLANs running IEEE based on the Microsoft Windows operating system can use to authenticate clients and encrypt transmitted data.

Chapter 9: SECURING NETWORK COMMUNICATION4 PLANNING AN IPSec IMPLEMENTATION  Network traffic normally traverses the network unencrypted.  If someone captures traffic from the network, it can be easily viewed.  IPSec extensions are a means of securing the actual network communications.  Network traffic normally traverses the network unencrypted.  If someone captures traffic from the network, it can be easily viewed.  IPSec extensions are a means of securing the actual network communications.

Chapter 9: SECURING NETWORK COMMUNICATION5 POTENTIAL THREATS

Chapter 9: SECURING NETWORK COMMUNICATION6 INTRODUCING NETWORK SECURITY PROTOCOLS Area of Network Security PurposeProtocols AuthenticationTo prove you are who you say you are Kerberos and NTLM AuthorizationTo determine what you can do on the network after you have authenticated Kerberos and NTLM ConfidentialityTo keep data secretEncryption components of Kerberos, NTLM, and IPSec IntegrityTo ensure that the data received is the same data that is sent Components of Kerberos, NTLM, and IPSec NonrepudiationTo determine exactly who sent and received the message Kerberos and IPSec

Chapter 9: SECURING NETWORK COMMUNICATION7 PROTECTING DATA WITH IPSec  IPSec protects data by digitally signing and encrypting it before transmission.  IPSec operates as an extension to Internet Protocol (IP) and provides end-to-end encryption.  IPSec can encrypt any traffic that takes the form of IP datagrams, no matter what kind of information is inside them.  IPSec protects data by digitally signing and encrypting it before transmission.  IPSec operates as an extension to Internet Protocol (IP) and provides end-to-end encryption.  IPSec can encrypt any traffic that takes the form of IP datagrams, no matter what kind of information is inside them.

Chapter 9: SECURING NETWORK COMMUNICATION8 IPSec FUNCTIONS  IPSec performs a number of security functions, including key generation, cryptographic checksums, mutual authentication, replay prevention, and IP packet filtering.  Using IPSec prevents viewing, changing, or deleting data in a packet.  IPSec also prevents IP address spoofing.  IPSec performs a number of security functions, including key generation, cryptographic checksums, mutual authentication, replay prevention, and IP packet filtering.  Using IPSec prevents viewing, changing, or deleting data in a packet.  IPSec also prevents IP address spoofing.

Chapter 9: SECURING NETWORK COMMUNICATION9 IPSec PROTOCOLS The IPSec standards define two protocols:  IP Authentication Header (AH)  IP Encapsulating Security Payload (ESP) The IPSec standards define two protocols:  IP Authentication Header (AH)  IP Encapsulating Security Payload (ESP)

Chapter 9: SECURING NETWORK COMMUNICATION10 IP AUTHENTICATION HEADER IP Authentication Header protocol:  Does not encrypt the data in IP packets, but it does provide authentication, anti- replay, and integrity services  Ensures that no one has modified the packets en route, and that the packets did actually originate at the system identified by the packet’s source IP address IP Authentication Header protocol:  Does not encrypt the data in IP packets, but it does provide authentication, anti- replay, and integrity services  Ensures that no one has modified the packets en route, and that the packets did actually originate at the system identified by the packet’s source IP address

Chapter 9: SECURING NETWORK COMMUNICATION11 IP ENCAPSULATING SECURITY PAYLOAD:  IP Encapsulating Security Payload  Prevents unauthorized people from being able to read information in packets by encrypting the data  Provides authentication, integrity, and antireplay services  Although AH and ESP perform some of the same functions, using both protocols provides the maximum possible security for a data transmission.  IP Encapsulating Security Payload  Prevents unauthorized people from being able to read information in packets by encrypting the data  Provides authentication, integrity, and antireplay services  Although AH and ESP perform some of the same functions, using both protocols provides the maximum possible security for a data transmission.

Chapter 9: SECURING NETWORK COMMUNICATION12 TRANSPORT MODE AND TUNNEL MODE  IPSec can operate in two modes: transport mode and tunnel mode.  Transport mode is used between IPSec- enabled computers.  Tunnel mode is used between IPSec- enabled routers.  IPSec can operate in two modes: transport mode and tunnel mode.  Transport mode is used between IPSec- enabled computers.  Tunnel mode is used between IPSec- enabled routers.

Chapter 9: SECURING NETWORK COMMUNICATION13 DEPLOYING IPSec  All versions of the Windows operating system since Windows 2000 support IPSec.  IPSec policies define when and how systems should use IPSec.  IPSec implementations on Windows Server 2003 should be compatible with IPSec implementations on other operating systems that conform to Internet Engineering Task Force (IETF) standards.  All versions of the Windows operating system since Windows 2000 support IPSec.  IPSec policies define when and how systems should use IPSec.  IPSec implementations on Windows Server 2003 should be compatible with IPSec implementations on other operating systems that conform to Internet Engineering Task Force (IETF) standards.

Chapter 9: SECURING NETWORK COMMUNICATION14 IPSec COMPONENTS IPSec in Windows Server 2003 consists of the following components:  IPSec policy agent  Internet Key Exchange (IKE)  IPSec driver IPSec in Windows Server 2003 consists of the following components:  IPSec policy agent  Internet Key Exchange (IKE)  IPSec driver

Chapter 9: SECURING NETWORK COMMUNICATION15 PLANNING AN IPSec DEPLOYMENT  Using IPSec creates additional network traffic.  Processor overhead associated with network communications also increases with IPSec deployment.  Backward compatibility must be considered because operating systems earlier than Windows 2000 do not support IPSec without the addition of third-party software.  Using IPSec creates additional network traffic.  Processor overhead associated with network communications also increases with IPSec deployment.  Backward compatibility must be considered because operating systems earlier than Windows 2000 do not support IPSec without the addition of third-party software.

Chapter 9: SECURING NETWORK COMMUNICATION16 WORKING WITH IPSec POLICIES  IPSec policies are administered through the IP Security Policies Microsoft Management Console (MMC) snap-in.  IPSec policies define which traffic must be secured and which actions are performed on traffic that does or does not meet criteria.  Three IPSec policies are created by default. More can be created as required.  IPSec policies are administered through the IP Security Policies Microsoft Management Console (MMC) snap-in.  IPSec policies define which traffic must be secured and which actions are performed on traffic that does or does not meet criteria.  Three IPSec policies are created by default. More can be created as required.

Chapter 9: SECURING NETWORK COMMUNICATION17 USING THE DEFAULT IPSec POLICIES

Chapter 9: SECURING NETWORK COMMUNICATION18 MODIFYING IPSec POLICIES IPSec policies consist of three elements:  Rules  IP filter lists  Filter actions IPSec policies consist of three elements:  Rules  IP filter lists  Filter actions

Chapter 9: SECURING NETWORK COMMUNICATION19 COMMAND-LINE TOOLS  Netsh.exe  Netdiag.exe  Netsh.exe  Netdiag.exe

Chapter 9: SECURING NETWORK COMMUNICATION20 TROUBLESHOOTING IPSec There are two ways to ensure that IPSec is functioning:  Perform a packet capture of the network traffic.  Check the statistics node of the IPSec monitor. There are two ways to ensure that IPSec is functioning:  Perform a packet capture of the network traffic.  Check the statistics node of the IPSec monitor.

Chapter 9: SECURING NETWORK COMMUNICATION21 THE IP SECURITY MONITOR

Chapter 9: SECURING NETWORK COMMUNICATION22 TROUBLESHOOT IPSec AUTHENTICATION There are three methods used to authenticate an IPSec connection:  Preshared key authentication  Kerberos authentication  Certificate-based authentication There are three methods used to authenticate an IPSec connection:  Preshared key authentication  Kerberos authentication  Certificate-based authentication

Chapter 9: SECURING NETWORK COMMUNICATION23 SECURING A WIRELESS NETWORK  Wireless networks are becoming increasingly popular.  Related hardware is becoming more affordable.  Wireless networks present more and different security challenges than their wired counterparts.  Wireless networks are becoming increasingly popular.  Related hardware is becoming more affordable.  Wireless networks present more and different security challenges than their wired counterparts.

Chapter 9: SECURING NETWORK COMMUNICATION24 UNDERSTANDING WIRELESS NETWORKING STANDARDS  Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).  Three standards have been defined:  b: Offers speeds up to 11 megabits per second (Mbps)  a: In development. Uses different frequency ranges than b. Offers speeds up to 54 Mbps  g: Uses the same frequency ranges as b. Offers speeds up to 54 Mbps  Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).  Three standards have been defined:  b: Offers speeds up to 11 megabits per second (Mbps)  a: In development. Uses different frequency ranges than b. Offers speeds up to 54 Mbps  g: Uses the same frequency ranges as b. Offers speeds up to 54 Mbps

Chapter 9: SECURING NETWORK COMMUNICATION25 WIRELESS NETWORKING TOPOLOGIES

Chapter 9: SECURING NETWORK COMMUNICATION26 UNDERSTANDING WIRELESS NETWORK SECURITY  Wireless networks present security risks that are not present when using traditional wired networks.  Logical security becomes of paramount concern because physical security measures are not necessarily preventative.  Two main concerns when using wireless networks are unauthorized access and data interception.  Wireless networks present security risks that are not present when using traditional wired networks.  Logical security becomes of paramount concern because physical security measures are not necessarily preventative.  Two main concerns when using wireless networks are unauthorized access and data interception.

Chapter 9: SECURING NETWORK COMMUNICATION27 CONTROLLING WIRELESS ACCESS USING GROUP POLICIES

Chapter 9: SECURING NETWORK COMMUNICATION28 AUTHENTICATING USERS  Open System authentication  Shared Key authentication  IEEE 802.1x authentication  Open System authentication  Shared Key authentication  IEEE 802.1x authentication

Chapter 9: SECURING NETWORK COMMUNICATION29 OPEN SYSTEM AUTHENTICATION  Open System authentication is the default authentication method used by IEEE devices.  Despite the name, it offers no actual authentication.  A device configured to use Open System authentication will not refuse authentication to another device.  Open System authentication is the default authentication method used by IEEE devices.  Despite the name, it offers no actual authentication.  A device configured to use Open System authentication will not refuse authentication to another device.

Chapter 9: SECURING NETWORK COMMUNICATION30 SHARED KEY AUTHENTICATION  Devices authenticate each other using a secret key that both possess.  The key is shared before authentication using a secure channel.  All the computers in the same basic service set (BSS) must possess the same key.  Devices authenticate each other using a secret key that both possess.  The key is shared before authentication using a secure channel.  All the computers in the same basic service set (BSS) must possess the same key.

Chapter 9: SECURING NETWORK COMMUNICATION31 IEEE 802.1x AUTHENTICATION  The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 local area network (LAN).  Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.  RADIUS typically uses one of the following two authentication protocols:  Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)  Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS- CHAP v2)  The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 local area network (LAN).  Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.  RADIUS typically uses one of the following two authentication protocols:  Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)  Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS- CHAP v2)

Chapter 9: SECURING NETWORK COMMUNICATION32 ENCRYPTING WIRELESS TRAFFIC  The IEEE standard uses an encryption mechanism called WEP to secure data while in transit.  WEP uses the RC4 cryptographic algorithm developed by RSA Security Inc.  WEP allows the key length, as well as the frequency with which the computers generate new keys, to be configured.  The IEEE standard uses an encryption mechanism called WEP to secure data while in transit.  WEP uses the RC4 cryptographic algorithm developed by RSA Security Inc.  WEP allows the key length, as well as the frequency with which the computers generate new keys, to be configured.

Chapter 9: SECURING NETWORK COMMUNICATION33 SUMMARY  IPSec is a set of extensions to IP that provide protection for data as it is transmitted over the network.  IPSec can operate in transport mode or tunnel mode.  The IPSec implementation in Windows Server 2003 consists of the IPSec policy agent, IKE, and the IPSec driver.  Windows Server 2003 IPSec has three default policies. You can use these policies or create your own.  IPSec policies consist of rules, IP filter lists, and filter actions. A rule is a combination of an IP filter list and a filter action.  IPSec is a set of extensions to IP that provide protection for data as it is transmitted over the network.  IPSec can operate in transport mode or tunnel mode.  The IPSec implementation in Windows Server 2003 consists of the IPSec policy agent, IKE, and the IPSec driver.  Windows Server 2003 IPSec has three default policies. You can use these policies or create your own.  IPSec policies consist of rules, IP filter lists, and filter actions. A rule is a combination of an IP filter list and a filter action.

Chapter 9: SECURING NETWORK COMMUNICATION34 SUMMARY (CONTINUED)  Incompatible configuration settings are a common cause of IPSec communication problems.  Most WLANs in use today are based on the standards published by the IEEE.  To secure a wireless network, you must authenticate clients before they are granted network access and encrypt all packets transmitted over the wireless link.  To authenticate IEEE wireless network clients, you can use Open System authentication, Shared Key authentication, or IEEE 802.1x.  To encrypt transmitted packets, the IEEE standard defines the WEP mechanism.  Incompatible configuration settings are a common cause of IPSec communication problems.  Most WLANs in use today are based on the standards published by the IEEE.  To secure a wireless network, you must authenticate clients before they are granted network access and encrypt all packets transmitted over the wireless link.  To authenticate IEEE wireless network clients, you can use Open System authentication, Shared Key authentication, or IEEE 802.1x.  To encrypt transmitted packets, the IEEE standard defines the WEP mechanism.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.