Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.

Published byScott Bates Modified over 8 years ago

Similar presentations

Presentation on theme: "Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication."— Presentation transcript:

1 Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication

2 Topic A Topic A: Network access security methods Topic B: User authentication

3 Network Access Control Ensures that computers comply with security policies Network Access Protection (NAP) Overall NAC architecture

4 Access control lists MAC address filtering IP address and port filtering

5 VPN technologies Authentication Tunneling Encryption

6 VPN security models Authentication before connection Trusted delivery network Secure VPNs

7 VPN protocols PPTP L2TP IPSec SSL/TLS

8 PPTP vs. L2TP Encryption Authentication Data protocols Port

9 IPSec protocols Authentication Header (AH) Encapsulating Security Payload (ESP) IP Payload Compression Protocol (IPComp) Internet Key Exchange (IKE)

10 IPSec encryption Transport mode Tunnel mode

11 PPPoE Encapsulates PPP inside Ethernet frames Allows users to establish a secure connection from one computer to another Used to connect multiple users to the Internet through DSL and cable modem connections

12 Remote desktop services RDP (Remote Desktop Protocol) ICA (Independent Computing Architecture)

13 SSH Remote command-line access Server service and client program Native to Linux distributions SSH-2 –Transport layer –User Authentication layer –Connection layer

14 Activity A-1 Discussing network access security methods

15 Topic B Topic A: Network access security methods Topic B: User authentication

16 AAA Authentication Authorization Accounting

17 Authentication factors Something you know Something you have Something you are

18 One-factor authentication Something you know OR something you have OR something you are

19 Two-factor authentication Something you know PLUS –Something you have OR something you are

20 Three-factor authentication Something you know + something you have + something you are

21 Single sign-on User is authenticated to other resources based on strength of initial sign-on SSL, LDAP Windows Live ID, Microsoft Passport, Open ID

22 Kerberos Current version is 5 Provides authentication on physically insecure networks Freely available in U.S. and Canada Authenticates users over open multi- platform network using single login

23 Kerberos system components Principal Authentication server Ticket-granting server Key distribution center Realm Remote ticket-granting server

24 Kerberos data types Credentials Session key Authentication Ticket Ticket-granting ticket

25 Kerberos authentication process

26 CHAP

27 EAP PPP extension Used in wireless connections Can use token cards, one-time passwords, certificates, biometrics Runs over Data Link layers Defines formats –LEAP –EAP-TLS –EAP-FAST

28 PPPoE PPP encapsulated inside Ethernet frames Connects multiple uses to Internet

29 Mutual authentication Client and server authenticate to each other Also known as two-way authentication Trust other computer’s digital certificate Can block rogue services

30 Cryptography Science of encryption Encryption = convert to unreadable format Decryption = convert back to readable format Algorithm = procedure for encrypting or decrypting Cipher = encryption & decryption algorithm pair

31 ROT13 cipher

32 Keys Secret information used by cipher Symmetric = same key for encryption and decryption Asymmetric = differing keys for encryption and decryption Key sharing and management issues

33 Symmetric encryption in action

34 Public key cryptography Asymmetric Two keys –What one encrypts, only the other can decrypt –One kept private –One shared (public) Encryption process Keys mathematically related

35 Asymmetric encryption in action

36 Public key cryptography Mathematically difficult to derive private key from public key Data encrypted with public key can be decrypted with only private key Data encrypted with private key can be decrypted with only public key

37 Public key infrastructure Certificate authority (CA) Registration authority (RA) Certificate server

38 Setup and initialization phase Process components –Registration –Key pair generation –Certificate generation –Certificate dissemination

39 RADIUS Remote Authentication Dial-in User Service Client = network access server or device (e.g., wireless router) Server = AAA service provider

40 RADIUS authentication 1.User connects to NAS 2.RADIUS client requests authentication from server 3.User supplies logon credentials 4.Client encrypts and forwards to server 5.Server authenticates, returns message 6.Client receives message and acts –Accept –Reject –Challenge

41 TACACS+ Terminal Access Controller Access Control System –TACACS –XTACACS AAA functions

42 TACACS+ vs. RADIUS TCP rather than UDP Message body fully encrypted AAA services provided independently Flexible –Username/password, ARA, SLIP, PAP, CHAP, Telnet Multiprotocol –TCP/IP, AppleTalk, NetBIOS Novell Asyc Services Interface, X.25

43 802.1x Authentication protocol Device access control Works with RADIUS and TACACS+ Device roles –Supplicant (end-user device) –Authenticator –Authentication server

44 Activity B-1 Discussing methods of authenticating users

45 Unit summary Explained the methods of ensuring network access security Explained methods of user authentication

Download ppt "Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Network Security.

Network Security.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.

VPN – Virtual Private Networking. VPN A Virtual Private Network (VPN) connects the components of one network over another network. VPNs accomplish this.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Remote Networking Architectures

Remote Networking Architectures
Virtual Private Networks

Virtual Private Networks

Similar presentations

Ads by Google