Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

Published byJane Osborne Modified over 8 years ago

Similar presentations

Presentation on theme: "11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. "— Presentation transcript:

1 11 SECURING NETWORK COMMUNICATION Chapter 9

2 Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications.  Describe the functions of Internet Protocol Security (IPSec).  Understand the functions and architecture of the IPSec protocols.  List the components of a Microsoft Windows Server 2003 IPSec implementation.  List the default IPSec policies included in Windows Server 2003 and their applications.  List the major threats to network communications.  Describe the functions of Internet Protocol Security (IPSec).  Understand the functions and architecture of the IPSec protocols.  List the components of a Microsoft Windows Server 2003 IPSec implementation.  List the default IPSec policies included in Windows Server 2003 and their applications.

3 Chapter 9: SECURING NETWORK COMMUNICATION3 OVERVIEW (CONTINUED)  Understand the functions of an IPSec policy’s components.  Use the IP Security Policies snap-in to manage IPSec policies.  List the standards that define common wireless local area network (WLAN) technologies.  Describe the security problems inherent in wireless networking.  List the mechanisms that WLANs running IEEE 802.11 based on the Microsoft Windows operating system can use to authenticate clients and encrypt transmitted data.  Understand the functions of an IPSec policy’s components.  Use the IP Security Policies snap-in to manage IPSec policies.  List the standards that define common wireless local area network (WLAN) technologies.  Describe the security problems inherent in wireless networking.  List the mechanisms that WLANs running IEEE 802.11 based on the Microsoft Windows operating system can use to authenticate clients and encrypt transmitted data.

4 Chapter 9: SECURING NETWORK COMMUNICATION4 PLANNING AN IPSec IMPLEMENTATION  Network traffic normally traverses the network unencrypted.  If someone captures traffic from the network, it can be easily viewed.  IPSec extensions are a means of securing the actual network communications.  Network traffic normally traverses the network unencrypted.  If someone captures traffic from the network, it can be easily viewed.  IPSec extensions are a means of securing the actual network communications.

5 Chapter 9: SECURING NETWORK COMMUNICATION5 POTENTIAL THREATS

6 Chapter 9: SECURING NETWORK COMMUNICATION6 INTRODUCING NETWORK SECURITY PROTOCOLS Area of Network Security PurposeProtocols AuthenticationTo prove you are who you say you are Kerberos and NTLM AuthorizationTo determine what you can do on the network after you have authenticated Kerberos and NTLM ConfidentialityTo keep data secretEncryption components of Kerberos, NTLM, and IPSec IntegrityTo ensure that the data received is the same data that is sent Components of Kerberos, NTLM, and IPSec NonrepudiationTo determine exactly who sent and received the message Kerberos and IPSec

7 Chapter 9: SECURING NETWORK COMMUNICATION7 PROTECTING DATA WITH IPSec  IPSec protects data by digitally signing and encrypting it before transmission.  IPSec operates as an extension to Internet Protocol (IP) and provides end-to-end encryption.  IPSec can encrypt any traffic that takes the form of IP datagrams, no matter what kind of information is inside them.  IPSec protects data by digitally signing and encrypting it before transmission.  IPSec operates as an extension to Internet Protocol (IP) and provides end-to-end encryption.  IPSec can encrypt any traffic that takes the form of IP datagrams, no matter what kind of information is inside them.

8 Chapter 9: SECURING NETWORK COMMUNICATION8 IPSec FUNCTIONS  IPSec performs a number of security functions, including key generation, cryptographic checksums, mutual authentication, replay prevention, and IP packet filtering.  Using IPSec prevents viewing, changing, or deleting data in a packet.  IPSec also prevents IP address spoofing.  IPSec performs a number of security functions, including key generation, cryptographic checksums, mutual authentication, replay prevention, and IP packet filtering.  Using IPSec prevents viewing, changing, or deleting data in a packet.  IPSec also prevents IP address spoofing.

9 Chapter 9: SECURING NETWORK COMMUNICATION9 IPSec PROTOCOLS The IPSec standards define two protocols:  IP Authentication Header (AH)  IP Encapsulating Security Payload (ESP) The IPSec standards define two protocols:  IP Authentication Header (AH)  IP Encapsulating Security Payload (ESP)

10 Chapter 9: SECURING NETWORK COMMUNICATION10 IP AUTHENTICATION HEADER IP Authentication Header protocol:  Does not encrypt the data in IP packets, but it does provide authentication, anti- replay, and integrity services  Ensures that no one has modified the packets en route, and that the packets did actually originate at the system identified by the packet’s source IP address IP Authentication Header protocol:  Does not encrypt the data in IP packets, but it does provide authentication, anti- replay, and integrity services  Ensures that no one has modified the packets en route, and that the packets did actually originate at the system identified by the packet’s source IP address

11 Chapter 9: SECURING NETWORK COMMUNICATION11 IP ENCAPSULATING SECURITY PAYLOAD:  IP Encapsulating Security Payload  Prevents unauthorized people from being able to read information in packets by encrypting the data  Provides authentication, integrity, and antireplay services  Although AH and ESP perform some of the same functions, using both protocols provides the maximum possible security for a data transmission.  IP Encapsulating Security Payload  Prevents unauthorized people from being able to read information in packets by encrypting the data  Provides authentication, integrity, and antireplay services  Although AH and ESP perform some of the same functions, using both protocols provides the maximum possible security for a data transmission.

12 Chapter 9: SECURING NETWORK COMMUNICATION12 TRANSPORT MODE AND TUNNEL MODE  IPSec can operate in two modes: transport mode and tunnel mode.  Transport mode is used between IPSec- enabled computers.  Tunnel mode is used between IPSec- enabled routers.  IPSec can operate in two modes: transport mode and tunnel mode.  Transport mode is used between IPSec- enabled computers.  Tunnel mode is used between IPSec- enabled routers.

13 Chapter 9: SECURING NETWORK COMMUNICATION13 DEPLOYING IPSec  All versions of the Windows operating system since Windows 2000 support IPSec.  IPSec policies define when and how systems should use IPSec.  IPSec implementations on Windows Server 2003 should be compatible with IPSec implementations on other operating systems that conform to Internet Engineering Task Force (IETF) standards.  All versions of the Windows operating system since Windows 2000 support IPSec.  IPSec policies define when and how systems should use IPSec.  IPSec implementations on Windows Server 2003 should be compatible with IPSec implementations on other operating systems that conform to Internet Engineering Task Force (IETF) standards.

14 Chapter 9: SECURING NETWORK COMMUNICATION14 IPSec COMPONENTS IPSec in Windows Server 2003 consists of the following components:  IPSec policy agent  Internet Key Exchange (IKE)  IPSec driver IPSec in Windows Server 2003 consists of the following components:  IPSec policy agent  Internet Key Exchange (IKE)  IPSec driver

15 Chapter 9: SECURING NETWORK COMMUNICATION15 PLANNING AN IPSec DEPLOYMENT  Using IPSec creates additional network traffic.  Processor overhead associated with network communications also increases with IPSec deployment.  Backward compatibility must be considered because operating systems earlier than Windows 2000 do not support IPSec without the addition of third-party software.  Using IPSec creates additional network traffic.  Processor overhead associated with network communications also increases with IPSec deployment.  Backward compatibility must be considered because operating systems earlier than Windows 2000 do not support IPSec without the addition of third-party software.

16 Chapter 9: SECURING NETWORK COMMUNICATION16 WORKING WITH IPSec POLICIES  IPSec policies are administered through the IP Security Policies Microsoft Management Console (MMC) snap-in.  IPSec policies define which traffic must be secured and which actions are performed on traffic that does or does not meet criteria.  Three IPSec policies are created by default. More can be created as required.  IPSec policies are administered through the IP Security Policies Microsoft Management Console (MMC) snap-in.  IPSec policies define which traffic must be secured and which actions are performed on traffic that does or does not meet criteria.  Three IPSec policies are created by default. More can be created as required.

17 Chapter 9: SECURING NETWORK COMMUNICATION17 USING THE DEFAULT IPSec POLICIES

18 Chapter 9: SECURING NETWORK COMMUNICATION18 MODIFYING IPSec POLICIES IPSec policies consist of three elements:  Rules  IP filter lists  Filter actions IPSec policies consist of three elements:  Rules  IP filter lists  Filter actions

19 Chapter 9: SECURING NETWORK COMMUNICATION19 COMMAND-LINE TOOLS  Netsh.exe  Netdiag.exe  Netsh.exe  Netdiag.exe

20 Chapter 9: SECURING NETWORK COMMUNICATION20 TROUBLESHOOTING IPSec There are two ways to ensure that IPSec is functioning:  Perform a packet capture of the network traffic.  Check the statistics node of the IPSec monitor. There are two ways to ensure that IPSec is functioning:  Perform a packet capture of the network traffic.  Check the statistics node of the IPSec monitor.

21 Chapter 9: SECURING NETWORK COMMUNICATION21 THE IP SECURITY MONITOR

22 Chapter 9: SECURING NETWORK COMMUNICATION22 TROUBLESHOOT IPSec AUTHENTICATION There are three methods used to authenticate an IPSec connection:  Preshared key authentication  Kerberos authentication  Certificate-based authentication There are three methods used to authenticate an IPSec connection:  Preshared key authentication  Kerberos authentication  Certificate-based authentication

23 Chapter 9: SECURING NETWORK COMMUNICATION23 SECURING A WIRELESS NETWORK  Wireless networks are becoming increasingly popular.  Related hardware is becoming more affordable.  Wireless networks present more and different security challenges than their wired counterparts.  Wireless networks are becoming increasingly popular.  Related hardware is becoming more affordable.  Wireless networks present more and different security challenges than their wired counterparts.

24 Chapter 9: SECURING NETWORK COMMUNICATION24 UNDERSTANDING WIRELESS NETWORKING STANDARDS  Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).  Three standards have been defined:  802.11b: Offers speeds up to 11 megabits per second (Mbps)  802.11a: In development. Uses different frequency ranges than 802.11b. Offers speeds up to 54 Mbps  802.11g: Uses the same frequency ranges as 802.11b. Offers speeds up to 54 Mbps  Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE).  Three standards have been defined:  802.11b: Offers speeds up to 11 megabits per second (Mbps)  802.11a: In development. Uses different frequency ranges than 802.11b. Offers speeds up to 54 Mbps  802.11g: Uses the same frequency ranges as 802.11b. Offers speeds up to 54 Mbps

25 Chapter 9: SECURING NETWORK COMMUNICATION25 WIRELESS NETWORKING TOPOLOGIES

26 Chapter 9: SECURING NETWORK COMMUNICATION26 UNDERSTANDING WIRELESS NETWORK SECURITY  Wireless networks present security risks that are not present when using traditional wired networks.  Logical security becomes of paramount concern because physical security measures are not necessarily preventative.  Two main concerns when using wireless networks are unauthorized access and data interception.  Wireless networks present security risks that are not present when using traditional wired networks.  Logical security becomes of paramount concern because physical security measures are not necessarily preventative.  Two main concerns when using wireless networks are unauthorized access and data interception.

27 Chapter 9: SECURING NETWORK COMMUNICATION27 CONTROLLING WIRELESS ACCESS USING GROUP POLICIES

28 Chapter 9: SECURING NETWORK COMMUNICATION28 AUTHENTICATING USERS  Open System authentication  Shared Key authentication  IEEE 802.1x authentication  Open System authentication  Shared Key authentication  IEEE 802.1x authentication

29 Chapter 9: SECURING NETWORK COMMUNICATION29 OPEN SYSTEM AUTHENTICATION  Open System authentication is the default authentication method used by IEEE 802.11 devices.  Despite the name, it offers no actual authentication.  A device configured to use Open System authentication will not refuse authentication to another device.  Open System authentication is the default authentication method used by IEEE 802.11 devices.  Despite the name, it offers no actual authentication.  A device configured to use Open System authentication will not refuse authentication to another device.

30 Chapter 9: SECURING NETWORK COMMUNICATION30 SHARED KEY AUTHENTICATION  Devices authenticate each other using a secret key that both possess.  The key is shared before authentication using a secure channel.  All the computers in the same basic service set (BSS) must possess the same key.  Devices authenticate each other using a secret key that both possess.  The key is shared before authentication using a secure channel.  All the computers in the same basic service set (BSS) must possess the same key.

31 Chapter 9: SECURING NETWORK COMMUNICATION31 IEEE 802.1x AUTHENTICATION  The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 local area network (LAN).  Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.  RADIUS typically uses one of the following two authentication protocols:  Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)  Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS- CHAP v2)  The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 local area network (LAN).  Most IEEE 802.1x implementations use Remote Authentication Dial-In User Service (RADIUS) servers.  RADIUS typically uses one of the following two authentication protocols:  Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)  Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS- CHAP v2)

32 Chapter 9: SECURING NETWORK COMMUNICATION32 ENCRYPTING WIRELESS TRAFFIC  The IEEE 802.11 standard uses an encryption mechanism called WEP to secure data while in transit.  WEP uses the RC4 cryptographic algorithm developed by RSA Security Inc.  WEP allows the key length, as well as the frequency with which the computers generate new keys, to be configured.  The IEEE 802.11 standard uses an encryption mechanism called WEP to secure data while in transit.  WEP uses the RC4 cryptographic algorithm developed by RSA Security Inc.  WEP allows the key length, as well as the frequency with which the computers generate new keys, to be configured.

33 Chapter 9: SECURING NETWORK COMMUNICATION33 SUMMARY  IPSec is a set of extensions to IP that provide protection for data as it is transmitted over the network.  IPSec can operate in transport mode or tunnel mode.  The IPSec implementation in Windows Server 2003 consists of the IPSec policy agent, IKE, and the IPSec driver.  Windows Server 2003 IPSec has three default policies. You can use these policies or create your own.  IPSec policies consist of rules, IP filter lists, and filter actions. A rule is a combination of an IP filter list and a filter action.  IPSec is a set of extensions to IP that provide protection for data as it is transmitted over the network.  IPSec can operate in transport mode or tunnel mode.  The IPSec implementation in Windows Server 2003 consists of the IPSec policy agent, IKE, and the IPSec driver.  Windows Server 2003 IPSec has three default policies. You can use these policies or create your own.  IPSec policies consist of rules, IP filter lists, and filter actions. A rule is a combination of an IP filter list and a filter action.

34 Chapter 9: SECURING NETWORK COMMUNICATION34 SUMMARY (CONTINUED)  Incompatible configuration settings are a common cause of IPSec communication problems.  Most WLANs in use today are based on the 802.11 standards published by the IEEE.  To secure a wireless network, you must authenticate clients before they are granted network access and encrypt all packets transmitted over the wireless link.  To authenticate IEEE 802.11 wireless network clients, you can use Open System authentication, Shared Key authentication, or IEEE 802.1x.  To encrypt transmitted packets, the IEEE 802.11 standard defines the WEP mechanism.  Incompatible configuration settings are a common cause of IPSec communication problems.  Most WLANs in use today are based on the 802.11 standards published by the IEEE.  To secure a wireless network, you must authenticate clients before they are granted network access and encrypt all packets transmitted over the wireless link.  To authenticate IEEE 802.11 wireless network clients, you can use Open System authentication, Shared Key authentication, or IEEE 802.1x.  To encrypt transmitted packets, the IEEE 802.11 standard defines the WEP mechanism.

Download ppt "11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. "

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
K. Salah1 Security Protocols in the Internet IPSec.

K. Salah1 Security Protocols in the Internet IPSec.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Security Data Transmission and Authentication

Security Data Transmission and Authentication
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec
Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Protocol Basics. IPSec Provides two modes of protection –Tunnel Mode –Transport Mode Authentication and Integrity Confidentiality Replay Protection.

Similar presentations

Ads by Google