Chapter 13: Security Protocols

advertisement
Chapter 13: Security Protocols
Chapter Outline
1. On the Test
2.13: Identify the following security protocols and describe their purpose and
function: IPSec; L2TP; SSL; Kerberos.
2. Internet Protocol Security (IPSec)
a. IPSec is an IETF standard designed to provide secure communication
across both public and private networks.
b. IPSec can deter several types of threats, including denial-of-service,
identity spoofing, and packet sniffing.
3. How IPSec Works
a. IPSec relies on key management functions through the use of Internet Key
Exchange (IKE).
b. IKE provides the exchange of the required key types between the source
and destination machines that will allow identification and authentication.
c. The key types supported by IPSec are:
i. Pre-shared keys: same key installed on source and destination
devices
ii. Public Key Cryptography: also known as PKI, requires a certificate
to generate a key pair (public key and private key).
iii. Digital signatures: allows a sending device to add digital code to a
transmission, thus “sealing” the transmission.
d. Two types of headers are used with IPSec:
i. Authentication header (AH): provides data integrity
ii. Encapsulating security payload (ESP): provides data integrity and
confidentiality.
4. IPSec Modes of Operation
a. Transport Mode
i. IPSec in transport mode encrypts the payload of the packet only.
ii. Original IP headers remain intact with correct information.
Intervening devices know the real addresses of the source and
destination.
b. Tunnel Mode
i. Tunnel mode allows the entire datagram to be encrypted.
ii. The real source and destination addresses are hidden, replaced by
the source and destination addresses of the routers that handle the
process.
iii. End systems do not need any configuration when deploying IPSec
in tunnel mode.
5. Virtual Private Networks (VPNs)
a. The VPN is a transmission between two systems that makes use of the
public infrastructure as the medium for transmission, thus extending the
boundary of the private network.
b. VPNs rely on tunneling to create a safe transmission.
c. The tunneling protocol “wraps’ the packet (often just the header), creating
a virtual tunnel through which the data can be transmitted.
d. The encapsulation provides the needed routing information.
e. VPN transmissions usually contain an encrypted payload.
f. The advantages of VPNs include:
i. safety of transmission
ii. flexibility in the business environment
iii. lower transmission costs
iv. lower administrative overhead
6. Point-to-Point Tunneling Protocol
a. PPTP is built on the foundation of PPP used for remote access
connections.
b. Transmissions are subject to setup negotiation, authentication, and errorchecking.
c. PPTP supports a multiprotocol environment, using IP as the transport
protocol, but allowing other protocols (IPX, NetBEUI) to be used for
communication on the remote network.
d. PPTP uses MPPE as its encryption protocol on Microsoft networks.
e. PPTP supports 40-bit, 56-bit, and 128-bit encryption schemes
7. Layer 2 Tunneling Protocol
a. L2TP is a relatively new tunneling protocol, built by combining
Microsoft’s PPTP and Cisco’s L2F protocols.
b. L2TP uses a single 56-bit key as its encryption scheme or Triple DES
(three 56-bit keys)
8. Deploying L2TP and IPSec on the Network
a. L2TP and IPSec are used together on Microsoft networks to provide
secure communications over the Internet or intranet.
b. When combined, L2TP provides the tunnel and IPSec provides the
payload encryption necessary for security
c. To communicate using L2TP/IPSec, both the source and destination
devices must understand the mechanisms and be configured to use them.
9. Secure Sockets Layer (SSL)
a. Secure Sockets Layer (SSL) is a protocol that has been designed to
provide a secure connection over an insecure network, such as the
Internet.
b. SSL runs above the TCP/IP protocol and below some of the higher-level
protocols such as Hypertext Transfer Protocol (HTTP) and File Transfer
Protocol (FTP).
c. SSL uses a series of keys, public and private, to encrypt the data that is
transported across the secure connection.
d. The RSA algorithm, or cipher, is a commonly used encryption and
authentication algorithm that includes the use of a digital certificate.
e. The public key is made available to whoever needs it while the private key
is stored in a central location and never made public.
f. Data that is encrypted with the public key can be decrypted only with the
private key.
10. SSL Server Authentication
a. SSL server authentication allows a client computer to identify the server
that it is talking with.
b. A client using SSL-enabled software uses a public key to verify that the
server’s certificate and public ID are correct and valid, and that they have
been issued by a certificate authority (CA) that is listed on the client’s list
of trusted CAs.
11. SSL Client Authentication
a. SSL client authentication is used to verify the client’s identity.
b. SSL-enabled server software checks the client’s certificate and public ID
to ensure they are correct and valid and that they have been issued by a
CA listed on the server’s list of trusted CAs.
12. Encrypted SSL Connection
a. The encrypted SSL connection ensures that all of the information
transferred between the SSL-enabled client and SSL-enabled server are
encrypted and decrypted during transmission
b. All of the data transmitted across the connection contains a mechanism to
detect tampering, so the data can be checked to see if it was altered during
the transfer process.
13. SSL Sub-Protocols
The SSL protocol includes two sub-protocols, SSL record protocol and the
SSL handshake protocol.
14. The SSL Record Protocol
a. The SSL Record protocol is used to define the message format that is used
to transmit encrypted data.
b. The record protocol uses a series of algorithms that are generated by the
handshaking process to encrypt the transmitted data.
15. The SSL Handshake Protocol
a. An SSL session begins with the SSL handshake process.
b. The handshake process is an exchange of messages that the server uses to
authenticate itself to the client using a public key.
c. The client and the server cooperate to create symmetric keys that will be
used for the encryption, decryption, and tamper-detection processes that
occur during data transmission.
d. If necessary, the handshake process will also allow the client to
authenticate itself to the server.
16. Man-in-the-Middle Attack
The "man in the middle" is a rogue program that intercepts all communication
between the client and a server during an SSL session.
17. Kerberos
a. Kerberos is a secure network system, using strong encryption processes
that are designed to provide authentication for users and services that need
to communicate and be validated on a network.
b. Kerberos provides a way for these users and network services to prove
their identity in order to gain access to other network resources.
c. Kerberos works through the use of encrypted tickets, and several server
processes that run on one or more third-party trusted servers.
d. The principals and the Kerberos server all share a secret password.
e. This secret password is then used by the users and services to verify that
messages they receive are authentic
18. Understanding the Kerberos Process
a. Begin the process by requesting authentication from the third-party,
trusted Kerberos server.
b. This Authentication Server (AS) will create a session key, commonly
referred to as a “ticket-granting ticket” (TGT).
c. Once you have the TGT, it must be sent to a ticket-granting server (TGS).
d. The TGS verifies the ticket; time stamps it, and returns it to the principal
that submitted it.
e. Once the ticket has been returned by the TGS, it can be submitted to the
service you are trying to access.
f. The service can accept the ticket, allowing you to access the server, or it
can reject it, denying you access.
g. Since the ticket was time stamped by the TGS, it is valid for more than
one session.
h. Kerberos is the default encryption and security system used with
Microsoft Windows 2000 operating systems.
Download