Networking Fundamentals, 3rd Edition page 461

Copyright Goodheart-Willcox Co., Inc. 461 Chapter 15 Network Security sociated with TCP/IP port 22. It requires the use of a private and a public key as well as a password. Th e r commands do not require a password, but they do need to be issued by the root user. While the r commands require root privileges, which provide a level of system security, many security experts do not consider this a sophisticated means of authentication. Today, the open-source SSH protocol can be used on any operating system that supports the TCP/IP suite. Th is means SSH can be used on Microsoft and Mac OS. Microsoft does not directly support SSH because it uses its own security mecha- nisms. However, a third-party software program that supports SSH can be installed. Secure Copy Protocol (SCP) Secure Copy Protocol (SCP) provides a secure way of transferring fi les between computers. It is the replacement for rcp. Similar to anonymous FTP, the rcp com- mand does not require a password. Recall from Chapter 13 that an anonymous FTP site allows anyone to access the site and download or upload fi les. SSH, SCP, and SFTP are all issued as commands in the Unix/Linux environment. Linux commands are case-sensitive, so they must be issued in lowercase form, such as ssh, scp, and sftp. Th ere are third-party GUI programs that incorporate the open source SSH, SCP, and SFTP protocols so that the user does not need to issue text commands at the command prompt. Network+ Note The letters SFTP can represent two different acronyms in networking: Secure File Transfer Protocol and Simple File Transfer Protocol. Secure File Transfer Protocol usually uses the acronym S/FTP, but not always. S/FTP is actually a software program rather than a true protocol. When asked a question about SFTP, look at the context of the question for clues. 1.1 NET Wireless Security Wireless devices are inherently insecure because the wireless medium, the radio wave, is an unbound medium. Wired networks can be installed inside walls, ceilings, fl oors, and metal conduits, which provide a degree of physical security. Someone at- tempting to tap into a wired network would at least need to access the inside of the building. A wireless network can extend beyond the physical limits of a building. Th is means that anyone can automatically have physical access to the network without entering the building if certain security measures are not set in place. For example, a small wireless network may have no security enabled or have only limited security provided by a wireless access point (WAP). Although it is becoming less common, attackers sometimes will engage in war driving. War driving is the process of driving around looking for a Wi-Fi network that is vulnerable to infi ltration. It can be useful to scan your own wireless network with a Wi-Fi analyzer to determine if vulnerabilities exist. Th e original solution to wireless network security involves three mechanisms: service set identifi er (SSID), media access control (MAC) fi ltering, and Wired Equiv- alent Privacy (WEP). Wireless network security has evolved at a remarkable rate. In less than seven years, four major security implementations have been developed: WPA, WPA2, 802.1x, and 802.11i. Th is section covers the original solution to wireless network security, SSID, MAC fi ltering, and WEP, plus the most recent security imple- mentations, WPA, WPA2, 802.1x, and 802.11i. 4.2 NET 4.4, 5.2 NET 4.2 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 461 (483 of 720)

Resources and Downloads

Help