Networking Fundamentals, 3rd Edition Page 489 (511 of 720)

Copyright Goodheart-Willcox Co., Inc. 489 Chapter 15 Network Security Authentication Methods ■ Regardless of authentication protocol used, there are three main types of au- thentication: something you know, something you have, and something you are. ■ Two other methods were recently added: somewhere you are and something you do. ■ Strong authentication requires at least one mechanism from at least two categories. Authentication Protocols ■ Password Authentication Protocol (PAP) was an early development of username and password authentication that transmits the username and password as clear text. ■ Th e Challenge Handshake Authentication Protocol (CHAP) encrypts the username and password. ■ Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is a Microsoft version of CHAP that can only be used with Microsoft operating systems. ■ Kerberos was designed at the Massachusetts Institute of Technology (MIT) and is used to authenticate the client and the server. ■ Th e Kerberos system uses two diff erent keys similar to a public and private key for security. ■ Extensible Authentication Protocol (EAP) is an IETF standard used for network access and authentication in a client/server environment when IP is not available. ■ Th e most commonly encountered variations of EAP are Protected Extensible Authentication Protocol (PEAP) and Lightweight Extensible Authentication Protocol (LEAP). Security Implementations ■ After installing a network operating system, you should immediately apply any available software patches or service packs to the system. ■ Th e default system-administrator username should be changed to lessen the chance of the system being cracked. ■ A common security measure is to make devices as secure as possible this is called device hardening. ■ A strong password is composed of letters, numbers, and special symbols. ■ Network operating systems typically incorporate password policy features such as password history, minimum length, age, and complexity. ■ A fi rewall monitors data packets as they enter or exit the network system and blocks or passes them. ■ Unifi ed threat management (UTM) combines several security technologies, allowing you to manage your fi rewall as well as proxy server, IDS, or other function. ■ A proxy server is a special fi rewall designed to hide clients inside the net- work from unauthorized personnel outside the network.

Previous Page Next Page

Resources and Downloads

Extracted Text (may have errors)

Copyright Goodheart-Willcox Co., Inc. 489 Chapter 15 Network Security Authentication Methods ■ Regardless of authentication protocol used, there are three main types of au- thentication: something you know, something you have, and something you are. ■ Two other methods were recently added: somewhere you are and something you do. ■ Strong authentication requires at least one mechanism from at least two categories. Authentication Protocols ■ Password Authentication Protocol (PAP) was an early development of username and password authentication that transmits the username and password as clear text. ■ Th e Challenge Handshake Authentication Protocol (CHAP) encrypts the username and password. ■ Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is a Microsoft version of CHAP that can only be used with Microsoft operating systems. ■ Kerberos was designed at the Massachusetts Institute of Technology (MIT) and is used to authenticate the client and the server. ■ Th e Kerberos system uses two diff erent keys similar to a public and private key for security. ■ Extensible Authentication Protocol (EAP) is an IETF standard used for network access and authentication in a client/server environment when IP is not available. ■ Th e most commonly encountered variations of EAP are Protected Extensible Authentication Protocol (PEAP) and Lightweight Extensible Authentication Protocol (LEAP). Security Implementations ■ After installing a network operating system, you should immediately apply any available software patches or service packs to the system. ■ Th e default system-administrator username should be changed to lessen the chance of the system being cracked. ■ A common security measure is to make devices as secure as possible this is called device hardening. ■ A strong password is composed of letters, numbers, and special symbols. ■ Network operating systems typically incorporate password policy features such as password history, minimum length, age, and complexity. ■ A fi rewall monitors data packets as they enter or exit the network system and blocks or passes them. ■ Unifi ed threat management (UTM) combines several security technologies, allowing you to manage your fi rewall as well as proxy server, IDS, or other function. ■ A proxy server is a special fi rewall designed to hide clients inside the net- work from unauthorized personnel outside the network.

Help

Copyright Goodheart-Willcox Co., Inc. 488 Networking Fundamentals ■ An asymmetric key is a key classifi cation that uses two diff erent keys to encrypt and decrypt data. ■ Digital certifi cates are issued by certifi cate authorities and are used to verify identities. ■ Th e Secure Socket Layer (SSL) protocol was developed by Netscape to secure transactions between web servers and individuals using the Internet for such purposes as credit card transactions. ■ Transport Layer Security (TLS) was developed after SSL by the Internet Engineering Task Force (IETF). It serves the same purpose as SSL but is more secure. ■ A virtual network connection (VNC) describes a broad category of remote connection systems that allow a user to connect to a network device. ■ IPSec is a protocol designed to secure IP packets on an unsecured network medium. ■ Secure Shell (SSH) is a protocol that provides secure network services over an insecure network medium. ■ Secure Copy Protocol (SCP) provides a secure way of transferring fi les between computers. Wireless Security ■ Wireless networks use a service set identifi er (SSID) to identify the wireless network. ■ A media access control (MAC) fi lter allows or restrict WAP access based on the MAC address of a wireless network card. ■ Wired Equivalent Privacy (WEP) was the fi rst attempt to encrypt data transferred across a wireless network. It was part of the original IEEE 802.11 wireless standard. ■ When vulnerabilities were discovered in the algorithm used for WEP, the Wi-Fi organization developed the Wi-Fi Protected Access (WPA) encryption technique. ■ Wi-Fi Protected Access 2 (WPA2) is an enhanced version of WPA. ■ IEEE 802.11i is a standard that was developed to remedy the original security fl aws in 802.11. ■ 802.1x provides port-based, network access control, which supports authen- tication for Ethernet network access. ■ 802.1x is composed of three components: supplicant, authenticator, and authentication server. ■ A rogue access point is an unauthorized wireless access point that is in- stalled on a network system. Authentication, Authorization, and Accounting ■ AAA represents Authentication, Authorization, and Accounting. ■ RADIUS, Diameter, and TACTACS+ are all models of AAA.

Previous Page Next Page

Resources and Downloads

Copyright Goodheart-Willcox Co., Inc. 490 Networking Fundamentals ■ Physical security of a network refers to the location of the physical, tangible system components. ■ Workstations, server rooms, and any access point should be secured, and devices should have tamper protection. ■ Biometrics is the use of physical characteristics for the basis of user authentication. ■ A smart card integrates electronics into a card for authentication. Security Tools ■ Th e netstat utility can help determine which ports are open on a computer. ■ A protocol analyzer is a tool that inspects protocol activity and contents. ■ A packet sniff er is a type of network monitoring utility that inspects data packets. ■ Policies and procedures should outline security measures, including re- mote access guidelines, best practices and safety guidelines, BYOD rules, an acceptable use policy (AUP), proper disposal of equipment, data loss preven- tion, and incident response. Data Security Compliance Requirements ■ Th e diff erence between a standard and a law is that a standard is voluntary, whereas a law is legally binding. Review Questions 1. Summarize the diff erences between the three basic types of hackers. 2. _____ is the process used to identify a user and ensure the user is who he or she claims to be. 3. _____ is a method of using an algorithm to encode data. 4. Th e manipulation of personnel through deceitful means to gain security information is called _____. 5. When a server is overloaded with false requests so much that it crashes, what type of attack has occurred? 6. What is using a false IP address or identity called? 7. What is the purpose behind using a Trojan horse? 8. Where are macro writers commonly found? 9. Th rough what method are worms typically spread? 10. Describe DNS poisoning. 11. What is the purpose of intrusion detection and intrusion prevention systems? 12. What is the diff erence between symmetric-key encryption and asymmetric- key encryption? 13. Another name for symmetric-key encryption is _____. 14. List three examples of symmetric cyphers.

Previous Page Next Page

Resources and Downloads

Extracted Text (may have errors)

Help

loading

Resources and Downloads

Resources and Downloads