Security protocols protect a computer from attacks. To understand how security protocols work, you must first understand what types of attacks they protect against. Networks and data are vulnerable to both active attacks, in which information is altered or destroyed, and passive attacks, in which information is monitored. Attacks that you might encounter include the following:
This active attack takes place when data is interrupted in transit and modified before it reaches its destination, or when stored data is altered. This passive attack takes advantage of network traffic that is transmitted across the wire in clear text. The attacker simply uses a device that monitors traffic and "listens in" to discover information. You'll hear this term referred to as sniffing the wire, and sometimes as snooping.
IP address spoofing
One way to authenticate data is to check the IP address in data packets. If the IP address is valid, that data is allowed to pass into the private network. IP address spoofing is the process of changing the IP address so that data packets will be accepted. IP address spoofing can be used to modify or delete data, or to perpetuate an additional type of attack.
A hacker will obtain user IDs and passwords, or even encryption keys, to gain access to network data, which can then be altered, deleted, or even used to create another attack. This type of attack is usually done by asking unsuspecting users, reading sticky notes containing passwords that are posted next to computers, or sniffing the wire for password information. Sometimes a hacker will attempt to get hired at a company merely to obtain an ID and password with access rights to the network.
Denial of service
This active attack is intended to cause full or partial network outages so that people will not be able to use network resources and productivity will be affected. The attacker floods so many packets through the network or through specific resources that other users can't access those resources. The denial-of-service attack can also serve as a diversion while the hacker alters information or damages systems.
A virus is an attack on a system. It is a piece of software code that is buried inside a trusted application (or even an e-mail message) that invokes some action to wreak havoc on the computer or other network resources.
|Security Method||Type of Attack||Notes|
|Authentication||Password guessing attacks||Verifies the user's identity|
|Access control||Password pilfering||Protects sensitive data from access by the average user|
|Encryption||Data alteration||Prevents the content of the packets from being tampered with|
|Certificates||Eavesdropping||Transmits identity information securely|
|Firewalls||Denial of service (as well as others)||When configured correctly, can prevent many denial-of-service attacks|
|Signatures||Data alteration||Protects stored data from tampering|
|Public key infrastructure||Spoofing||Ensures that data received is from correct sender|
|Code authentication||Virus and other code attacks||Protects the computer from altered executables|
|Physical security||Password pilfering||Protects unauthorized persons from having access to authorized users and their IDs and passwords|
|Password policies||Password pilfering||Ensures that passwords are difficult to guess or otherwise decipher|
IPSec (Internet Protocol Security)
IPSec Is a set of protocols used to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: Transport and Tunnel.
Transport mode encrypts only the data portion of each packet, but leaves the header untouched.
The more secure Tunnel mode encrypts both the header and the data portion.
For IPsec to work, the sending and receiving devices must share a public key. This is accomplished through a protocol known as Internet Security Association and Key Management Protocol/Oakley, which allows the receiver to obtain a public key and authenticate the sender using digital certificates. IPsec protocols operate at the network layer, layer 3 of the OSI model. Other Internet security protocols in widespread use, such as SSL and TLS, operate from the transport layer up (OSI layers 4 - 7). This makes IPsec more flexible, as it can be used for protecting both TCP and UDP based protocols
L2TP (Layer 2 Tunneling Protocol)
Layer 2 Tunneling Protocol is a tunneling protocol used to support virtual private networks VPNs. L2TP is an extension to the PPP protocol that enables ISPs to operate Virtual Private Networks. L2TP combines the best features of two other tunneling protocols:PPTP from Microsoft and L2F from Cisco Systems.
SSL (Secure Sockets Layer)
Secure Sockets Layer is a protocol that supplies secure data communication through data encryption and decryption. SSL enables communications privacy over networks by using a combination of public key, and bulk data encryption.
WEP (Wired Equivalent Privacy)
Wired Equivalent Privacy is a scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks. Because a wireless network broadcasts messages using radio, it is particularly susceptible to eavesdropping.
WEP was intended to provide comparable confidentiality to a traditional wired network and thus it does not protect users of the network from each other.
WPA (Wi-Fi Protected Access)
A security protocol for wireless networks that builds on the basic foundations of WEP. It secures wireless data transmission by using a key similar to WEP, but the added strength of WPA is that the key changes dynamically. The changing key makes it much more difficult for a hacker to learn the key and gain access to the network.
WPA2 (Wi-Fi Protected Access 2)
WPA2 is the second generation of WPA security and provides a stronger encryption mechanism through Advanced Encryption Standard (AES), which is a requirement for some government users.
IEEE 802.11 also known by the brand Wi-Fi, denotes a set of Wireless LAN/WLAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee (IEEE 802). The term 802.11x is also used to denote this set of standards and is not to be mistaken for any one of its elements. There is no single 802.11x standard.
|Protocol||Release Date||Op. Frequency||Data Rate (Typ)||Data Rate (Max)||Range (Indoor)||Range (Outdoor)|
|802.11a||1999||5.15-5.35/5.47-5.725/5.725-5.875 GHz||25 Mbit/s||54 Mbit/s||~25 meters||~75 meters|
|802.11b||1999||2.4-2.5 GHz||6.5 Mbit/s||11 Mbit/s||~35 meters||~100 meters|
|802.11g||2003||2.4-2.5 GHz||25 Mbit/s||54 Mbit/s||~25 meters||~75 meters|
|802.11n||2007||2.4 GHz or 5 GHz bands||200 Mbit/s||540 Mbit/s||~50 meters||~125 meters|
Identify authentication protocols:
CHAP (Challenge Handshake Authentication Protocol)
Challenge Handshake Authentication Protocol is a challenge-response authentication protocol that uses the industry-standard Message Digest 5 (MD5) hashing scheme to encrypt the response. CHAP is used by various vendors of network access servers and clients.
MS-CHAP (Microsoft Challenge Handshake Authentication Protocol)
MS-CHAP Microsoft Challenge Handshake Authentication Protocol. MS-CHAP is a nonreversible, encrypted password authentication protocol. The challenge handshake process works as follows:
- The remote access server or the IAS server sends a challenge to the remote access client that consists of a session identifier and an arbitrary challenge string.
- The remote access client sends a response that contains the user name and a nonreversible encryption of the challenge string, the session identifier, and the password.
- The authenticator checks the response and, if valid, the user's credentials are authenticated.
PAP (Password Authentication Protocol)
Password Authentication Protocol uses plaintext passwords and is the least sophisticated authentication protocol. It is typically negotiated if the remote access client and remote access server cannot negotiate a more secure form of validation.
RADIUS (Remote Authentication Dial-In User Service)
Is an AAA (authentication, authorization and accounting) protocol for applications such as network access or IP mobility. It is intended to work in both local and roaming situations.
Some ISPs (commonly modem, DSL, or wireless 802.11 services) require you to enter a username and password in order to connect on to the Internet. Before access to the network is granted, this information is passed to a Network Access Server (NAS) device over the Point-to-Point Protocol (PPP), then to a RADIUS server over the RADIUS protocol. The RADIUS server checks that the information is correct using authentication schemes like PAP, CHAP or EAP.
If accepted, the server will then authorize access to the ISP system and select an IP address. RADIUS is also widely used by VoIP service providers.
Kerberos and EAP (Extensible Authentication Protocol)).
An authentication system, Kerberos is designed to enable two parties to exchange private information across an open network. It works by assigning a unique key, called a ticket, to each user that logs on to the network. The ticket is then embedded in messages to identify the sender of the message.
Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. Although the EAP protocol is not limited to wireless LANs and can be used for wired LAN authentication, it is most often used in wireless LANs. Recently, the WPA and WPA2 standard has officially adopted five EAP types as its official authentication mechanisms.
Smart cards are gaining in popularity as a way to ensure secure authentication using a physical key. Smart cards are able to provide an interactive logon, secure e-mail messages, and authenticate access to network services.
Smart cards contain chips to store a user's private key and can also store logon information; public key certificates; and other information, depending on the smart card's usage. When a user needs to access a resource, the user inserts the smart card into a reader attached to the network. After typing in the user's personal identification number (PIN), the user is authenticated and can access network resources. The private key is automatically available for transparent access to encrypted information.
Smart cards require Public Key Infrastructure (PKI), a method of distributing encryption keys and certificates. In addition, each protected resource will require a smart-card reader. Some implementations of smart cards combine the smart card with employee badges so that employees need a single card for building and network access.
Remote access protocols and services:
RAS (Remote Access Service)
Remote Access Service A service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple branch offices. Users with RAS can dial in to remotely access their networks for services such as file and printer sharing, electronic mail, scheduling, and SQL database access.
PPP (Point-to-Point Protocol)
PPP is based on an open standard defined in RFCs 1332, 1661, and 2153. PPP works with asynchronous and synchronous serial connections as well as High-Speed Serial Interfaces (HSSI) and ISDN interfaces (BRI and PRI).
PPP has many more features than HDLC. Like HDLC, PPP defines a frame type and how two PPP devices communicate with each other, including the multiplexing of network and data link layer protocols across the same link. However, PPP also does the following:
- Performs dynamic configuration of links
- Allows for authentication
- Compresses packet headers
- Tests the quality of links
- Performs error detection and correction
- Allows multiple PPP physical connections to be bound together as a single logical connection (referred to as multilink)
PPP has three main components:
- Frame format (encapsulation)
- Link Control Protocol (LCP)
- Network Control Protocol (NCP)
Each of these three components plays an important role in the setup, configuration, and transfer of information across a PPP connection.
SLIP (Serial Line Internet Protocol)
An older industry standard that is part of Windows remote access client to ensure interoperability with other remote access software.
PPPoE (Point-to-Point Protocol over Ethernet)
Point-to-Point Protocol over Ethernet encapsulates PPP frames in Ethernet frames and is usually used in conjunction with ADSL services.
It gives you a lot of the familiar PPP features like authentication, encryption, and compression, but there’s a downside—it has a lower maximum transmission unit (MTU) than standard Ethernet does, and if your firewall isn’t solidly configured, this little attribute can really give you some grief! Still somewhat popular in the United States, PPPoE on Ethernet’s.
main feature is that it adds a direct connection to Ethernet interfaces while providing DSL support as well. It’s often used by many hosts on a shared Ethernet interface for opening PPP sessions to various destinations via at least one bridging modem.
PPTP (Point-to-Point Tunneling Protocol)
Networking technology that supports multiprotocol virtual private networks (VPNs), enabling remote users to access corporate networks securely across the Internet or other networks by dialing into an Internet service provider (ISP) or by connecting directly to the Internet. The Point-to-Point Tunneling Protocol (PPTP) tunnels, or encapsulates, IP, IPX, or NetBEUI traffic inside of IP packets. This means that users can remotely run applications that are dependent upon particular network protocols.
VPN (Virtual Private Network)
Virtual private network A remote LAN that can be accessed through the Internet by using PPTP (see above)
RDP (Remote Desktop Protocol)
Remote Desktop Protocol (RDP) is a multi-channel protocol that allows a user to connect to a computer running Microsoft Terminal Services. Clients exist for most versions of Windows (including handheld versions), and other operating systems such as Linux, FreeBSD, Solaris Operating System and Mac OS X. The server listens by default on TCP port 3389.
- Version 4.0 was introduced with Terminal Services in Windows NT 4.0 Server, Terminal Server Edition.
- Version 5.0, introduced with Windows 2000 Server, added support for a number of features, including printing to local printers, and aimed to improve network bandwidth usage.
- Version 5.1, introduced with Windows XP Professional, included support for 24-bit color and sound.
- Version 5.2, introduced with Windows Server 2003, included support for console mode connections, a session directory, and local resource mapping.
- Version, 6.0, introduced with Windows Vista and Windows Server includes a significant number of new features, most notably being able to remotely access a single application instead of the entire desktop, and support for 32 bit color.