Network Security: ESS Comptia Security + Mentoring Program

Network
Security
ESS Comptia Security + Mentoring Program
Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
1.1 Explain the security function and purpose of network

devices and technologies
Firewalls
Routers
Switches
Load Balancers
Proxies
Web security gateways
VPN concentrators
NIDS and NIPS (Behavior based,
signature based, anomaly based,
heuristic)
Protocol analyzers
Sniffers
Spam filter, all-in-one security
appliances
Web application firewall vs. network
firewall
Hewlett-Packard Development
Company,
L.P. The information contained herein is subject to change without notice.
Copyright
URL2012
filtering,
content
inspection,
Firewalls
Are one of the first lines of defense in a network. There are different
types of firewalls, and they can be either stand-alone systems or
included in other devices such as routers or servers. You can find
firewall solutions that are marketed as hardware only and others that
are software only. Many firewalls, however, consist of add-in software
that is available for servers or workstations.
Switches
Are multiport devices that improve network efficiency. A switch

typically has a small amount of information about systems in a
network. Using switches improves network efficiency over hubs
because of the virtual circuit capability. Switches also improve
network security because the virtual circuits are more difficult to
examine with network monitors. You can think of a switch as a device
that has some of the best capabilities of routers and hubs combined.
Routers
The primary instrument used for connectivity between two or more
networks is the router. Routers work by providing a path between the
networks. A router has two connections that are used to join the
networks. Each connection has its own address and appears as a valid
address in its respective network.
Load Balancer
Load balancing refers to shifting a load from one device to another.
Most often the device in question is a server, but the term could be
used for a hard drive, a CPU, or almost any device that you want to
avoid overloading. Using a server as the device in question, balancing
the load between multiple servers instead of relying on only one
reduces the response time, maximizes throughput, and allows better
allocation of resources.
Proxies
In computer networks, a proxy server is a server (a computer
system or an application) that acts as an intermediary for
requests from clients seeking resources from other servers. A
client connects to the proxy server, requesting some service,
such as a file, connection, web page, or other resource
available from a different server and the proxy server
evaluates the request as a way to simplify and control its
complexity.
Proxy Types
A proxy server that passes requests and responses
unmodified is usually called a gateway or sometimes a
tunneling proxy.
A forward proxy is an Internet-facing proxy used to retrieve
from a wide range of sources (in most cases anywhere on
the Internet).
A reverse proxy is usually an Internet-facing proxy used as
a front-end to control and protect access to a server on a
private network, commonly also performing tasks such as
load-balancing, authentication, decryption or caching
Web Security Server

Can be thought of as a proxy server (performing proxy and caching
functions) with web protection software built in. Depending on the
vendor, the "web protection" can range from a standard virus scanner
on incoming packets to also monitoring outgoing user traffic for red
flags.
VPN concentrator
A VPN concentrator is a hardware device used to create remote
access VPNs. The concentrator creates encrypted tunnel sessions
between hosts, and many use two-factor authentication for additional
security. Cisco models often incorporate Scalable Encryption
Processing (SEP) modules to allow for hardware-based encryption
and/or redundancy.
10
NIDS& NIPS
NIDS
Attaches the system to a point in the network where it can monitor
and report on all network traffic, this is configured to detect attacks
within the network but just report its activity.
NIPS Network Intrusion Prevention Systems
These systems focus on signature matches and then take a course of
action. For example, if it appears as if an attack might be under way,
packets can be dropped, ignored, and so forth. In order to be able to
do this, the NIPS must be able to detect the attack occurring, and thus
it can be argued that NIPS is a subset of NIDS
11
Types of NIDS & NIPS

Behavior-Based-Detection IDS:
A behavior-based system looks for variations in behavior such as
unusually high traffic, policy violations, and so on. By looking for
deviations in behavior, it is able to recognize potential threats and
respond quickly.
Signature-Based-Detection IDS:
A signature-based system, also commonly known as
misuse-detection IDS (MD-IDS), is primarily focused on evaluating
attacks based on attack signatures and audit trails. Attack signatures
describe a generally established method of attacking a system. For
example, a TCP flood attack begins with a large number of incomplete
TCP sessions. If the MD-IDS knows what a TCP flood attack looks like,
it can make an appropriate report or response to thwart the attack.
12
Types of NIDS & NIPS

Anomaly-Detection IDS:
An anomaly-detection IDS (AD-IDS) looks for anomalies, meaning it
looks for things outside of the ordinary. Typically, a training program
learns what the normal operation is and then can spot deviations from
it. An AD-IDS can establish the baseline either by being manually
assigned values or through automated processes that look at traffic
patterns. One method is behavior-based, which looks for unusual
behavior and then acts accordingly.
Heuristic IDS:
A heuristic system uses algorithms to analyze the traffic passing
through the network. As a general rule, heuristic systems require
more tweaking and fine-tuning than the other types of detection
13
Web application firewall vs. network

firewall
It should be noted that while software-based firewalls included with
the operating system are a great defense, they should not be
considered the only solution. A Web Application Firewall (WAF) can
look at every request between a web client and a web server and
identify possible attacks.
Network Firewalls are one of the first lines of defense in a network.
There are different types of firewalls, and they can be either standalone systems or included in other devices such as routers or servers.
You can find firewall solutions that are marketed as hardware only and
others that are software only. Many firewalls, however, consist of addin software that is available for servers or workstations.
14
Protocol Analyzers & Sniffers

The terms protocol analyzing and packet sniffing are interchangeable.
They refer to the process of monitoring the data that is transmitted
across a network. The software that performs the operation is called
either an analyzer or a sniffer
15
Spam Filters
Spam filters can be added to catch unwanted email and filter it out
before it gets delivered internally. The filtering is done based on rules
that are established (block email coming from certain IP addresses,
email that contains particular words in the subject line, and the like).
While spam filters are usually used to scan incoming messages, they
can also be used to scan outgoing as well and thus act as a quick
identifier of internal PCs that may have contracted a virus.
16
URL Filtering
URL filtering involves blocking websites (or sections of websites)
based solely on the URL; restricting access to specified websites and
certain web-based applications. This is in contrast to content filters,
which block data based on its content rather than where it is coming
from. Within Internet Explorer, the Phishing Filter included with IE7
acted as a URL filter. The Phishing Filter was replaced with the
SmartScreen Filter with IE8 and subsequent releases.
17
All-in One appliances

A number of vendors make all-in-one security devices that
combine spam filters with firewalls, load balancers, and a
number of other services.
18
Content Inspection
Instead of relying on a website to be previously identified as
questionable, as URL filtering does, content inspection works
by looking at the data coming in. Within the most recent
versions of Internet Explorer, content filtering can be
configured using Content Advisor.
19
Malware Inspection
It is important to stop malware before it ever gets hold of a
system. While tools that identify malware when they find it on
a system are useful, real-time tools that stop it from ever
making it to the system are better.
20
1.2 Apply and implement secure network administration

principles
21
Rule-based management
Firewall rules
VLAN management
Secure router configuration
Access control lists
Port Security
802.1x
Flood guards
Loop protection
Implicit deny
Prevent network bridging by network
separation
Log analysis
Rule-based management
Rule-based management, also known as label-based management,
defines conditions for access to objects. The access is granted to the
object based on both the object's sensitivity label and the user's
sensitivity label. Most software packages that allow you to implement
rule-based management divide correlation rules into two categories,
system rules and custom rules, with the former being predefined outof-the-box settings.
With all rules, an action must be defined. That action is triggered
when conditions are/aren't met.
22
Firewall Rules
Firewall rules act like ACLs and are used to dictate what traffic can
pass between the firewall and the internal network. Three possible
actions can be taken based on the rule's criteria:
Block the connection.
Allow the connection.
Allow the connection only if it is secured.
The rules can be applied to inbound traffic or outbound traffic and any
type of network (LAN, wireless, BPN, remote access). On a regular
basis, you should audit the firewall rules and verify that you are
obtaining the results you wish and make any modifications needed.
23
VLAN management
A virtual local area network (VLAN) allows you to create
groups of users and systems and segment them on the
network. This segmentation lets you hide segments of the
network from other segments and thereby control access. You
can also set up VLANs to control the paths that data takes to
get from one point to another. A VLAN is a good way to
contain network traffic to a certain area in a network.
Think of a VLAN as a network of hosts that act as if they're
connected by a physical wire even though there is no such
wire between them.
24
Secure router configuration

One of the most important things you can do to secure your network
is make sure you secure the router. As much common sense as it
makes, it is too often overlooked in the hurry to get the router
configuration finished and move on to the next job. To securely
configure the router, you must do the following:
Change the Default Password:.
The password for the administrator is set before the router leaves the
factory. You have to assume that every miscreant wanting
unauthorized access to your network knows the default passwords set
by the factory. Employ good password principles (alphanumeric, more
than 8 characters, etc.) and change it to a value that only those who
must know do.
25
Secure Router Configuration

Walk through the Advanced Settings:
These settings will differ based on the router manufacturer and type
but often include settings to block ping requests, perform MAC
filtering, and so on. All of these issues are discussed elsewhere in this
book and need to be applied to the router configuration the same as
they would be applied elsewhere.
Keep the Firmware Upgraded:
Router manufacturers often issue patches when problems are
discovered. Those patches need to be applied to the router to remove
any security exploits that may exist.
Always remember to back up your router configuration before
making any significant changesin particular a firmware
upgradeto provide a fallback in case something goes awry.
26
Access Control Lists

Access control lists (ACLs) enable devices in your network to ignore
requests from specified users or systems or to grant them certain
network capabilities. You may find that a certain IP address is
constantly scanning your network, and you can block this IP address.
If you block it at the router, the IP address will automatically be
rejected any time it attempts to utilize your network.
27
Port Security
Works at level 2 of the OSI model and allows an administrator to
configure switch ports so that only certain MAC addresses can use the
port. This is a common feature on both Cisco's Catalyst as well as
Juniper's EX Series switches and essentially differentiates so-called
dumb switches from managed.
28
802.1X
The IEEE standard 802.1X defines port-based security for wireless
network access control. As such, it offers a means of authentication
and defines the Extensible Authentication Protocol (EAP) over IEEE
802, discussed in Chapter 12, and is often known as EAP over LAN
(EAPOL). The biggest benefit of using 802.1X is that the access points
and the switches do not need to do the authentication but instead rely
on the authentication server to do the actual work.
29
A flood guard
is a protection feature built into many firewalls that allow the

administrator to tweak the tolerance for unanswered login attacks. By
reducing this tolerance, it is possible to reduce the likelihood of a
successful DoS attack. If a resourceinbound or outboundappears
to be overused, then the flood guard kicks in. With many Cisco
firewalls, you can configure the same protection you apply at an
upper level to be inherited by children as well in order to protect
subgroups and devices.
30
Loop protection
is a similar feature that works in layer 2 switching configurations and
is intended to prevent broadcast loops. When configuring it in most
systems, you can choose to disable broadcast forwarding and protect
against duplicate ARP requests (those having the same target
protocol address). The Spanning Tree Protocol (STP) is intended to
ensure loop-free bridged Ethernet LANs. It operates at the data link
layer and makes sure there is only one active path between two
stations
31
Implicit Deny
Within ACLs, there exists a condition known as implicit deny. An
implicit deny clause is implied at the end of each ACL and it means
that if the proviso in question has not been explicitly granted, then it
is denied.
32
Prevent network bridging by network

separation
Network bridging occurs when a device has more than one
network adapter card installed and the opportunity presents
itself for a user on one of the networks to which the device is
attached to jump to the other. While multiple cards have been
used in servers for years (known as multihomed hosts), it is
not uncommon today to find multiple cards in laptops (wired
and wireless) and the bridging to occur without the user truly
understanding what is happening.
To prevent network bridging, you can configure your network
such that when bridging is detected, you shut off/disable that
jack. You can also create profiles that allow for only one
interface.
33
Log Analysis
Log analysis is crucial to identifying problems that occur
related to security. As an administrator, you have the ability
to turn on logging at many different locations and levels. The
next step, however, is the most importantwhat you do with
the log information collected. Far too many administrators
turn on logging and then fail to properly (if ever) analyze
what they collect because it is a lot of information and a lot of
work.
34
1.3 Distinguish and differentiate

network design elements and
DMZ
compounds
35
Subnetting
VLAN
NAT
Remote Access
Telephony
NAC
Virtualization
Cloud Computing
Platform as a Service
Software as a Service
Infrastructure as a Service
DMZ
Is an area in a network that allows restrictive access to untrusted
users and isolates the internal network from access by external users
and systems. It does so by using routers and firewalls to limit access
to sensitive network resources.
36
Subnetting
A subnetwork, or subnet, is a logically visible subdivision of an IP
network.[1] The practice of dividing a network into two or more
networks is called subnetting.
All computers that belong to a subnet are addressed with a common,
identical, most-significant bit-group in their IP address. This results in
the logical division of an IP address into two fields, a network or
routing prefix and the rest field or host identifier. The rest field is an
identifier for a specific host or network interface.
37
VLAN Management
A virtual local area network (VLAN) allows you to create groups of
users and systems and segment them on the network. This
segmentation lets you hide segments of the network from other
segments and thereby control access. You can also set up VLANs to
control the paths that data takes to get from one point to another. A
VLAN is a good way to contain network traffic to a certain area in a
network.
38
NAT
Creates a unique opportunity to assist in the security of a network.
Originally, NAT extended the number of usable Internet addresses.
Now it allows an organization to present a single address to the
Internet for all computer connections. The NAT server provides IP
addresses to the hosts or systems in the network and tracks inbound
and outbound traffic.
39
Remote Access
Refers to any server service that offers the ability to connect remote
systems. The current Microsoft product for Windows-based clients is
called Routing and Remote Access Services (RRAS), but it was
previously known as Remote Access Services (RAS). Because of this,
you'll encounter the term RAS used interchangeably to describe both
the Microsoft product and the process of connecting to remote
systems.
40
Telephony
When telephone technology is married with information technology,
the result is known as telephony. A breach in your telephony
infrastructure is just as devastating as any other violation and can
lead to the loss of valuable data.
With the exodus from land lines to Voice over IP (VoIP) in order for
companies to save money
41
NAC
When a computer connects to a computer network, it is not
permitted to access anything unless it complies with a
business defined policy; including anti-virus protection level,
system update level and configuration. While the computer is
being checked by a pre-installed software agent, it can only
access resources that can remediate (resolve or update) any
issues. Once the policy is met, the computer is able to access
network resources and the Internet, within the policies
defined within the NAC system. NAC is mainly used for
endpoint health checks, but it is often tied to Role based
Access. Access to the network will be given according to
profile of the person and the results of a posture/health
check. For example, in an enterprise, the HR department
could access only HR department files if both the role and the
42
Virtualization
If cloud computing has grown in popularity, virtualization has
become the technology du jour. Virtualizationallowing one
set of hardware to host multiple virtual machinesis in use at
most large corporations and becoming more common at
smaller businesses as well.
Some of the security risks that are possible with virtualization
include the following:
43
Risks Associated to Virtualization

Breaking Out of the Virtual Machine If a malcontent could break out
of the virtualization layer and be able to access the other virtual
machines, they could access data they should never have access
to.
Network and Security Controls Can Intermingle The tools used to
administer the virtual machine may not have the same granularity
as those used to manage the network. This could lead to privilege
escalation and a compromise of security.
Most virtualization-specific threats focus on the hypervisor. The
hypervisor is the virtual machine monitor the software that allows
the virtual machines to exist. If the hypervisor can be successfully
attacked, the attacker can gain root-level access to all virtual
systems.
While this is a legitimate issue, and one that has been demonstrated
to be possible in most systems (including VMware, Xen, and Microsoft
44
Virtualization
Platform as a Service :The Platform as a Service (PaaS) model is
also known as cloud platform services. In this model, vendors allow
apps to be created and run on their infrastructure. Two well-known
models of this implementation are Amazon Web Services and
Google Code.
Software as a Service: The Software as a Service (SaaS) model is
the one often thought of when users generically think of cloud
computing. In this model, applications are remotely run over the
Web. The big advantage is that no local hardware is required (other
than to obtain web access) and no software applications need be
installed on the machine accessing the site. The best known model
of this is Salesforce.com. Costs are usually computed on a
subscription basis.
Infrastructure as a Service: The Infrastructure as a Service
(IaaS) model utilizes virtualization, and clients pay an outsourcer
45
Risks Associated to cloud computing

Regulatory Compliance: Depending upon the type and size of
your organization, there are any number of regulatory agency's
rules with which you must comply. If your organization is publically
traded, for example, then you must adhere to Sarbanes-Oxley's
demanding and exacting ruleswhich can be difficult to do when
the data is not located on your servers. Make sure whoever hosts
your data takes privacy and security as seriously as you do.
User Privileges: Enforcing user privileges can be fairly taxing. If
the user does not have least privilege (addressed later in this
chapter), then their escalated privileges could allow them to access
data they otherwise would not be able to and cause harm to it,
whether intentional or not. Be cognizant of the fact that you won't
have the same control over user accounts in the cloud as you did
locally, and when someone locks their account by giving the wrong
password too many times in a row, you/they could be at the mercy
46
Risks Associated to cloud computing

Data Integration/Segregation: Just as web-hosting companies
usually put more than one company's website on a server in order
to be profitable, data-hosting companies can put more than one
company's data on a server. In order to keep this from being
problematic, you should use encryption to protect your data. Be
cognizant of the fact that your data is only as safe as the data it is
integrated with.
47
1.4 Implement and use common

protocols
IPSec
48
SNMP
SSH
DNS
TLS
SSL
TCP/IP
FTPS
HTTPS
SFTP
SCP
ICMP
IPv4 vs. IPv6
IPsec
Is a security protocol that provides authentication and encryption
across the Internet. IPSec is becoming a standard for encrypting
virtual private network (VPN) channels and is built into IPv6. It's
available on most network platforms, and it's considered to be highly
secure.
49
Simple Network Management Protocol

SNMP
Simple Network Management Protocol (SNMP) is a management tool
that allows communications between network devices and a
management console. Most routers, bridges, and intelligent hubs can
communicate using SNMP.
SNMP TCP/IP uses Simple Network Management Protocol (SNMP) to
manage and monitor devices in a network. Many copiers, fax
machines, and other smart office machines use SNMP for
maintenance functions. This protocol travels through routers quite
well and can be vulnerable to attack. Although such an attack might
not be dangerous, think about what could happen if your printer
suddenly went online and started spewing paper all over the floor.
SNMP was upgraded as a standard to SNMPv2, which provides
security and improved remote monitoring. SNMP is currently
undergoing a revision. SNMPv3 primarily added security and remote
configuration enhancements to SNMP
50
Secure Shell SSH

Is a tunneling protocol originally designed for Unix systems. It uses
encryption to establish a secure connection between two systems.
SSH also provides alternative, security-equivalent programs for such
Unix standards as Telnet, FTP, and many other communicationsoriented applications. SSH is now available for use on Windows
systems as well. This makes it the preferred method of security for
Telnet and other cleartext-oriented programs in the Unix environment.
SSH uses port 22 and TCP for connections.
51
Domain Name System DNS

DNS allows hosts to resolve hostnames to an Internet Protocol (IP)
address.
DNS servers can be used internally for private functions as well as
externally for public lookups. DNS-related attacks aren't common, but
they generally come in one of three types:
52
Secure Socket Layer SSL

Secure Sockets Layer and Transport Layer Security Secure Sockets
Layer (SSL) and Transport Layer Security (TLS) are two common
protocols used to convey information between a web client and a
server.
The SSL protocol uses an encryption scheme between the two
systems. The client initiates the session, the server responds,
indicating that encryption is needed, and then they negotiate an
appropriate encryption scheme.
53
Transport Layer Security TLS

Secure Sockets Layer and Transport Layer Security Secure Sockets
Layer (SSL) and Transport Layer Security (TLS) are two common
protocols used to convey information between a web client and a
server.
TLS is a newer protocol that merges SSL with other protocols to
provide encryption. TLS supports SSL connections for compatibility,
but it also allows other encryption protocols, such as Triple DES, to be
used. SSL/TLS uses port 443 and TCP for connections.
54
Transport Control Protocol / Internet

Protocol TCP/IP
The TCP/IP suite is broken into four architectural layers:
Application layer
Host-to-Host or Transport layer
Internet layer
Network Access layer (also known as the Network Interface layer or
the Link layer)
Computers using TCP/IP use the existing physical connection between
the systems. TCP/IP doesn't concern itself with the network topology,
or physical connections. The network controller that resides in a
computer or host deals with the physical protocol, or topology. TCP/IP
communicates with that controller and lets the controller worry about
the network topology and physical connection.
55
FTP and its variants

File Transfer Protocol File Transfer Protocol (FTP) is an application that
allows connections to FTP servers for file uploads and downloads. FTP
is a common application used to transfer files between hosts on the
Internet but is inherently insecure. A number of options have been
released to try to create a more secure protocol including FTP over
SSL (FTPS), which adds support for SSL cryptography, and SSH File
Transfer Protocol (SFTP), which is also known as Secure FTP.
An alternative utility for copying files is Secure Copy (SCP), which
combines an old remote copy program (RCP) from the first days of
TCP/IP with SSH. On the opposite end of the spectrum, from a security
standpoint, is the Trivial File Transfer Protocol (TFTP), which can be
configured to transfer files between hosts without any user interaction
(unattended mode) and should be avoided at all costs.
56
HTTPS
Hypertext Transport Protocol over SSL (HTTPS)also known as
Hypertext Transport Protocol Secureis the secure version of HTTP,
the language of the World Wide Web. HTTPS uses SSL to secure the
channel between the client and server. Many e-business systems use
HTTPS for secure transactions. An HTTPS session is identified by the
https in the URL and by a key that is displayed on the web browser.
HTTPS uses port 443 by default.
57
ICMP
Provides maintenance and reporting functions. It's used by
the Ping program. When a user wants to test connectivity to
another host, they can enter the PING command with the IP
address, and the user's system will test connectivity to the
other host's system. If connectivity is good, ICMP will return
data to the originating host. ICMP will also report if a
destination is unreachable. Routers and other network
devices report path information between hosts with ICMP.
58
IGMP
Internet Group Management Protocol Internet Group
Management Protocol (IGMP) is responsible primarily for
managing IP multicast groups. IP multicasts can send
messages or packets to a specified group of hosts. This is
different from a broadcast, which all users in a network
receive.
59
IPV4 Vs IPV6
The TCP/IP protocol suite in use today has been around since the
earliest days of the Internetprior to it even being known by that
name. The remarkable fact that it has been able to scale to the level it
is used at today is testament to the forward thinking of those involved
in its creation.
Several years back, however, a panic arose amid fears that there
would not be enough IP addresses to assign to every host needing to
connect. The current numbering system, known as IP version 4 (IPv4)
even though there really weren't publically released prior versions, is
what is described throughout this chapter and still widely used today.
IP version 6 (IPv6) was introduced several years ago to replace IPv4
but has failed to do so, and most systems currently support both at
the Internet layer.
Key things to know for the exam are that IPv6 supports 128-bit
addresses, while IPv4 supports 32-bit addresses (see "
60
1.5 Identify commonly used default

network ports
61
FTP
SFTP
FTPS
TFTP
TELNET
HTTP
HTTPS
SCP
SSH
NetBIOS
Standard TCP Ports
62
TCP Port
Number
Service
20
21
22
23
25
49
80
110
115
119
137
138
139
143
389
443
989
990
FTP (data channel)

FTP (control channel)
SSH and SCP
Telnet
SMTP
TACACS authentication service
HTTP (used for the World Wide Web)
POP3
SFTP
NNTP
NetBIOS name service
NetBIOS datagram service
NetBIOS session service
IMAP
LDAP
HTTPS (used for secure web connections)
FTPS (data channel)
FTPS (control channel)
Standard UDP Ports

UDP Port
Number
22
49
53
69
80
137
138
139
143
161
389
989
990
63
Service
SSH and SCP
TACACS authentication service
DNS name queries
Trivial File Transfer Protocol (TFTP)
HTTP (used for the World Wide Web)
NetBIOS name service
NetBIOS datagram service
NetBIOS session service
IMAP
SNMP
LDAP
FTPS (data channel)
FTPS (control channel)
1.6 Implement wireless network in a

secure manner
64
WPA
WPA2
WEP
EAP
PEAP
LEAP
MAC filter
SSID broadcast
TKIP
CCMP
Antenna Placement
Power level controls
Wired Equivalent Privacy WEP

Wired Equivalent Privacy (WEP) is a security algorithm for
IEEE 802.11 wireless networks. Introduced as part of the
original 802.11 standard ratified in September 1999, its
intention was to provide data confidentiality comparable to
that of a traditional wired network. WEP, recognizable by the
key of 10 or 26 hexadecimal digits, is widely in use and is
often the first security choice presented to users by router
configuration tool
65
WPA
Security protocol developed by the Wi-Fi Alliance to protect
wireless networks and surpass what WEP offered. There are
two versions, WPA and WPA2, with the latter being the full
implementation of the security features.
WPA is a security protocols and security certification
programs developed by the Wi-Fi Alliance to secure wireless
computer networks. The Alliance defined these in response to
serious weaknesses researchers had found in the previous
system, WEP (Wired Equivalent Privacy)
66
WPA2
WPA2 has replaced WPA. WPA2, which requires testing and
certification by the Wi-Fi Alliance, implements the mandatory
elements of IEEE 802.11i. In particular, it introduces CCMP, a new
AES-based encryption mode with strong security. Certification began
in September, 2004; from March 13, 2006, WPA2 certification is
mandatory for all new devices to bear the Wi-Fi trademark.
WPA also mandates the use of TKIP, while WPA2 favors Counter Mode
with Cipher Block Chaining Message Authentication Code Protocol
(CCMP). CCMP uses 128-bit AES encryption with a 48-bit initialization
vector. With the larger initialization vector, it increases the difficulty in
cracking and minimizes the risk of replay.
67
EAP
Extensible Authentication Protocol (EAP) provides a
framework for authentication that is often used with wireless
networks. Among the five EAP types adopted by the
WPA/WPA2 standard are EAP-TLS, EAP-PSK, EAP-MD5,
68
LEAP
Lightweight Extensible Authentication Protocol (LEAP) was
created by Cisco as an extension to EAP but is being phased
out in favor of PEAP. Because it is a proprietary protocol to
Cisco and created only as a quick fix for problems with WEP, it
lacks native Windows support.
LEAP requires mutual authentication to improve security but
is susceptible to dictionary attacks. It is considered a weak
EAP protocol, and Cisco does not currently recommend using
it.
69
PEAP
Protected Extensible Authentication Protocol (PEAP) was
created by Cisco, RSA, and Microsoft. It replaces LEAP and
there is native support for it in Windows (which previously
favored EAP-TLS) beginning with Windows XP. There is support
for it in all Windows operating systems since then, including
Windows Vista and Windows 7.
70
MAC Filtering
Limit access to the network to MAC addresses that are known,
and filter out those that are not. Even in a home network, you
can implement MAC filtering with most routers and typically
have an option of choosing to only allow computers with MAC
addresses that you list or only deny computers with MAC
addresses that you list.
71
SSID Broadcast
One method of "protecting" the network that is often
recommended is to turn off the SSID broadcast. The access
point is still there and can still be accessed by those who
know of it, but it prevents those who are just scanning from
finding it. This should be considered a very weak form of
security because there are still other ways, albeit a bit more
complicated, to discover the presence of the access point
besides the SSID broadcast.
72
Temporal Key Interchange/Integrity

Protocol (TKIP)
A wrapper that works with wireless encryption to strengthen WEP
implementations. It was designed to provide more secure encryption
than the notoriously weak Wired Equivalent Privacy (WEP).
To make the encryption stronger, TKIP was employed. This places a
128-bit wrapper around the WEP encryption with a key that is based
on such things as the MAC address of your machine and the serial
number of the packet. TKIP was designed as a backward-compatible
replacement to WEP and could use all existing hardware
73
CCMP
WPA also mandates the use of TKIP, while WPA2 favors
Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP). CCMP uses 128-bit AES
encryption with a 48-bit initialization vector. With the larger
initialization vector, it increases the difficulty in cracking and
minimizes the risk of replay.
74
Antenna Placement
Antenna placement can be crucial in allowing clients to reach the
access point. There isn't any one universal solution to this issue, and
it depends on the environment in which the access point is placed. As
a general rule, the greater the distance the signal must travel, the
more it will attenuate, but you can lose a signal quickly in a short
space as well if the building materials reflect or absorb the signal. You
should try to avoid placing access points near metal (which includes
appliances) or near the ground. In the center of the area to be served
and high enough to get around most obstacles is recommended.
75
Power level controls

On the chance that the signal is actually traveling too far, some
access points include power level controls that allow you to reduce
the amount of output provided.
76
Questions?
Thank you
https://
www.rooms.hp.com/attend/default.
aspx?key=RPCR4R86FW
https://www.rooms.hp.com/attend/d
efault.aspx?key=RPCR4R86FW

Network Security: ESS Comptia Security + Mentoring Program

Enviado por

Dados do documento

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Network Security: ESS Comptia Security + Mentoring Program

Enviado por

Direitos autorais:

Formatos disponíveis

Network

1.1 Explain the security function and purpose of network

Are multiport devices that improve network efficiency. A switch

Web Security Server

Types of NIDS & NIPS

Types of NIDS & NIPS

Web application firewall vs. network

Protocol Analyzers & Sniffers

All-in One appliances

1.2 Apply and implement secure network administration

Secure router configuration

Secure Router Configuration

Access Control Lists

is a protection feature built into many firewalls that allow the

Prevent network bridging by network

1.3 Distinguish and differentiate

Risks Associated to Virtualization

Risks Associated to cloud computing

Risks Associated to cloud computing

1.4 Implement and use common

Simple Network Management Protocol

Secure Shell SSH

Domain Name System DNS

Secure Socket Layer SSL

Transport Layer Security TLS

Transport Control Protocol / Internet

FTP and its variants

1.5 Identify commonly used default

Standard TCP Ports

FTP (data channel)

Standard UDP Ports

1.6 Implement wireless network in a

Wired Equivalent Privacy WEP

Temporal Key Interchange/Integrity

Power level controls

Você também pode gostar