Enviar pesquisa
Carregar
Information Security Lesson 7 - Remote Access - Eric Vanderburg
•
Transferir como PPT, PDF
•
1 gostou
•
642 visualizações
Eric Vanderburg
Seguir
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 39
Baixar agora
Recomendados
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
Brief LoRaWAN Overview
Brief LoRaWAN Overview
Alper Yegin
Lorawan: What you need to know
Lorawan: What you need to know
Paul Coomans
Dash7 alliance protocol - where rfid meets wsn
Dash7 alliance protocol - where rfid meets wsn
Maarten Weyn
Practical Examples of LoRaWAN in Action
Practical Examples of LoRaWAN in Action
Robin Harris
Introduction to LoRa for developers
Introduction to LoRa for developers
Robin Harris
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
Maarten Weyn
The IoT Hunger Games 2015
The IoT Hunger Games 2015
Haystack Technologies
Recomendados
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
Brief LoRaWAN Overview
Brief LoRaWAN Overview
Alper Yegin
Lorawan: What you need to know
Lorawan: What you need to know
Paul Coomans
Dash7 alliance protocol - where rfid meets wsn
Dash7 alliance protocol - where rfid meets wsn
Maarten Weyn
Practical Examples of LoRaWAN in Action
Practical Examples of LoRaWAN in Action
Robin Harris
Introduction to LoRa for developers
Introduction to LoRa for developers
Robin Harris
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
DASH7: Context aware sensor and actuator data propagation system using sub-1 Ghz
Maarten Weyn
The IoT Hunger Games 2015
The IoT Hunger Games 2015
Haystack Technologies
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Eric Vanderburg
LoRaWAN for IoT
LoRaWAN for IoT
Stavros Kalapothas
DASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical Presentation
Maarten Weyn
LoRa online training for utility guys
LoRa online training for utility guys
Nikolay Milovanov
What is LoRaWAN_Tom Zamir_IoT Expert
What is LoRaWAN_Tom Zamir_IoT Expert
Guy Vinograd ☁
Squid.link Gateway
Squid.link Gateway
Freddy Engel
LoRa application for detecting the harmful gases
LoRa application for detecting the harmful gases
PARNIKA GUPTA
IP Signal Distribution
IP Signal Distribution
rAVe [PUBS]
Introduction To LoRaWan
Introduction To LoRaWan
Ahmet Ensar Köprülü
Databook 2016-151224-a3
Databook 2016-151224-a3
DrayTek
LoRaWAN in Depth
LoRaWAN in Depth
APNIC
Zigbee intro v5
Zigbee intro v5
rajrayala
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
rAVe [PUBS]
Jeudis du Libre / Lorawan & The Things Network
Jeudis du Libre / Lorawan & The Things Network
Romain Cambier
9.) audio video ethernet (avb cobra net dante)
9.) audio video ethernet (avb cobra net dante)
Jeff Green
Assessing Network Readiness
Assessing Network Readiness
rAVe [PUBS]
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
Networkel
Bluetooth mobileip
Bluetooth mobileip
VIKAS SINGH BHADOURIA
Hp a5500
Hp a5500
Michel Hidalgo
Get started on SIGFOX
Get started on SIGFOX
Ryan Derouin
wireless application protocol
wireless application protocol
Smriti Agrawal
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
FRSecure
Mais conteúdo relacionado
Mais procurados
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Eric Vanderburg
LoRaWAN for IoT
LoRaWAN for IoT
Stavros Kalapothas
DASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical Presentation
Maarten Weyn
LoRa online training for utility guys
LoRa online training for utility guys
Nikolay Milovanov
What is LoRaWAN_Tom Zamir_IoT Expert
What is LoRaWAN_Tom Zamir_IoT Expert
Guy Vinograd ☁
Squid.link Gateway
Squid.link Gateway
Freddy Engel
LoRa application for detecting the harmful gases
LoRa application for detecting the harmful gases
PARNIKA GUPTA
IP Signal Distribution
IP Signal Distribution
rAVe [PUBS]
Introduction To LoRaWan
Introduction To LoRaWan
Ahmet Ensar Köprülü
Databook 2016-151224-a3
Databook 2016-151224-a3
DrayTek
LoRaWAN in Depth
LoRaWAN in Depth
APNIC
Zigbee intro v5
Zigbee intro v5
rajrayala
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
rAVe [PUBS]
Jeudis du Libre / Lorawan & The Things Network
Jeudis du Libre / Lorawan & The Things Network
Romain Cambier
9.) audio video ethernet (avb cobra net dante)
9.) audio video ethernet (avb cobra net dante)
Jeff Green
Assessing Network Readiness
Assessing Network Readiness
rAVe [PUBS]
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
Networkel
Bluetooth mobileip
Bluetooth mobileip
VIKAS SINGH BHADOURIA
Hp a5500
Hp a5500
Michel Hidalgo
Get started on SIGFOX
Get started on SIGFOX
Ryan Derouin
Mais procurados
(20)
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
Information Security Lesson 5 - Network Infrastructure - Eric Vanderburg
LoRaWAN for IoT
LoRaWAN for IoT
DASH7 Alliance Protocol Technical Presentation
DASH7 Alliance Protocol Technical Presentation
LoRa online training for utility guys
LoRa online training for utility guys
What is LoRaWAN_Tom Zamir_IoT Expert
What is LoRaWAN_Tom Zamir_IoT Expert
Squid.link Gateway
Squid.link Gateway
LoRa application for detecting the harmful gases
LoRa application for detecting the harmful gases
IP Signal Distribution
IP Signal Distribution
Introduction To LoRaWan
Introduction To LoRaWan
Databook 2016-151224-a3
Databook 2016-151224-a3
LoRaWAN in Depth
LoRaWAN in Depth
Zigbee intro v5
Zigbee intro v5
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
An Introduction and Comparison of Dante, AVB and CobraNet Methodologies
Jeudis du Libre / Lorawan & The Things Network
Jeudis du Libre / Lorawan & The Things Network
9.) audio video ethernet (avb cobra net dante)
9.) audio video ethernet (avb cobra net dante)
Assessing Network Readiness
Assessing Network Readiness
CCNA Quality of Services (QoS)
CCNA Quality of Services (QoS)
Bluetooth mobileip
Bluetooth mobileip
Hp a5500
Hp a5500
Get started on SIGFOX
Get started on SIGFOX
Semelhante a Information Security Lesson 7 - Remote Access - Eric Vanderburg
wireless application protocol
wireless application protocol
Smriti Agrawal
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
FRSecure
internet network for o level
internet network for o level
Samit Singh
Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
Topic 4.0 wireless technology
Topic 4.0 wireless technology
Atika Zaimi
Network Concepts
Network Concepts
Rajamanickam Gomathijayam
Unit08
Unit08
Nurul Nadirah
Enterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilot
ServicePilot
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
AliMohamed855266
Accessing remote networks
Accessing remote networks
Westermo Network Technologies
Case mis ch06
Case mis ch06
Sanghyeok Park
Client server system and remote connectivity
Client server system and remote connectivity
Online
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
Karthikeyan Dhayalan
Wireless Network security
Wireless Network security
Fathima Rahaman
Enterprise campus networks
Enterprise campus networks
Kishor Satpathy
Minimizing Information Transparency
Minimizing Information Transparency
Usman Arshad
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
Sam Bowne
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
cmstiernberg
IP security and VPN presentation
IP security and VPN presentation
KishoreTs3
Semelhante a Information Security Lesson 7 - Remote Access - Eric Vanderburg
(20)
wireless application protocol
wireless application protocol
2018 FRSecure CISSP Mentor Program- Session 7
2018 FRSecure CISSP Mentor Program- Session 7
internet network for o level
internet network for o level
Vpn(virtual private network)
Vpn(virtual private network)
Topic 4.0 wireless technology
Topic 4.0 wireless technology
Network Concepts
Network Concepts
Unit08
Unit08
Enterprise Network Monitoring Software by ServicePilot
Enterprise Network Monitoring Software by ServicePilot
Module 8 - Ccna - Pre.pptx
Module 8 - Ccna - Pre.pptx
Accessing remote networks
Accessing remote networks
Case mis ch06
Case mis ch06
Client server system and remote connectivity
Client server system and remote connectivity
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
Wireless Network security
Wireless Network security
Enterprise campus networks
Enterprise campus networks
Minimizing Information Transparency
Minimizing Information Transparency
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
CNIT 125 Ch 5 Communication & Network Security (part 2 of 2)
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
Understanding IT Network Security for Wireless and Wired Measurement Applicat...
IP security and VPN presentation
IP security and VPN presentation
Mais de Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Eric Vanderburg
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
Eric Vanderburg
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Eric Vanderburg
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Eric Vanderburg
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Eric Vanderburg
Principles of technology management
Principles of technology management
Eric Vanderburg
Japanese railway technology
Japanese railway technology
Eric Vanderburg
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Eric Vanderburg
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Eric Vanderburg
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Eric Vanderburg
Incident response table top exercises
Incident response table top exercises
Eric Vanderburg
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Eric Vanderburg
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Eric Vanderburg
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Eric Vanderburg
Mais de Eric Vanderburg
(20)
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Modern Security the way Equifax Should Have
Modern Security the way Equifax Should Have
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Mobile Forensics and Cybersecurity
Mobile Forensics and Cybersecurity
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Ransomware: 2016's Greatest Malware Threat
Ransomware: 2016's Greatest Malware Threat
Emerging Technologies: Japan’s Position
Emerging Technologies: Japan’s Position
Principles of technology management
Principles of technology management
Japanese railway technology
Japanese railway technology
Evaluating japanese technological competitiveness
Evaluating japanese technological competitiveness
Japanese current and future technology management challenges
Japanese current and future technology management challenges
Technology management in Japan: Robotics
Technology management in Japan: Robotics
Incident response table top exercises
Incident response table top exercises
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Hacktivism: Motivations, Tactics and Threats
Hacktivism: Motivations, Tactics and Threats
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Deconstructing website attacks - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Countering malware threats - Eric Vanderburg
Último
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
Radu Cotescu
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Maria Levchenko
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Último
(20)
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Information Security Lesson 7 - Remote Access - Eric Vanderburg
1.
Information Security Chapter 7 Remote
Access Information Security © 2006 Eric Vanderburg
2.
FTP • • • • • • • Download files from
a server Can use a web browser ftp:// FTP clients are also available WSFTPLE Command line BlindFTP – FTP with anonymous access SFTP (Secure FTP) – FTP over SSL Active FTP – server receives a request on port 21 and then initiates a connection to the data port (1 greater than command port) on the client. • Passive FTP – client initiates both the command and data connections to the server Information Security © 2006 Eric Vanderburg
3.
Tunneling • Tunneling –
encapsulating a packet inside another • PPTP (Point to Point Tunneling Protocol) – TCP port 1723 – MPPE (Microsoft Point to Point Encryption) used for encryption – LCP (Link Control Protocol) is used for setting up and taking down the session and testing it. – Operates only over TCP/IP • L2TP (Layer 2 Tunneling Protocol) – Combination of Cisco’s L2F (Layer 2 Forwarding) and PPTP. – Supports many protocols – Can use IPSec for encryption Information Security © 2006 Eric Vanderburg
4.
Tunneling • SSH (Secure
Shell) – uses a digital certificates, or Kerberos and encrypted passwords – SSH replaces rsh for sending remote commands – SSH is a good replacement for telnet – Slogon – replaces rlogon using SSH – Scp replaces rcp for copying files over a network using SSH – SSH protects against IP spoofing, DNS spoofing, and the confidentiality of information Information Security © 2006 Eric Vanderburg
5.
Tunneling • IPSec (IP
Security) – Securely exchange packets, layer 3 – AH (Authentication Header) – used to encrypt the header of the packet to verify that the packet was sent from the legitimate sender. – ESP (Encapsulating Security Payload) – encrypts the entire packet – protects confidentiality – ISAKMP (Internet Security Association Key Management Protocol) – helps the sender and receiver obtain keys using digital certificates Information Security © 2006 Eric Vanderburg
6.
Tunneling • IPSec – Transport
mode encrypts only the data portion (payload) of each packet, yet leaves the header encrypted • AH in transport mode – data, header, and AH are encrypted • ESP in transport mode - new ESP header is created for the data. It is authenticated and the data is encrypted – Tunnel mode encrypts both the header and the data portion • AH in tunnel mode – Data, new header, tunneled header and AH are all encrypted • ESP in tunnel mode – new ESP header is created for the data. It is authenticated and the header, trailer, and data is encrypted Information Security © 2006 Eric Vanderburg
7.
Authentication • 802.1x –
blocks ports of unauthenticated users • Supplicant – client who wants to access the network • Authenticator – device in between the supplicant and authentication server • Authentication server – receives requests and accepts of denies them. Information Security © 2006 Eric Vanderburg
8.
Authentication Protocols • EAP
(Extensible Authentication Protocol) • EAP-MD5 (EAP Message Digest 5) – Does not use certificates – Hashes password using MD5 • LEAP (Lightweight EAP) – Cisco version of EAP without using certificates – Can be cracked easily with ASLEAP • EAP-FAST (EAP Flexible Authentication via Secure Tunneling) – no use of certificates – Establishes a TLS tunnel – Improves on problems with LEAP Information Security © 2006 Eric Vanderburg
9.
EAP Types (continued) •
EAP-SIM (EAP Subscriber Identity Module) – used for authentication on GSM (Global System for Mobile Communications) devices • EAP-TLS (Extensible Authentication Protocol Transport Layer Security) – Certificate based – Used in conjunction with a RADIUS server – Supports certificates contained on smartcards • EAP-TTLS (EAP Tunneled Transport Layer Security) – Entire communication is tunneled. Tunneling begins first. • PEAP (Protected EAP) – one way use of certificates – MSCHAP v2 mutual authentication Information Security © 2006 Eric Vanderburg
10.
Centralized Authentication • RADIUS
(Remote Authentication Dial In User Service) - Supported on Microsoft systems – UDP ports 1812 & 1813 • TACACS (Terminal Access Control Access Control System) – Supported on UNIX & Linux – TCP port 49 • Provides AAA (Authentication, Authorization, & Auditing) Information Security © 2006 Eric Vanderburg
11.
VPN (Virtual Private
Networks) • Remote connections over the Internet can appear as local connections • VPDN (Virtual Private Dialup Network) • Remote Access VPN • Site to Site VPN • VPN Concentrator – takes many VPN connections to or from a location and packages them together to conserve bandwidth. Information Security © 2006 Eric Vanderburg
12.
Securing Directory Services •
Directory Service – database of all users and resources and their associated permissions • X.500 – ISO standard for data storage on directory servers. The standard allows applications to be written for the standard rather than for a specific directory. – DAP (Directory Access Protocol) – standard defining how an application will interface with an X.500 compliant directory server. – LDAP (Lightweight Directory Access Protocol) – a subset of DAP that is easier to implement and use. It also runs over TCP/IP. – DIB (Directory Information Base) – database where directory services data is stored. It consists of objects and their attributes. – DIT (Directory Information Tree) – The tree-like structure of the DIB. Information Security © 2006 Eric Vanderburg
13.
DAP / LDAP
Flaws • Lack of effective authentication – Vendors often use some other form of authentication. Ex: Windows & kerberos • Query responses are sent in the clear. – Encrypt database communication through tunneling technologies discussed earlier. Information Security © 2006 Eric Vanderburg
14.
Wireless • Wireless Uses – – – – – – – – Temporary
connections Redundant connections Network extension Roaming Access in difficult areas Support for handhelds Docking Peripherals • Network Types – LANs – 802.11a,b,g,n – Extended LANs – Microwave, Satellite – Mobile – Radio or Cellular Information Security © 2006 Eric Vanderburg
15.
The Wireless Spectrum Figure
3-37: The wireless spectrum Information Security © 2006 Eric Vanderburg
16.
Electromagnetic Fundamentals • Lower
frequency = slower, less data, longer distance • Higher frequency = faster, more data, shorter distance • Highest frequencies need line of sight & use tight beams Information Security © 2006 Eric Vanderburg
17.
Frequency Ranges • Radio:
10KHz – 1GHz • Microwave: 1GHz – 500GHz • Infrared: 500GHz – 1THz Information Security © 2006 Eric Vanderburg
18.
Infrared Technologies • Line
of Sight • Reflective (central device) • Scatter Infrared – Bounces signal – Limited to 30 meters • Broadband Optical Telepoint Networks Information Security © 2006 Eric Vanderburg
19.
Infrared Transmission • Diffused –
The infrared light transmitted by the sender unit fills the area. – The receiver unit located anywhere in that area can receive the signal. • Directed – The infrared light is focused before transmitting the signal – Increases the transmission speed. • Directed point-to-point – Highest transmission speed – Receiver is aligned with the sender unit. The infrared light is then transmitted directly to the receiver. Information Security © 2006 Eric Vanderburg
20.
Infrared Transmission • Transmitted
by frequencies in the 300GHz to 300,000-GHz range • Most often used for communications between devices in same room – Relies on the devices being close to each other – May require line-of-sight path Information Security © 2006 Eric Vanderburg
21.
Infrared threats • Data
could be “beamed” to another device such as a pda, laptop, or even watch • Secure serial ports and disable infrared on devices if it is not needed. Information Security © 2006 Eric Vanderburg
22.
Cellular Wireless • 1G
– First Generation – Analog – circuit switching (can only do one thing at a time with a dedicated link to the other party) – Mid 1980s Information Security © 2006 Eric Vanderburg
23.
Cellular Wireless • 2G
– Second Generation – GSM (Global System for Mobile Communications) • TDMA (Time Division Multiple Access) standard - allows several users to share the same frequency by dividing it into different timeslots. • Both signaling and speech channels are digital. Supports advanced phone functions and the ability to do multiple actions at the same time. • Started in Europe but soon became a global standard – iDEN (Integrated Digital Enhanced Network) • Supports paging, text messaging, and picture messaging – PDC (Personal Digital Cellular) – Used mainly in Japan • 3G – Third Generation – 384kbps – 3Mbps speed – Geared for internet access Information Security © 2006 Eric Vanderburg
24.
Cellular Wireless • WAP
(Wireless Application Protocol) – standard for how internet content should be formatted for portable users (Cell & PDA) • WAP phones use micro browsers that process WML (Wireless Markup Language) instead of HTML • WAP Gateway – Converts HTML to WML • WTLS (Wireless Transport Layer Security) – Confidentiality, Integrity and Authentication for WAP. Provides security between the WAP gateway and the WAP device. Information Security © 2006 Eric Vanderburg
25.
Radio LAN Technologies • • • • • • • Narrow
Band Devices use known single frequency Unregulated bands (902-928MHz,2.4GHz,5.72-5.85GHz) No line of sight needed Range of 70 meters Possible to eavesdrop High susceptibility to RFI Information Security © 2006 Eric Vanderburg
26.
Radio LAN Technologies •
High powered technologies – Long range to horizon – Towers used to redirect signal – Much more expensive – FCC licensing required Information Security © 2006 Eric Vanderburg
27.
Spread Spectrum Technologies •
Uses multiple frequencies – Less interference – Redundancy • Frequency Range: 902-928MHz,2.4GHz, 5GHz • FHSS (Frequency Hopping Spread Spectrum) – Changes frequencies at regular intervals – Uses high powered signals on only one frequency at a time – Lower bandwidth, more secure (except now scanning devices can frequency hop very easily) • DSSS (Direct Sequence Spread Spectrum) – Send different data chunks along multiple frequencies at lower power (just above noise) • OFDM (Orthogonal Frequency Division Multiplexing) – Higher resistance to interference – More redundant data is spread across multiple frequencies Information Security © 2006 Eric Vanderburg
28.
802.11 WLAN (Wireless Local
Area Networks) • 802.11 – 2Mbps – FHSS • 802.11b – 11Mbps – 2.4GHz – DSSS • 802.11a • 802.11g – 54Mbps – 2.4GHz – OFDM • 802.11n – 300Mbps – 2.4GHz – OFDM – 54Mbps – 5GHz – DSSS Information Security © 2006 Eric Vanderburg
29.
Wireless Encryption – WEP
(Wired Equivalency Protocol) • RC4 (Rivest Cipher 4) – stream cipher • Uses weak key generation techniques • IV (Initialization Vector), 24 bits, and key length (40 or 124 bit) are short – WPA (WiFi Protected Access) • TKIP (Temporal Key Integrity Protocol) – changes keys per packet • MIC (Message Integrity Code) – check number or hash – WPA2 • AES (Advanced Encryption Standard) • Different keys for unicast and broadcast traffic Information Security © 2006 Eric Vanderburg
30.
Ad Hoc Wireless •
Broadcasting/Flooding Everyone except the recipient broadcasts the data to the nodes in their area. • Temporary Infrastructure In this method, the mobile users set up a temporary infrastructure (mapping). But this method is complicated and it introduces overheads. It is useful only when there is a small number of mobile users. Information Security © 2006 Eric Vanderburg
31.
WLAN Access Devices • • • • • PCMCIA Mini
PCI PCI CF Card USB Information Security © 2006 Eric Vanderburg
32.
Wireless • BSA (Basic
Service Area) – Influence of the APs (Access Points) – Depends on: • Power of the transmitter • Environment • BSS (Basic Service Set) – Stations belonging to an AP • IBSS (Independent Basic Service Set) – Ad hoc network • ESS (Extended Service Set) – multiple APs are used to service a single network. All APs use the same SSID (Service Set Identifier) Information Security © 2006 Eric Vanderburg
33.
Wireless Security • • • • • MAC Address
filtering Disable SSID broadcasting Use Encryption RADIUS Authentication Enterprise Wireless Gateways with thin APs Information Security © 2006 Eric Vanderburg
34.
802.16a Wireless MAN •
WiMax (Worldwide Interoperability for Microwave Access) • 40Mbps per channel • 3-10 Kilometers • Moving car access • Broadband to distant locations • Expect to see notebook cards by 2007 Information Security © 2006 Eric Vanderburg
35.
More Microwave technology •
CDPD (Cellular Digital Packet Data) – 19.2kbps – Handheld connections • Low orbit satellites – 10bps – Continental coverage Information Security © 2006 Eric Vanderburg
36.
Acronyms • • • • • • • • • • • • • • AAA, Authentication Authorization
& Auditing AES, Advanced Encryption Standard AP, Access Point AH, Authentication Header BSA, Basic Service Area BSS, Basic Service Set CDPD, Cellular Digital Packet Data CRC, Cyclic Redundancy Check DAP, Directory Access Protocol DIB, Directory Information Base DIT, Directory Information Tree DSSS, Direct Sequence Spread Spectrum EAP-MD5, EAP Message Digest 5 EAP-SIM, EAP Subscriber Identity Module Information Security © 2006 Eric Vanderburg
37.
Acronyms • EAP-TLS, Extensible
Authentication Protocol Transport Layer Security • EAP-TTLS, Extensible Authentication Protocol Tunneled Transport Layer Security • ESP, Encapsulating Security Payload • ESS, Extended Service Set • EAP, Extensible Authentication Protocol • FAST, Flexible Authentication via Secure Tunneling • FHSS, Frequency Hopping Spread Spectrum • GSM, Global System for Mobile Communications • IBSS, Independent Basic Service Set • ISAKMP, Internet Security Association and Key Management Protocol Information Security © 2006 Eric Vanderburg
38.
Acronyms • • • • • • • • • • • • • • IPSec, Internet Protocol
Security L2TP, Layer 2 Tunneling Protocol LDAP, Lightweight Directory Access Protocol LEAP, Lightweight Extensible Authentication Protocol LCP, Link Control Protocol NAS, Network Access Server OFDM, Orthogonal Frequency Division Multiplexing PPP, Point to Point Protocol PPTP, Point to Point Tunneling Protocol PEAP, Protected Extensible Authentication Protocol PRNG, Pseudo Random Number Generator PSDN, Public Switched Data Network RADIUS, Remote Authentication Dial In User Service SSH, Secure Shell Information Security © 2006 Eric Vanderburg
39.
Acronyms • SSID, Service
Set Identifier • TKIP, Temporal Key Integrity Protocol • TACACS, Terminal Access Control Access Control System • VPDN, Virtual Private Dial Up Network • VPN, Virtual Private Network • WPA, WiFi Protected Access • WEP, Wired Equivalent Privacy • WAP, Wireless Application Protocol • WiMAX, Worldwide Interoperability for Microwave Access • WLAN, Wireless Local Area Network • WML, Wireless Markup Language • WTLS, Wireless Transport Layer Security • XOR, Exclusive Or Information Security © 2006 Eric Vanderburg
Baixar agora