Information Security Lesson 7 - Remote Access - Eric Vanderburg

Information Security
Chapter 7
Remote Access

Information Security © 2006 Eric Vanderburg

FTP
•
•
•
•
•
•
•

Download files from a server
Can use a web browser ftp://
FTP clients are also available WSFTPLE
Command line
BlindFTP – FTP with anonymous access
SFTP (Secure FTP) – FTP over SSL
Active FTP – server receives a request on port
21 and then initiates a connection to the data
port (1 greater than command port) on the client.

• Passive FTP – client initiates both the command
and data connections to the server

Tunneling
• Tunneling – encapsulating a packet inside
another
• PPTP (Point to Point Tunneling Protocol)
– TCP port 1723
– MPPE (Microsoft Point to Point Encryption) used for
encryption
– LCP (Link Control Protocol) is used for setting up and
taking down the session and testing it.
– Operates only over TCP/IP

• L2TP (Layer 2 Tunneling Protocol) –
Combination of Cisco’s L2F (Layer 2
Forwarding) and PPTP.
– Supports many protocols
– Can use IPSec for encryption

Tunneling
• SSH (Secure Shell) – uses a digital
certificates, or Kerberos and encrypted
passwords
– SSH replaces rsh for sending remote
commands
– SSH is a good replacement for telnet
– Slogon – replaces rlogon using SSH
– Scp replaces rcp for copying files over a
network using SSH
– SSH protects against IP spoofing, DNS
spoofing, and the confidentiality of information

Tunneling
• IPSec (IP Security) – Securely exchange
packets, layer 3
– AH (Authentication Header) – used to encrypt
the header of the packet to verify that the
packet was sent from the legitimate sender.
– ESP (Encapsulating Security Payload) –
encrypts the entire packet – protects
confidentiality
– ISAKMP (Internet Security Association Key
Management Protocol) – helps the sender
and receiver obtain keys using digital
certificates

Tunneling
• IPSec
– Transport mode encrypts only the data portion
(payload) of each packet, yet leaves the header
encrypted
• AH in transport mode – data, header, and AH are encrypted
• ESP in transport mode - new ESP header is created for the
data. It is authenticated and the data is encrypted

– Tunnel mode encrypts both the header and the data
portion
• AH in tunnel mode – Data, new header, tunneled header and
AH are all encrypted
• ESP in tunnel mode – new ESP header is created for the
data. It is authenticated and the header, trailer, and data is
encrypted

Authentication
• 802.1x – blocks ports of unauthenticated
users
• Supplicant – client who wants to access
the network
• Authenticator – device in between the
supplicant and authentication server
• Authentication server – receives
requests and accepts of denies them.


Authentication Protocols
• EAP (Extensible Authentication Protocol)
• EAP-MD5 (EAP Message Digest 5)
– Does not use certificates
– Hashes password using MD5

• LEAP (Lightweight EAP)
– Cisco version of EAP without using certificates
– Can be cracked easily with ASLEAP

• EAP-FAST (EAP Flexible Authentication via
Secure Tunneling)
– no use of certificates
– Establishes a TLS tunnel
– Improves on problems with LEAP

EAP Types (continued)
• EAP-SIM (EAP Subscriber Identity Module) – used for
authentication on GSM (Global System for Mobile
Communications) devices
• EAP-TLS (Extensible Authentication Protocol Transport
Layer Security)
– Certificate based
– Used in conjunction with a RADIUS server
– Supports certificates contained on smartcards

• EAP-TTLS (EAP Tunneled Transport Layer Security)
– Entire communication is tunneled. Tunneling begins first.

• PEAP (Protected EAP)
– one way use of certificates
– MSCHAP v2 mutual authentication


Centralized Authentication
• RADIUS (Remote Authentication Dial In
User Service) - Supported on Microsoft
systems
– UDP ports 1812 & 1813

• TACACS (Terminal Access Control
Access Control System) – Supported on
UNIX & Linux
– TCP port 49

• Provides AAA (Authentication,
Authorization, & Auditing)

VPN (Virtual Private Networks)
• Remote connections over the Internet can
appear as local connections
• VPDN (Virtual Private Dialup Network)
• Remote Access VPN
• Site to Site VPN
• VPN Concentrator – takes many VPN
connections to or from a location and
packages them together to conserve
bandwidth.

Securing Directory Services
• Directory Service – database of all users and resources
and their associated permissions
• X.500 – ISO standard for data storage on directory
servers. The standard allows applications to be written
for the standard rather than for a specific directory.
– DAP (Directory Access Protocol) – standard defining how an
application will interface with an X.500 compliant directory
server.
– LDAP (Lightweight Directory Access Protocol) – a subset of DAP
that is easier to implement and use. It also runs over TCP/IP.
– DIB (Directory Information Base) – database where directory
services data is stored. It consists of objects and their attributes.
– DIT (Directory Information Tree) – The tree-like structure of the
DIB.


DAP / LDAP Flaws
• Lack of effective authentication
– Vendors often use some other form of
authentication. Ex: Windows & kerberos

• Query responses are sent in the clear.
– Encrypt database communication through
tunneling technologies discussed earlier.


Wireless
• Wireless Uses
–
–
–
–
–
–
–
–

Temporary connections
Redundant connections
Network extension
Roaming
Access in difficult areas
Support for handhelds
Docking
Peripherals

• Network Types
– LANs – 802.11a,b,g,n
– Extended LANs – Microwave, Satellite
– Mobile – Radio or Cellular

The Wireless Spectrum

Figure 3-37: The wireless spectrum

Electromagnetic Fundamentals
• Lower frequency = slower, less data,
longer distance
• Higher frequency = faster, more data,
shorter distance
• Highest frequencies need line of sight &
use tight beams


Frequency Ranges
• Radio: 10KHz – 1GHz
• Microwave: 1GHz – 500GHz
• Infrared: 500GHz – 1THz


Infrared Technologies
• Line of Sight
• Reflective (central device)
• Scatter Infrared
– Bounces signal
– Limited to 30 meters

• Broadband Optical Telepoint Networks


Infrared Transmission
• Diffused
– The infrared light transmitted by the sender unit fills the area.
– The receiver unit located anywhere in that area can receive the
signal.

• Directed
– The infrared light is focused before transmitting the signal
– Increases the transmission speed.

• Directed point-to-point
– Highest transmission speed
– Receiver is aligned with the sender unit. The infrared light is then
transmitted directly to the receiver.


Infrared Transmission
• Transmitted by frequencies in the 300GHz to 300,000-GHz range
• Most often used for communications
between devices in same room
– Relies on the devices being close to each
other
– May require line-of-sight path


Infrared threats
• Data could be “beamed” to another device
such as a pda, laptop, or even watch
• Secure serial ports and disable infrared on
devices if it is not needed.


Cellular Wireless
• 1G – First Generation
– Analog
– circuit switching (can only do one thing at a
time with a dedicated link to the other party)
– Mid 1980s


Cellular Wireless
• 2G – Second Generation
– GSM (Global System for Mobile Communications)
• TDMA (Time Division Multiple Access) standard - allows
several users to share the same frequency by dividing it into
different timeslots.
• Both signaling and speech channels are digital. Supports
advanced phone functions and the ability to do multiple
actions at the same time.
• Started in Europe but soon became a global standard

– iDEN (Integrated Digital Enhanced Network)
• Supports paging, text messaging, and picture messaging

– PDC (Personal Digital Cellular) – Used mainly in
Japan

• 3G – Third Generation
– 384kbps – 3Mbps speed
– Geared for internet access

Cellular Wireless
• WAP (Wireless Application Protocol) – standard
for how internet content should be formatted for
portable users (Cell & PDA)
• WAP phones use micro browsers that process
WML (Wireless Markup Language) instead of
HTML
• WAP Gateway – Converts HTML to WML
• WTLS (Wireless Transport Layer Security) –
Confidentiality, Integrity and Authentication for
WAP. Provides security between the WAP
gateway and the WAP device.

Radio LAN Technologies
•
•
•
•
•
•
•

Narrow Band
Devices use known single frequency
Unregulated bands (902-928MHz,2.4GHz,5.72-5.85GHz)
No line of sight needed
Range of 70 meters
Possible to eavesdrop
High susceptibility to RFI


Radio LAN Technologies
• High powered technologies
– Long range to horizon
– Towers used to redirect signal
– Much more expensive
– FCC licensing required


Spread Spectrum Technologies
• Uses multiple frequencies
– Less interference
– Redundancy

• Frequency Range: 902-928MHz,2.4GHz, 5GHz
• FHSS (Frequency Hopping Spread Spectrum)
– Changes frequencies at regular intervals
– Uses high powered signals on only one frequency at a time
– Lower bandwidth, more secure (except now scanning devices
can frequency hop very easily)

• DSSS (Direct Sequence Spread Spectrum)
– Send different data chunks along multiple frequencies at lower
power (just above noise)

• OFDM (Orthogonal Frequency Division Multiplexing)
– Higher resistance to interference
– More redundant data is spread across multiple frequencies


802.11
WLAN (Wireless Local Area Networks)
• 802.11
– 2Mbps
– FHSS

• 802.11b
– 11Mbps
– 2.4GHz
– DSSS

• 802.11a

• 802.11g
– 54Mbps
– 2.4GHz
– OFDM

• 802.11n
– 300Mbps
– 2.4GHz
– OFDM

– 54Mbps
– 5GHz
– DSSS

Wireless Encryption
– WEP (Wired Equivalency Protocol)
• RC4 (Rivest Cipher 4) – stream cipher
• Uses weak key generation techniques
• IV (Initialization Vector), 24 bits, and key length (40
or 124 bit) are short

– WPA (WiFi Protected Access)
• TKIP (Temporal Key Integrity Protocol) – changes
keys per packet
• MIC (Message Integrity Code) – check number or
hash

– WPA2
• AES (Advanced Encryption Standard)
• Different keys for unicast and broadcast traffic

Ad Hoc Wireless
• Broadcasting/Flooding
Everyone except the recipient broadcasts
the data to the nodes in their area.
• Temporary Infrastructure
In this method, the mobile users set up a
temporary infrastructure (mapping). But
this method is complicated and it
introduces overheads. It is useful only
when there is a small number of mobile
users.


WLAN Access Devices
•
•
•
•
•

PCMCIA
Mini PCI
PCI
CF Card
USB


Wireless
• BSA (Basic Service Area)
– Influence of the APs (Access Points)
– Depends on:
• Power of the transmitter
• Environment

• BSS (Basic Service Set)
– Stations belonging to an AP

• IBSS (Independent Basic Service Set)
– Ad hoc network

• ESS (Extended Service Set) – multiple APs are
used to service a single network. All APs use
the same SSID (Service Set Identifier)

Wireless Security
•
•
•
•
•

MAC Address filtering
Disable SSID broadcasting
Use Encryption
RADIUS Authentication
Enterprise Wireless Gateways with thin
APs


802.16a Wireless MAN
• WiMax (Worldwide Interoperability for
Microwave Access)
• 40Mbps per channel
• 3-10 Kilometers
• Moving car access
• Broadband to distant locations
• Expect to see notebook cards by 2007


More Microwave technology
• CDPD (Cellular Digital Packet Data)
– 19.2kbps
– Handheld connections

• Low orbit satellites
– 10bps
– Continental coverage


Acronyms
•
•
•
•
•
•
•
•
•
•
•
•
•
•

AAA, Authentication Authorization & Auditing
AES, Advanced Encryption Standard
AP, Access Point
AH, Authentication Header
BSA, Basic Service Area
BSS, Basic Service Set
CDPD, Cellular Digital Packet Data
CRC, Cyclic Redundancy Check
DAP, Directory Access Protocol
DIB, Directory Information Base
DIT, Directory Information Tree
DSSS, Direct Sequence Spread Spectrum
EAP-MD5, EAP Message Digest 5
EAP-SIM, EAP Subscriber Identity Module

Acronyms

• EAP-TLS, Extensible Authentication Protocol Transport
Layer Security
• EAP-TTLS, Extensible Authentication Protocol Tunneled
Transport Layer Security
• ESP, Encapsulating Security Payload
• ESS, Extended Service Set
• EAP, Extensible Authentication Protocol
• FAST, Flexible Authentication via Secure Tunneling
• FHSS, Frequency Hopping Spread Spectrum
• GSM, Global System for Mobile Communications
• IBSS, Independent Basic Service Set
• ISAKMP, Internet Security Association and Key
Management Protocol

Acronyms
•
•
•
•
•
•
•
•
•
•
•
•
•
•

IPSec, Internet Protocol Security
L2TP, Layer 2 Tunneling Protocol
LDAP, Lightweight Directory Access Protocol
LEAP, Lightweight Extensible Authentication Protocol
LCP, Link Control Protocol
NAS, Network Access Server
OFDM, Orthogonal Frequency Division Multiplexing
PPP, Point to Point Protocol
PPTP, Point to Point Tunneling Protocol
PEAP, Protected Extensible Authentication Protocol
PRNG, Pseudo Random Number Generator
PSDN, Public Switched Data Network
RADIUS, Remote Authentication Dial In User Service
SSH, Secure Shell

Acronyms
• SSID, Service Set Identifier
• TKIP, Temporal Key Integrity Protocol
• TACACS, Terminal Access Control Access Control
System
• VPDN, Virtual Private Dial Up Network
• VPN, Virtual Private Network
• WPA, WiFi Protected Access
• WEP, Wired Equivalent Privacy
• WAP, Wireless Application Protocol
• WiMAX, Worldwide Interoperability for Microwave
Access
• WLAN, Wireless Local Area Network
• WML, Wireless Markup Language
• WTLS, Wireless Transport Layer Security
• XOR, Exclusive Or

Information Security Lesson 7 - Remote Access - Eric Vanderburg

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Information Security Lesson 7 - Remote Access - Eric Vanderburg

Semelhante a Information Security Lesson 7 - Remote Access - Eric Vanderburg (20)

Mais de Eric Vanderburg

Mais de Eric Vanderburg (20)

Último

Último (20)

Information Security Lesson 7 - Remote Access - Eric Vanderburg