Security+ - An Overview of Communications Security

From Techotopia
Revision as of 19:49, 18 February 2008 by Neil (Talk | contribs)

Jump to: navigation, search

In the previous chapter of Security+ Essentials we looked at TCP/IP ports and the issue of nonessential services. Clearly a server with all ports blocked and all services disabled would be of little use to anyone except the system administrator sitting at the system console. The simple fact is that in order to be useful computer systems need to be able to communicate with other systems, either on a local area network (LAN) or over wide area networks (WAN) or the internet.

The objective a good IT security strategy therefore is not to prevent all communication, but to ensure that all communication takes place as securely as possible,

In this chapter we will look at the variety of secure methods for providing remote access, transmitting email and transferring data between systems.


Contents

Remote Access

The first area to be covered in this chapter involves the implementation of secure remote access to servers and services. Remote access falls into a variety of different categories including wireless (Wi-Fi), virtual private network (VPN), dial-up and terminal connections.

Virtual Private Network (VPN) Communications

Virtual Private Networks (VPN) are used when confidential data needs to be transported over a public network (typically the internet). A VPN provides a secure tunnel through the public network through which data packats are transmitted, usually using authentication and encryption to avoid the data being compromised.

The two primary approaches to VPN based connectivity are Point-to-Point-Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP).


Point-to-Point-Tunneling Protocol (PPTP)

The Point-to-Point-Tunneling Protocol (PPTP) provides a secure tunnel between two points on a network. PPTP works in conjunction with PPP using authentication methods such as PAP, CHAP and MS-CHAP. Using port 1723 on the server and a dynamically allocated port on the client data is encapsulated in a secure tunnel between the two systems.

Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP) is based on a combination of PPTP and Cisco's L2F technology and uses a two phase authentication process. This process involves first authenticating the computers at each end of the connection, followed by the user. Authentication of the computer is aimed at preventing Man-in-the-Middle attacks (see [[

Retrieved from "https://www.techotopia.com/index.php?title=Security%2B_-_An_Overview_of_Communications_Security&oldid=5163"