Security+ - An Overview of Communications Security

From Techotopia
Revision as of 20:42, 18 February 2008 by Neil (Talk | contribs) (Secure Shell (SSH))

Jump to: navigation, search

In the previous chapter of Security+ Essentials we looked at TCP/IP ports and the issue of nonessential services. Clearly a server with all ports blocked and all services disabled would be of little use to anyone except the system administrator sitting at the system console. The simple fact is that in order to be useful computer systems need to be able to communicate with other systems, either on a local area network (LAN) or over wide area networks (WAN) or the internet.

The objective a good IT security strategy therefore is not to prevent all communication, but to ensure that all communication takes place as securely as possible,

In this chapter we will look at the variety of secure methods for providing remote access, transmitting email and transferring data between systems.


Contents

Remote Access

The first area to be covered in this chapter involves the implementation of secure remote access to servers and services. Remote access falls into a variety of different categories including wireless (Wi-Fi), virtual private network (VPN), dial-up and terminal connections.

Virtual Private Network (VPN) Communications

Virtual Private Networks (VPN) are used when confidential data needs to be transported over a public network (typically the internet). A VPN provides a secure tunnel through the public network through which data packats are transmitted, usually using authentication and encryption to avoid the data being compromised.

The two primary approaches to VPN based connectivity are Point-to-Point-Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP).


Point-to-Point-Tunneling Protocol (PPTP)

The Point-to-Point-Tunneling Protocol (PPTP) provides a secure tunnel between two points on a network. PPTP works in conjunction with PPP using authentication methods such as PAP, CHAP and MS-CHAP. Using port 1723 on the server and a dynamically allocated port on the client data is encapsulated in a secure tunnel between the two systems.

Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP) is based on a combination of PPTP and Cisco's L2F technology and uses a two phase authentication process. This process involves first authenticating the computers at each end of the connection, followed by the user. Authentication of the computer is aimed at preventing Man-in-the-Middle attacks (see An Overview of IT Security Threats and Attacks for more details about Man-in-the-Middle attacks).

L2TP operates at the data-link layer of the OSI stack, and such supports a wide range of protocols in addition to TCP/IP.

Some advantages of L2TP over PPTP include greater security, support for public key insfrastrcuture (PKI) and header compression.

802.11x Wireless Connections

802.11x is a set of IEEE standards which define wireless networking better known as WiFi. A number of standards have evolved including 802.11a, 802.11b, 802.11g and 802.11.n. Until recently the concept of wireless networking involved computer systems talking to each other, but recent years have introduced a range of wireless devices (notably the iPhone from Apple) which will switch over from using a cell based wireless connect to wireless access points (WAP) when one comes into range.

Wireless networking is rapidly gaining adoption in commercial enterprises, but is still more common in homes and is subject to a number of potential security threats:

  • Clear data - Unfortunately a number of Wireless Access Points are shipped with none of the security features activated. This means that all data is transmitted in clear text form, completely unencrypted and easily captured by malicious parties.
  • Session Hijacking - The authentication process used with Wi-Fi is one-way it is possible for a thrid party to break into an existing, previously authenticated session. This is achieved by sending a signal to the client after authentication has completed such that it believes it has been disconnected. The rogue system then continues the session with the access point as if nothing has happened.
  • Man-in-the-Middle - Such an attack involves the use of a rogue access point which masquerades as the legitimate access point. The rogue WAP accepts the connection from a client and records all data transactions before passing the data on to the original access point.
  • War Driving - War driving involves driving around urban areas with a laptop essentially listening for wireless access points. Once an access point is located steps are then taken to break into the system. Once this has been achieved the information is typically uploaded to web sites so that others can similarly locate and break into the network. A concept known as war chalking has also risen in prominence in recent years. This involves a special type of graffiti which tells those in the know that an access point is nearby and providing information on hwo to access it.

The use of Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) features go a long way toward mitigating many of the risks inherent in using wireless networks. There is nop such thing as a truly secure wireless network. The objective, however, is to make it as hard as possible for the network to be breached, thereby causing those with malicious intentions to move on to weaker targets.

Dial-Up Access

Despite the wide availability of broadband internet access we still haven't quite fully escaped from the confines of dial-up access. The primary authentication protocols used on dial-up connections are Terminal Access Controller Access Control System (TACACS), Terminal Access Controller Access Control System (TACACS+) and Remote Authentication Dial-In User Service (RADIUS).

Terminal Access Controller Access Control System (TACACS)

An early using based Remote Access Server (RAS) technology designed to transmit encrypted authentication data to a separate authentication server. TACACS does not provide itself authentication service.

Remote Authentication Dial-In User Service (RADIUS)

A User Datagram Protocol (UDP) based protocol designed to provide both authentication and authorization services. Authentication functions are provided by a RADIUS server using a symmetric private key. Authorization is provided through stored user profiles.

Terminal Access Controller Access Control System (TACACS)

The TACACS+ extends the basic TACACS protocol by adding authentication and authorization functionality similar to that provided by RADIUS. Unlike RADIUS, TACACS+ is Transmission Control Protocol (TCP) rather than UDP based.

Secure Shell (SSH)

Many years ago, before we started having to worry about network and internet security a tool called telnet was used to gain remote command-line access to systems. The big problem with telnet is that it sends both the authentication information and all subsequent data in plain text making it extremely easy for the session to be compromised.

Secure Shell (SSH) is a secure alternative which is now used almost exclusively in place of telnet. SSH establishes a secure, authenticated and encrypted connection between the cleint and the server using asymmetric public keys using Rivest-Shamir-Adleman cyrptography. Data encryption is achived using IDEA, Blowfish or DES encryption.

Unlike telnet which consisted of a single tool, SSH is actually a suite of tools consisting of the following utilities:

- slogin/ssh - The Secure Login tools. Both of these tools enable a user to establish a secure connection with a remote system.

- scp - A Secure Copy tool. Used to securely transfer files between systems.

Retrieved from "https://www.techotopia.com/index.php?title=Security%2B_-_An_Overview_of_Communications_Security&oldid=5166"