Transcript public key
Intrusion Detection and
Intrusion Prevention Systems
Intrusion Detection System (IDS)—Only detects
unauthorized activity. Example: MS Event Viewer
Intrusion Prevention System (IPS)—Detects
unauthorized activity and performs some function
to stop the activity. Example: Most antivirus
software
IDS and IPS require some form of port monitoring
When a particular port on a switch is connected directly to
the IDS or IPS and monitors all activity through another port
on the same switch.
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Public Key Infrastructure (PKI)
Provides encryption and authentication
The method of using an algorithm to encode data.
Algorithm converts data into ciphertext
encrypted data
Cryptology—Science of encrypting data
Generates key and uses it for encryption
Generates certificate to verify authentication
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Key Encryption Methods
Symmetric-key encryption—Generally used when
large amounts of data need to be encrypted
Asymmetric-key encryption—Both the public and
private keys are needed to encode and decode
data
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Digital Certificate
A file that commonly contains data such
as
the user’s name and e-mail address,
the public key value assigned to the
user,
the validity period of the public key,
issuing authority identifier information
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Certificate Authority (CA)
1. Station1 applies for digital certificate from a CA
to send an encrypted message to Station2
2. CA issues digital certificate to Station1
3. Station1 uses private key to encrypt message
4. Station1 sends encrypted message to Station2
5. Station2 uses the public key to decode
encrypted message
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Details of a VeriSign Digital Certificate
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Security Sockets Layer (SSL) and
Transport Layer Security (TLS)
Application layer protocols
Support VoIP, e-mail, and remote connections
Based on public key encryption technology
Displays https:// when securing Web site
connection
Not compatible with each other
TLS more secure; SSL more popular
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Secure HTTP (S-HTTP)
Uses
symmetric, or private, keys for
encoding and decoding messages
Not supported by all Web browsers
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Virtual Network Connection (VNC)
Describes point-to-point connection to a remote
device
Connection considered “virtual” because user’s
network device is not a physical part of remote
network
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Internet Protocol Security (IPSec)
Collection of security protocols, hashes, and
algorithms
Authentication can be verified with Kerberos, a
preshared key, or digital certificates
IPSec VPNs typically use public and private
keys for encryption
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
IPSec Modes
Transport mode An IPSec mode that only encrypts the
payload.
Tunnel mode An IPSec mode that encrypts the payload
and the header.
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Secure Shell (SSH)
Originally designed for UNIX to replace Remote
Login (rlogin), Remote Shell (rsh), and Remote
Copy (rcp)
Uses port 22
Requires a private key, public key, and password
Can be used on operating systems that support
TCP/IP
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
SSH Example
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Secure Copy Protocol (SCP)
Replacement for Remote Copy (rcp) command
Does not require password
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Service Set Identifier (SSID)
Identifies wireless network
Similar to workgroup name
All wireless network devices are configured with a
default SSID
To secure the wireless network, the default SSID
should be changed
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Media Access Control (MAC) Filtering
To configure MAC filtering, administrator creates
an Access Control List (ACL)
ACL is located on Wireless Access Point (WAP)
ACL contains list of MAC addresses belonging to
authorized wireless network devices
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Wired Equivalent Privacy (WEP)
First attempt to secure with encryption the data
transferred across a wireless network
Algorithm not complex and can be easily cracked
A VPN can add to the security set in place by
WEP
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
Wi-Fi Protected Access (WPA)
Developed by the Wi-Fi organization to overcome
the vulnerabilities of WEP
Compatible with 802.11 devices
Wi-Fi Protected Access 2 (WPA2) is an enhanced
version of WPA
WPA2 is compatible with the 802.11i standard
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
802.11i
IEEE ratified 802.11 standard to remedy original
security flaws
Specifies the use of a 128-bit Advanced
Encryption Standard (AES) for data encryption
Generates fresh set of keys for each new
connection
Downward compatible with existing 802.11
devices
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
802.1x Authentication
Provides port-based, network access control
Used for client/server-based networks
Supplicant—Wireless network device requesting
network access
Authenticator—WAP provides authentication
Authentication server—Server running Remote
Authentication Dial-In User Service (RADIUS)
© Goodheart-Willcox Co., Inc.
Permission granted to reproduce for educational use only.
IN CLASS LAB
Roberts Labs 74, 76, 77
NEXT CLASS
Labsim Homework 8.3.1–8.3.3