Contenu connexe
Similaire à Information Security Lesson 7 - Remote Access - Eric Vanderburg (20)
Plus de Eric Vanderburg (20)
Information Security Lesson 7 - Remote Access - Eric Vanderburg
- 2. FTP
•
•
•
•
•
•
•
Download files from a server
Can use a web browser ftp://
FTP clients are also available WSFTPLE
Command line
BlindFTP – FTP with anonymous access
SFTP (Secure FTP) – FTP over SSL
Active FTP – server receives a request on port
21 and then initiates a connection to the data
port (1 greater than command port) on the client.
• Passive FTP – client initiates both the command
and data connections to the server
Information Security © 2006 Eric Vanderburg
- 3. Tunneling
• Tunneling – encapsulating a packet inside
another
• PPTP (Point to Point Tunneling Protocol)
– TCP port 1723
– MPPE (Microsoft Point to Point Encryption) used for
encryption
– LCP (Link Control Protocol) is used for setting up and
taking down the session and testing it.
– Operates only over TCP/IP
• L2TP (Layer 2 Tunneling Protocol) –
Combination of Cisco’s L2F (Layer 2
Forwarding) and PPTP.
– Supports many protocols
– Can use IPSec for encryption
Information Security © 2006 Eric Vanderburg
- 4. Tunneling
• SSH (Secure Shell) – uses a digital
certificates, or Kerberos and encrypted
passwords
– SSH replaces rsh for sending remote
commands
– SSH is a good replacement for telnet
– Slogon – replaces rlogon using SSH
– Scp replaces rcp for copying files over a
network using SSH
– SSH protects against IP spoofing, DNS
spoofing, and the confidentiality of information
Information Security © 2006 Eric Vanderburg
- 5. Tunneling
• IPSec (IP Security) – Securely exchange
packets, layer 3
– AH (Authentication Header) – used to encrypt
the header of the packet to verify that the
packet was sent from the legitimate sender.
– ESP (Encapsulating Security Payload) –
encrypts the entire packet – protects
confidentiality
– ISAKMP (Internet Security Association Key
Management Protocol) – helps the sender
and receiver obtain keys using digital
certificates
Information Security © 2006 Eric Vanderburg
- 6. Tunneling
• IPSec
– Transport mode encrypts only the data portion
(payload) of each packet, yet leaves the header
encrypted
• AH in transport mode – data, header, and AH are encrypted
• ESP in transport mode - new ESP header is created for the
data. It is authenticated and the data is encrypted
– Tunnel mode encrypts both the header and the data
portion
• AH in tunnel mode – Data, new header, tunneled header and
AH are all encrypted
• ESP in tunnel mode – new ESP header is created for the
data. It is authenticated and the header, trailer, and data is
encrypted
Information Security © 2006 Eric Vanderburg
- 7. Authentication
• 802.1x – blocks ports of unauthenticated
users
• Supplicant – client who wants to access
the network
• Authenticator – device in between the
supplicant and authentication server
• Authentication server – receives
requests and accepts of denies them.
Information Security © 2006 Eric Vanderburg
- 8. Authentication Protocols
• EAP (Extensible Authentication Protocol)
• EAP-MD5 (EAP Message Digest 5)
– Does not use certificates
– Hashes password using MD5
• LEAP (Lightweight EAP)
– Cisco version of EAP without using certificates
– Can be cracked easily with ASLEAP
• EAP-FAST (EAP Flexible Authentication via
Secure Tunneling)
– no use of certificates
– Establishes a TLS tunnel
– Improves on problems with LEAP
Information Security © 2006 Eric Vanderburg
- 9. EAP Types (continued)
• EAP-SIM (EAP Subscriber Identity Module) – used for
authentication on GSM (Global System for Mobile
Communications) devices
• EAP-TLS (Extensible Authentication Protocol Transport
Layer Security)
– Certificate based
– Used in conjunction with a RADIUS server
– Supports certificates contained on smartcards
• EAP-TTLS (EAP Tunneled Transport Layer Security)
– Entire communication is tunneled. Tunneling begins first.
• PEAP (Protected EAP)
– one way use of certificates
– MSCHAP v2 mutual authentication
Information Security © 2006 Eric Vanderburg
- 10. Centralized Authentication
• RADIUS (Remote Authentication Dial In
User Service) - Supported on Microsoft
systems
– UDP ports 1812 & 1813
• TACACS (Terminal Access Control
Access Control System) – Supported on
UNIX & Linux
– TCP port 49
• Provides AAA (Authentication,
Authorization, & Auditing)
Information Security © 2006 Eric Vanderburg
- 11. VPN (Virtual Private Networks)
• Remote connections over the Internet can
appear as local connections
• VPDN (Virtual Private Dialup Network)
• Remote Access VPN
• Site to Site VPN
• VPN Concentrator – takes many VPN
connections to or from a location and
packages them together to conserve
bandwidth.
Information Security © 2006 Eric Vanderburg
- 12. Securing Directory Services
• Directory Service – database of all users and resources
and their associated permissions
• X.500 – ISO standard for data storage on directory
servers. The standard allows applications to be written
for the standard rather than for a specific directory.
– DAP (Directory Access Protocol) – standard defining how an
application will interface with an X.500 compliant directory
server.
– LDAP (Lightweight Directory Access Protocol) – a subset of DAP
that is easier to implement and use. It also runs over TCP/IP.
– DIB (Directory Information Base) – database where directory
services data is stored. It consists of objects and their attributes.
– DIT (Directory Information Tree) – The tree-like structure of the
DIB.
Information Security © 2006 Eric Vanderburg
- 13. DAP / LDAP Flaws
• Lack of effective authentication
– Vendors often use some other form of
authentication. Ex: Windows & kerberos
• Query responses are sent in the clear.
– Encrypt database communication through
tunneling technologies discussed earlier.
Information Security © 2006 Eric Vanderburg
- 14. Wireless
• Wireless Uses
–
–
–
–
–
–
–
–
Temporary connections
Redundant connections
Network extension
Roaming
Access in difficult areas
Support for handhelds
Docking
Peripherals
• Network Types
– LANs – 802.11a,b,g,n
– Extended LANs – Microwave, Satellite
– Mobile – Radio or Cellular
Information Security © 2006 Eric Vanderburg
- 16. Electromagnetic Fundamentals
• Lower frequency = slower, less data,
longer distance
• Higher frequency = faster, more data,
shorter distance
• Highest frequencies need line of sight &
use tight beams
Information Security © 2006 Eric Vanderburg
- 17. Frequency Ranges
• Radio: 10KHz – 1GHz
• Microwave: 1GHz – 500GHz
• Infrared: 500GHz – 1THz
Information Security © 2006 Eric Vanderburg
- 18. Infrared Technologies
• Line of Sight
• Reflective (central device)
• Scatter Infrared
– Bounces signal
– Limited to 30 meters
• Broadband Optical Telepoint Networks
Information Security © 2006 Eric Vanderburg
- 19. Infrared Transmission
• Diffused
– The infrared light transmitted by the sender unit fills the area.
– The receiver unit located anywhere in that area can receive the
signal.
• Directed
– The infrared light is focused before transmitting the signal
– Increases the transmission speed.
• Directed point-to-point
– Highest transmission speed
– Receiver is aligned with the sender unit. The infrared light is then
transmitted directly to the receiver.
Information Security © 2006 Eric Vanderburg
- 20. Infrared Transmission
• Transmitted by frequencies in the 300GHz to 300,000-GHz range
• Most often used for communications
between devices in same room
– Relies on the devices being close to each
other
– May require line-of-sight path
Information Security © 2006 Eric Vanderburg
- 21. Infrared threats
• Data could be “beamed” to another device
such as a pda, laptop, or even watch
• Secure serial ports and disable infrared on
devices if it is not needed.
Information Security © 2006 Eric Vanderburg
- 22. Cellular Wireless
• 1G – First Generation
– Analog
– circuit switching (can only do one thing at a
time with a dedicated link to the other party)
– Mid 1980s
Information Security © 2006 Eric Vanderburg
- 23. Cellular Wireless
• 2G – Second Generation
– GSM (Global System for Mobile Communications)
• TDMA (Time Division Multiple Access) standard - allows
several users to share the same frequency by dividing it into
different timeslots.
• Both signaling and speech channels are digital. Supports
advanced phone functions and the ability to do multiple
actions at the same time.
• Started in Europe but soon became a global standard
– iDEN (Integrated Digital Enhanced Network)
• Supports paging, text messaging, and picture messaging
– PDC (Personal Digital Cellular) – Used mainly in
Japan
• 3G – Third Generation
– 384kbps – 3Mbps speed
– Geared for internet access
Information Security © 2006 Eric Vanderburg
- 24. Cellular Wireless
• WAP (Wireless Application Protocol) – standard
for how internet content should be formatted for
portable users (Cell & PDA)
• WAP phones use micro browsers that process
WML (Wireless Markup Language) instead of
HTML
• WAP Gateway – Converts HTML to WML
• WTLS (Wireless Transport Layer Security) –
Confidentiality, Integrity and Authentication for
WAP. Provides security between the WAP
gateway and the WAP device.
Information Security © 2006 Eric Vanderburg
- 25. Radio LAN Technologies
•
•
•
•
•
•
•
Narrow Band
Devices use known single frequency
Unregulated bands (902-928MHz,2.4GHz,5.72-5.85GHz)
No line of sight needed
Range of 70 meters
Possible to eavesdrop
High susceptibility to RFI
Information Security © 2006 Eric Vanderburg
- 26. Radio LAN Technologies
• High powered technologies
– Long range to horizon
– Towers used to redirect signal
– Much more expensive
– FCC licensing required
Information Security © 2006 Eric Vanderburg
- 27. Spread Spectrum Technologies
• Uses multiple frequencies
– Less interference
– Redundancy
• Frequency Range: 902-928MHz,2.4GHz, 5GHz
• FHSS (Frequency Hopping Spread Spectrum)
– Changes frequencies at regular intervals
– Uses high powered signals on only one frequency at a time
– Lower bandwidth, more secure (except now scanning devices
can frequency hop very easily)
• DSSS (Direct Sequence Spread Spectrum)
– Send different data chunks along multiple frequencies at lower
power (just above noise)
• OFDM (Orthogonal Frequency Division Multiplexing)
– Higher resistance to interference
– More redundant data is spread across multiple frequencies
Information Security © 2006 Eric Vanderburg
- 28. 802.11
WLAN (Wireless Local Area Networks)
• 802.11
– 2Mbps
– FHSS
• 802.11b
– 11Mbps
– 2.4GHz
– DSSS
• 802.11a
• 802.11g
– 54Mbps
– 2.4GHz
– OFDM
• 802.11n
– 300Mbps
– 2.4GHz
– OFDM
– 54Mbps
– 5GHz
– DSSS
Information Security © 2006 Eric Vanderburg
- 29. Wireless Encryption
– WEP (Wired Equivalency Protocol)
• RC4 (Rivest Cipher 4) – stream cipher
• Uses weak key generation techniques
• IV (Initialization Vector), 24 bits, and key length (40
or 124 bit) are short
– WPA (WiFi Protected Access)
• TKIP (Temporal Key Integrity Protocol) – changes
keys per packet
• MIC (Message Integrity Code) – check number or
hash
– WPA2
• AES (Advanced Encryption Standard)
• Different keys for unicast and broadcast traffic
Information Security © 2006 Eric Vanderburg
- 30. Ad Hoc Wireless
• Broadcasting/Flooding
Everyone except the recipient broadcasts
the data to the nodes in their area.
• Temporary Infrastructure
In this method, the mobile users set up a
temporary infrastructure (mapping). But
this method is complicated and it
introduces overheads. It is useful only
when there is a small number of mobile
users.
Information Security © 2006 Eric Vanderburg
- 32. Wireless
• BSA (Basic Service Area)
– Influence of the APs (Access Points)
– Depends on:
• Power of the transmitter
• Environment
• BSS (Basic Service Set)
– Stations belonging to an AP
• IBSS (Independent Basic Service Set)
– Ad hoc network
• ESS (Extended Service Set) – multiple APs are
used to service a single network. All APs use
the same SSID (Service Set Identifier)
Information Security © 2006 Eric Vanderburg
- 33. Wireless Security
•
•
•
•
•
MAC Address filtering
Disable SSID broadcasting
Use Encryption
RADIUS Authentication
Enterprise Wireless Gateways with thin
APs
Information Security © 2006 Eric Vanderburg
- 34. 802.16a Wireless MAN
• WiMax (Worldwide Interoperability for
Microwave Access)
• 40Mbps per channel
• 3-10 Kilometers
• Moving car access
• Broadband to distant locations
• Expect to see notebook cards by 2007
Information Security © 2006 Eric Vanderburg
- 35. More Microwave technology
• CDPD (Cellular Digital Packet Data)
– 19.2kbps
– Handheld connections
• Low orbit satellites
– 10bps
– Continental coverage
Information Security © 2006 Eric Vanderburg
- 36. Acronyms
•
•
•
•
•
•
•
•
•
•
•
•
•
•
AAA, Authentication Authorization & Auditing
AES, Advanced Encryption Standard
AP, Access Point
AH, Authentication Header
BSA, Basic Service Area
BSS, Basic Service Set
CDPD, Cellular Digital Packet Data
CRC, Cyclic Redundancy Check
DAP, Directory Access Protocol
DIB, Directory Information Base
DIT, Directory Information Tree
DSSS, Direct Sequence Spread Spectrum
EAP-MD5, EAP Message Digest 5
EAP-SIM, EAP Subscriber Identity Module
Information Security © 2006 Eric Vanderburg
- 37. Acronyms
• EAP-TLS, Extensible Authentication Protocol Transport
Layer Security
• EAP-TTLS, Extensible Authentication Protocol Tunneled
Transport Layer Security
• ESP, Encapsulating Security Payload
• ESS, Extended Service Set
• EAP, Extensible Authentication Protocol
• FAST, Flexible Authentication via Secure Tunneling
• FHSS, Frequency Hopping Spread Spectrum
• GSM, Global System for Mobile Communications
• IBSS, Independent Basic Service Set
• ISAKMP, Internet Security Association and Key
Management Protocol
Information Security © 2006 Eric Vanderburg
- 38. Acronyms
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IPSec, Internet Protocol Security
L2TP, Layer 2 Tunneling Protocol
LDAP, Lightweight Directory Access Protocol
LEAP, Lightweight Extensible Authentication Protocol
LCP, Link Control Protocol
NAS, Network Access Server
OFDM, Orthogonal Frequency Division Multiplexing
PPP, Point to Point Protocol
PPTP, Point to Point Tunneling Protocol
PEAP, Protected Extensible Authentication Protocol
PRNG, Pseudo Random Number Generator
PSDN, Public Switched Data Network
RADIUS, Remote Authentication Dial In User Service
SSH, Secure Shell
Information Security © 2006 Eric Vanderburg
- 39. Acronyms
• SSID, Service Set Identifier
• TKIP, Temporal Key Integrity Protocol
• TACACS, Terminal Access Control Access Control
System
• VPDN, Virtual Private Dial Up Network
• VPN, Virtual Private Network
• WPA, WiFi Protected Access
• WEP, Wired Equivalent Privacy
• WAP, Wireless Application Protocol
• WiMAX, Worldwide Interoperability for Microwave
Access
• WLAN, Wireless Local Area Network
• WML, Wireless Markup Language
• WTLS, Wireless Transport Layer Security
• XOR, Exclusive Or
Information Security © 2006 Eric Vanderburg