CompTIA® Server+ Exam Notes : Basic Network Security Systems And Protocols

4. Security

4.2 Basic network security systems and protocols

Authentication protocols:

LDAP (Lightweight Directory Access Protocol): LDAP is a software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate intranet. ''Active Directory" is Microsoft's solution for Windows domain networks and based on the LDAP protocol. Windows Server Operating systems is LDAP based. Windows 2000 Server Operating systems and NetWare are LDAP based. eDirectory is Novell's directory platform that is cross platform and LDAP based. Similarly, Active Directory is Microsoft's solution and based on the LDAP protocol.

VLAN: VLAN, short for Virtual LAN, provides a logical network of computers. A VLAN may span multiple physical segments. The advantages of using VLANs within a LAN is that it provides greater bandwidth and security. Computers on different VLANs do not see each other directly. A VLAN segregates the network at layer-2 of the OSI model.

A VLAN is a group of devices on one or more logically segmented LANs. All devices working on a VLAN will have same broadcast domain. Like routers, the switches (Layer 2) have ability to provide domain broadcast segmentation called a VLAN. Using VLAN technology, you can group switch ports and their connected users into logically defined communities of interest. A VLAN operating on a Catalyst switch limits transmission of unicast, multicast, and broadcast traffic to only the other ports belonging to that VLAN, thereby controlling broadcasts.

The benefits of VLANS include:

1. Easy Administration resulting in reduced administration costs,

2. Increased Security due to broadcast control, if you are using simple hub, you can observe traffic corresponding to any node by simply inserting a Network analyzer.

3. Grouping based on functional requirements irrespective of physical location of nodes,

4. Simplify moves, adds, changes,

5. Distribution of traffic thereby using the network bandwidth more efficiently.

VPN: A Virtual Private Network (VPN) is a network that uses primarily public telecommunication infrastructure, such as the Internet, to provide remote offices or traveling users access to a central organizational network.

To use a VPN, both the network server (at the VPN provider's side) and the client (your computer) need to speak the same language. For this purpose, the provider's side a Remote Access Server (RAS) is used. It's this RAS that your computer connects to when using a VPN. The RAS requires your computer to provide valid credentials, which it authenticates using any one of a number of authentication methods. On the client side, your computer uses client software to establish and maintain your connection to the VPN. The client software sets up a tunneled connection to the RAS, as well as managing the encryption that secures your connection. Tunneling is a process by which data is sent privately over the internet, via a VPN. Data is encrypted while it transits the public Internet using any of the pre-negotiated protocols between the server and the client (your computer).

DMZ: A DMZ (Short for De-Militarized Zone) is a physical or logical sub-network that contains organization's external services such as Web server and exposes the same to the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN).

RADIUS: Radius is a protocol that enables a single server to become responsible for all remote-access authentication, authorization, and auditing (or accounting) services. It is an authentication and accounting system used by many Internet Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system. RADIUS implements a client/server architecture, where typical client is a router, switch, or AP and the typical server is a Windows or Unix device that is running RADIUS software.

TACACS: Short for Terminal Access Controller Access Control System, is a client-server-oriented environment, and it operates in a manner similar to RADIUS. Extended TACACS (XTACACS) replaced the original version and combined authentication and authorization with logging to enable auditing.

TACACS+: a TCP-based access control protocol, TACACS+ allows a device to forward a user's username and password to an authentication server to determine whether access can be allowed. TACACS+ itself can also act as an authentication server, if configured so. TACACS+ can also provide authorization and accounting services. TACACS+ services are maintained in a database on a server with TACACS+ daemon running, typically, on a UNIX or Windows workstation. It provides for separate and modular authentication, authorization, and accounting facilities. TACACS+ allows for a single access control server (the TACACS+ daemon) to provide each service authentication, authorization, and accounting independently. Each service can be tied into its own database to take advantage of other services available on that server or on the network, depending on the capabilities of the daemon. The goal of TACACS+ is to provide a methodology for managing multiple network access points from a single management service.

NIDS: Short for Network Intrusion Detection System, NIDS is a system that attempts to detect hacking activities, denial of service attacks or port scans on a computer network or a computer itself. The NIDS monitors network traffic and helps to detect these malicious activities by identifying suspicious patterns in the incoming packets.

The NIDS can monitor incoming, outgoing, and local traffic. Inspecting outgoing or local traffic can yield valuable insight into malicious activities, just as inspecting incoming traffic can. Some attacks can originate and stay with the local network or be staged inside the network with an outside-the-network target. The NIDS also works with other systems, like a firewall, to help better protect against known attack sources (e.g., a suspected attacker IP address).

SSL/TLS(Secure Socket Layer/Transport Layer Security): SSL and TLS are both cryptographic protocols that provide authentication and data encryption between servers, machines and applications operating over a network (e.g. a client connecting to a web server). SSL is the predecessor to TLS. Over the years, new versions of the protocols have been released to address vulnerabilities and support stronger, more secure cipher suites and algorithms.

Physical security methods:

Biometrics: Biometrics is an authentication mechanism that relies on identification or verification based on unique physiological characteristics. Biometric devices employ fingerprint recognition, hand geometry, retina scanning, and other methods to identify or verify a person based on stored biometric information

Types of Biometrics systems include:

1. Retina Scanner: A retinal scan is a biometric technique that uses the unique patterns on a person's retina to identify them.

2. Iris scanning: biometric identification that uses mathematical pattern-recognition techniques on video images of one or both of the irises of an individual's eyes, whose complex random patterns are unique, stable, and can be seen from some distance.

3. Fingerprint reader: refers to the automated method of verifying a match between two human fingerprints.

4. Facial Biometrics: Biometric face scanners identify a person by taking measurements of a person face. For example, the distance between the persons chin, eyes, nose, and mouth. These types of scanners can be very secure assuming they are smart enough to distinguish between a picture of a person and a real person.

Previous   Contents   Next