• Save
Comp tia n+_session_09
Upcoming SlideShare
Loading in...5
×
 

Comp tia n+_session_09

on

  • 646 views

 

Statistics

Views

Total Views
646
Views on SlideShare
612
Embed Views
34

Actions

Likes
2
Downloads
0
Comments
0

1 Embed 34

http://niitcourseslides.blogspot.in 34

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • You need to tell the password complexity requirements as given in page no. 377 of CG.
  • A proxy server combines NAT, firewall, and caching functionality.
  • You have to tell about: Remote control solutions Network access through remote control As given in the page no 416 of CG.
  • You need to tell about the advantages of thin clients as given in page no 425 of CG.
  • You need to tell about the advantages of thin clients as given in page no 425 of CG.
  • You need to tell about the advantages of thin clients as given in page no 425 of CG.
  • You need to tell about the advantages of thin clients as given in page no 425 of CG.
  • To be modified
  • To be modified
  • To be modified

Comp tia n+_session_09 Comp tia n+_session_09 Presentation Transcript

  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Objectives In this session, you will learn to: Identify network authentication methods. Identify major data encryption methods and technologies. Identify the primary techniques used to secure Internet connections. Identify the major architectures in remote networking implementations. Identify common terminal services network implementations. Ver. 1.0 Session 9 Slide 1 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Network Authentication Methods In a network environment, the security settings control how users and computers authenticate to the network. Authentication is the first line of defense against attack or intrusion into network systems. The various network authentication methods are: Strong Passwords Kerberos Extensible Authentication Protocol (EAP) Ver. 1.0 Session 9 Slide 2 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Strong Passwords • A strong password is a password that meets complexity requirements that are set by a system administrator and documented in a password policy by specifying: Minimum length Special characters !Pass1234 Uppercase letters Numbers Lowercase letters • Authentication based entirely on a user name/password combination is sometimes called authentication by assertion. Ver. 1.0 Session 9 Slide 3 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Kerberos • Kerberos is an Internet standard authentication protocol that links a user name and password to an authority that can certify that the user is valid and also verify the user’s ability to access resources. KAS Authenticates Trusts KAS with KAS Uses credentials to access resources Resource User01 server Ver. 1.0 Session 9 Slide 4 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation The Kerberos Process A Kerberos client uses a Kerberos authentication process to establish a secure connection with a service. 1 Credentials 2 KAS User01 TGT 5 3 TGT 4 Session Session Resource server Ver. 1.0 Session 9 Slide 5 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Extensible Authentication Protocol (EAP) • Extensible Authentication Protocol (EAP) is an authentication protocol that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication. EAP enables hardware-based authentication Fingerprint scanner Smart card reader Ver. 1.0 Session 9 Slide 6 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 11-4 Activity Examining Strong Passwords Ver. 1.0 Session 9 Slide 7 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Data Encryption • Data encryption is a way to secure client information. • The various data encryption methods and technologies are: Key-Based Encryption Systems Data Encryption Standard (DES) Digital Certificates Public Key Infrastructure (PKI) The Certificate Encryption Process The Certificate Authentication Process IP Security (IPSec) IPSec Levels IPSec Policies Secure Sockets Layer (SSL) The SSL Process Ver. 1.0 Session 9 Slide 8 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Key-Based Encryption Systems • Key-based encryption system uses a key to control how information is encoded and decoded. • Types of key-based encryption: Shared-key or symmetric system Key-pair or asymmetric system with two keys: • A public key • A private key The following figure depicts the shared-key encryption system: Encrypts data Decrypts data Same key on both sides Ver. 1.0 Session 9 Slide 9 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Key-Based Encryption Systems (Contd.) The following figure depicts the private-key encryption system: 1 Exchange public keys Public key A Computer A Computer B Public key B 2 Data encrypted using public key B 3 Data decrypted with private key B Computer A Computer B Computer A Computer B Ver. 1.0 Session 9 Slide 10 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 11-5 Encrypting Data with EFS Ver. 1.0 Session 9 Slide 11 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Data Encryption Standard (DES) • DES is a shared-key encryption standard that is based on a 56-bit encryption key that includes an additional 8 parity bits. 56 bits 8 parity bits Shared DES key Triple encoding Triple encoding 3 DES keys Ver. 1.0 Session 9 Slide 12 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 11-6 Examining Default IPSec Policies Ver. 1.0 Session 9 Slide 13 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Digital Certificates • A digital certificate is an electronic document that associates credentials with a public key. • A server called a Certificate Authority (CA) issues certificates and the associated public/private key pairs. • Both users and devices can hold certificates. CA Issues Trusts CA and certificate accepts certificate Presents certificate Certificate holder Resource Ver. 1.0 Session 9 Slide 14 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 11-7 Installing a Root Certificate Authority (CA) Ver. 1.0 Session 9 Slide 15 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Public Key Infrastructure (PKI) • PKI is a hierarchical authentication and validation system that is composed of CAs, certificates, software, services, and other cryptographic components. • PKI issues and maintains public/private key pairs and certificates. Server certificate Certificates and key pair User01 Root CA Issuing CA Certificates and key pair User02 Ver. 1.0 Session 9 Slide 16 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation The Certificate Encryption Process • Certificate Encryption Process : CA 1 3 2 4 User01 User02 • The Encrypting File System (EFS) is a file-encryption tool available on Windows systems that have partitions formatted with NTFS. Ver. 1.0 Session 9 Slide 17 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation The Certificate Authentication Process • The Certificate Authentication Process: User01 public key decrypts Private key encrypts signature User01 User02 • Digital signature is a small piece of encrypted data that is attached to a message to verify the sender’s identify. Ver. 1.0 Session 9 Slide 18 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation IP Security (IPSec) • IPSec is a versatile, nonproprietary suite of security standards that provides end-to-end authentication and encryption for secure communications sessions on IP networks. Negotiate Security Association (SA) Negotiate encryption Communicate securely Ver. 1.0 Session 9 Slide 19 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation IPSec Levels There are three IPSec levels: Client Server Secure Server Require security Secure Server Request security Server Respond only Client Ver. 1.0 Session 9 Slide 20 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation IPSec Policies IPSec policies are composed of rules, and each rule has five component, as shown in the following figure: Components of Rules in the a rule policy Ver. 1.0 Session 9 Slide 21 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation The SSL Process Secure Sockets Layer (SSL) is a security protocol that combines digital certificates for authentication with RSA public-key data encryption. The SSL is a server driven process which works, as shown in the following figure: Request secure https: connection Send certificate and public key Negotiate encryption Ver. 1.0 Session 9 Slide 22 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Network Address Translation (NAT) • Network address translation (NAT) is a form of Internet security that conceals internal addressing schemes from the public Internet. NAT Server 24.96.83.120 192.168.12.20 192.168.12.30 192.168.12.100 NAT is implemented as: Software such as ICS in Windows systems. Hardware such as cable modems and DSL routers. Ver. 1.0 Session 9 Slide 23 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 11-8 Examining Proxy Settings Ver. 1.0 Session 9 Slide 24 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation The NAT Process The NAT process translates external and internal addresses based on port numbers following the steps: • Step-1: Client request • Step-2: Source address conversion • Step-3: Data return • Step-4: Internal source identification • Step-5: Data deliver 192.168.12.40:80 24.96.83.120:23,040 Client NAT server Web server Port# Internal address 23,040 192.168.12.40:80 Address translation table Ver. 1.0 Session 9 Slide 25 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Firewalls • A firewall is a software program or hardware device that protects networks from unauthorized data by blocking unsolicited traffic. Approved traffic Firewall Unapproved traffic Ver. 1.0 Session 9 Slide 26 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Demilitarized Zones (DMZs) • DMZ is a small section of a private network that is located between two firewalls and made available for public access. DMZ Web server Ver. 1.0 Session 9 Slide 27 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Internet Proxies • An Internet proxy is a system that isolates internal networks from the Internet by downloading and storing Internet files on behalf of internal clients. Ver. 1.0 Session 9 Slide 28 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Website Caching The caching process enables Web proxies to cache web data for clients by following the steps: 1 Client requests site Proxy forwards request Proxy returns site to client Website responds to proxy 2 New request Proxy responds from cache Ver. 1.0 Session 9 Slide 29 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Web Proxy Features Web proxies can incorporate a number of enhanced features, such as: User security Gateway services Auditing Remote access services Content filtering Ver. 1.0 Session 9 Slide 30 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Remote Network Architectures The various components of a remote network implementation : Remote Networking Remote Access Networking Remote Access Services (RAS) Servers Remote Control Networking Terminal Services Ver. 1.0 Session 9 Slide 31 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Remote Networking • Remote networking is a type of network communication that enables users to access resources that are not at their physical locations. PSTN Modem Modem Remote Remote computer access server Established connectcion mechanism Network resources • The biggest limitation to remote networks is the connection bandwidth. Ver. 1.0 Session 9 Slide 32 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 12-1 Configuring Windows RRAS as a Dial-Up Server Ver. 1.0 Session 9 Slide 33 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Remote Access Networking In remote access networking, a remote node uses a remote connection to attach to a network. Most remote access connections are made to: Dial-in server Remote access server: • Provides security • Provides log users Ver. 1.0 Session 9 Slide 34 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 12-2 Enabling and Creating Remote Desktop Connections Ver. 1.0 Session 9 Slide 35 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Remote Control Networking Remote control uses a special software package that enables a remote client to take over a host computer on the network. Host client should be a dedicated machine Remote Host client Client Ver. 1.0 Session 9 Slide 36 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Terminal Services Implementations • Terminal services enable companies to deploy applications thus providing flexible functionality to remote users. • The common terminal services components and network implementations are: Thin Clients Thin Client Components Microsoft Terminal Services Windows Terminal Services Features Citrix MetaFrame Web-Based Remote Access Ver. 1.0 Session 9 Slide 37 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Thin Clients • A thin client is any machine that uses a thin client protocol to connect to a server in order to access and run applications. • Thin client is configured as to various operating systems, such as: UNIX PC running thin client software has more Session 2 Windows hardware and an OS installed Dedicated thin client has minimal hardware and no OS installed Emulates a Application complete Client 1 Client 2 server Session 1 computing environment Ver. 1.0 Session 9 Slide 38 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Activity 12-4 Installing Microsoft Terminal Server Ver. 1.0 Session 9 Slide 39 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Thin Client Components The thin client consists of four basic parts, as shown in the following figure: Connects to server Input device Output device Downloads OS Network connection Client software Launches a session Thin client Application server Ver. 1.0 Session 9 Slide 40 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Microsoft Terminal Services Terminal services provides client access to all Windows- compatible applications by opening a user session on the server. Windows 2000 Professional and Remote Desktop for Session 2 Administration Windows XP Professional and Provides Client 2 access Remote Desktop Connection to administrative tools and functionality Terminal Client 1 Client 2 Session 1 Server Provides Client 1 access to a shared application Ver. 1.0 Session 9 Slide 41 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Citrix MetaFrame • Citrix MetaFrame is a terminal services application that provides client connectivity for Windows, Linux, Macintosh, and UNIX desktops. Server with Server with 32 connections 32 connections Server farm supports Can add servers without 64 connections changing existing farm Ver. 1.0 Session 9 Slide 42 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Web-Based Remote Access Web-based remote access means providing access to services and data through web browsers. Remote user accesses applications via a web browser Terminal Server enables remote administration Remote administrator manages application servers via a web browser Web server hosts applications Ver. 1.0 Session 9 Slide 43 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Summary In this session, you learned that: • Network authentication methods such as Strong Passwords, Kerberos, and Extensible Authentication Protocol (EAP) are the first line of defense against attack or intrusion into network systems. • The major data encryption methods and technologies are: Key-Based Encryption Systems Data Encryption Standard (DES) Digital Certificates Public Key Infrastructure (PKI) The Certificate Encryption Process The Certificate Authentication Process IP Security (IPSec) IPSec Policies Secure Sockets Layer (SSL) The SSL Process Ver. 1.0 Session 9 Slide 44 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Summary The primary techniques used to secure Internet connections are: Network Address Translation (NAT) The NAT Process Firewalls Demilitarized Zones (DMZs) Internet Proxies Website Caching Web Proxy Features Ver. 1.0 Session 9 Slide 45 of 38
  • CompTIA N+ Certification: Network Security and Remote Networking Installing Windows XP Professional Using Attended Installation Summary (Contd.) The major architectures in remote networking implementations: • Remote Networking • Remote Access Networking • Remote Access Services (RAS) Servers • Remote Control Networking • Terminal Services The common terminal services network implementations: Thin Clients Thin Client Components Microsoft Terminal Services Windows Terminal Services Features Citrix MetaFrame Web-Based Remote Access Ver. 1.0 Session 9 Slide 46 of 38