SlideShare a Scribd company logo

Lesson 3- Remote Access

Download as PPT, PDF
M
MLG College of Learning, Inc

Chapter 6

Education
1 of 17
Principles of Information Security, Fifth Edition Chapter 6 Security Technology: Firewalls and VPNs If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER, AMERICAN CRYPTOGRAPHER, COMPUTER SECURITY SPECIALIST, AND WRITER Lesson 3 – Remote Access
Learning Objectives • Upon completion of this material, you should be able to: – Discuss the important role of access control in computer-based information systems, and identify and discuss widely used authentication factors – Describe firewall technology and the various approaches to firewall implementation – Identify the various approaches to control remote and dial-up access by authenticating and authorizing users Principles of Information Security, Fifth Edition 2
Learning Objectives (cont’d) – Discuss content filtering technology – Describe virtual private networks and discuss the technology that enables them Principles of Information Security, Fifth Edition 3
Remote Access • Unsecured, dial-up connection points represent a substantial exposure to attack. • Attacker can use a device called a war dialer to locate the connection points. • War dialer: automatic phone-dialing program that dials every number in a configured range and records number if modem picks up • Some technologies (RADIUS systems; TACACS; CHAP password systems) have improved the authentication process. Principles of Information Security, Fifth Edition 4
Remote Access (cont’d) • RADIUS, Diameter, and TACACS – Systems that authenticate user credentials for those trying to access an organization’s network via dial-up – Remote Authentication Dial-In User Service (RADIUS): centralizes responsibility for user authentication in a central RADIUS server – Diameter: emerging alternative derived from RADIUS – Terminal Access Controller Access Control System (TACACS): validates user’s credentials at centralized server (like RADIUS); based on client/server configuration Principles of Information Security, Fifth Edition 5
Principles of Information Security, Fifth Edition 6
Remote Access (cont’d) • Kerberos – Provides secure third-party authentication – Uses symmetric key encryption to validate individual user to various network resources – Keeps database containing private keys of clients/servers – Consists of three interacting services: • Authentication server (AS) • Key Distribution Center (KDC) • Kerberos ticket granting service (TGS) Principles of Information Security, Fifth Edition 7
Principles of Information Security, Fifth Edition 8
Principles of Information Security, Fifth Edition 9
Remote Access (cont’d) • SESAME – Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos. • User is first authenticated to authentication server and receives token. • Token is then presented to a privilege attribute server as proof of identity to gain privilege attribute certificate. • Uses public key encryption; adds sophisticated access control features; more scalable encryption systems; improved manageability; auditing features; and options for delegation of responsibility for allowing access Principles of Information Security, Fifth Edition 10
Virtual Private Networks (VPNs) • Private and secure network connection between systems; uses data communication capability of unsecured and public network • Securely extends organization’s internal network connections to remote locations • Three VPN technologies defined: – Trusted VPN – Secure VPN – Hybrid VPN (combines trusted and secure) Principles of Information Security, Fifth Edition 11
Virtual Private Networks (VPNs) (cont’d) • VPN must accomplish: – Encapsulation of incoming and outgoing data – Encryption of incoming and outgoing data – Authentication of remote computer and perhaps remote user as well • In most common implementation, it allows the user to turn Internet into a private network. Principles of Information Security, Fifth Edition 12
Virtual Private Networks (VPNs) (cont’d) • Transport mode – Data within IP packet is encrypted, but header information is not. – Allows user to establish secure link directly with remote host, encrypting only data contents of packet – Two popular uses: • End-to-end transport of encrypted data • Remote access worker connects to office network over Internet by connecting to a VPN server on the perimeter. Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Virtual Private Networks (VPNs) (cont’d) • Tunnel mode – Establishes two perimeter tunnel servers to encrypt all traffic that will traverse unsecured network – Entire client package encrypted and added as data portion of packet from one tunneling server to another – Primary benefit to this model is that an intercepted packet reveals nothing about the true destination system. – Example of tunnel mode VPN: Microsoft’s Internet Security and Acceleration (ISA) Server Principles of Information Security, Fifth Edition 15
Principles of Information Security, Fifth Edition 16
Summary • Firewall technology • Various approaches to remote and dial-up access protection • Content filtering technology • Virtual private networks Principles of Information Security, Fifth Edition 17

Recommended

Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application LayerMLG College of Learning, Inc
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 

Recommended

Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application LayerMLG College of Learning, Inc
 
8 Access Control
8 Access Control8 Access Control
8 Access ControlAlfred Ouyang
 
Understanding the Event Log
Understanding the Event LogUnderstanding the Event Log
Understanding the Event Logchuckbt
 
Endpoint Protection
Endpoint ProtectionEndpoint Protection
Endpoint ProtectionSophos
 
information security management
information security managementinformation security management
information security managementGurpreetkaur838
 
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfISC2 CC Course (Certified in Cybersecurity) - Part 2.pdf
ISC2 CC Course (Certified in Cybersecurity) - Part 2.pdfHaris Chughtai
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security FrameworkKarthikeyan Dhayalan
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Security policies
Security policiesSecurity policies
Security policiesNishant Pahad
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to SecurityDr. Ahmed Al Zaidy
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxSMIT PAREKH
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&EOwais Ahmad
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control FundamentalsInformation Technology
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Lessson 3
Lessson 3Lessson 3
Lessson 3MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 

More Related Content

What's hot

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security architecture
Security architectureSecurity architecture
Security architectureDuncan Unwin
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Managementasherad
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Information Security
Information SecurityInformation Security
Information Securitychenpingling
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Security
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to SecurityDr. Ahmed Al Zaidy
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessmentCAS
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxSMIT PAREKH
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&EOwais Ahmad
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SHRIYARAI4
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 

What's hot (20)

Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
Security policies
Security policiesSecurity policies
Security policies
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Information Security
Information SecurityInformation Security
Information Security
 
Cisco Web and Email Security Overview
Cisco Web and Email Security OverviewCisco Web and Email Security Overview
Cisco Web and Email Security Overview
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
EDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptxEDR(End Point Detection And Response).pptx
EDR(End Point Detection And Response).pptx
 
Siem solutions R&E
Siem solutions R&ESiem solutions R&E
Siem solutions R&E
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 

Similar to Lesson 3- Remote Access

Skyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver04
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
Towards Securing Computer Network Environment By Using Kerberos-based Network...
Towards Securing Computer Network Environment By Using Kerberos-based Network...Towards Securing Computer Network Environment By Using Kerberos-based Network...
Towards Securing Computer Network Environment By Using Kerberos-based Network...FATIN FAZAIN MOHD AFFANDI
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Aksum Institute of Technology(AIT, @Letsgo)
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP FRSecure
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperShakas Technologies
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureFiras Alsayied
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].pptBachaSirata
 
Virtual private network a veritable tool for network security
Virtual private network a veritable tool for network securityVirtual private network a veritable tool for network security
Virtual private network a veritable tool for network securityeSAT Publishing House
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's TypesHem Pokhrel
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network) Netwax Lab
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdfDr. Shivashankar
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALLMoin Islam
 

Similar to Lesson 3- Remote Access (20)

Lessson 3
Lessson 3Lessson 3
Lessson 3
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Skyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless SecuritySkyriver Communications – Fixed Wireless Security
Skyriver Communications – Fixed Wireless Security
 
Websecurity
Websecurity Websecurity
Websecurity
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Towards Securing Computer Network Environment By Using Kerberos-based Network...
Towards Securing Computer Network Environment By Using Kerberos-based Network...Towards Securing Computer Network Environment By Using Kerberos-based Network...
Towards Securing Computer Network Environment By Using Kerberos-based Network...
 
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
Ns lecture4: Introduction to Virtual Network Protocol(VPN) and Internet Proto...
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Protecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropperProtecting location privacy in sensor networks against a global eavesdropper
Protecting location privacy in sensor networks against a global eavesdropper
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
Virtual private network a veritable tool for network security
Virtual private network a veritable tool for network securityVirtual private network a veritable tool for network security
Virtual private network a veritable tool for network security
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
VPN (virtual private network)
VPN (virtual private network) VPN (virtual private network)
VPN (virtual private network)
 
Network Security_Module_2.pdf
Network Security_Module_2.pdfNetwork Security_Module_2.pdf
Network Security_Module_2.pdf
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
 
Network Security
Network SecurityNetwork Security
Network Security
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfUjwalaBharambe
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxLigayaBacuel1
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designMIPLM
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 

Recently uploaded (20)

Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdfFraming an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
Framing an Appropriate Research Question 6b9b26d93da94caf993c038d9efcdedb.pdf
 
Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"Rapple "Scholarly Communications and the Sustainable Development Goals"
Rapple "Scholarly Communications and the Sustainable Development Goals"
 
Planning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptxPlanning a health career 4th Quarter.pptx
Planning a health career 4th Quarter.pptx
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Keynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-designKeynote by Prof. Wurzer at Nordex about IP-design
Keynote by Prof. Wurzer at Nordex about IP-design
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 

Lesson 3- Remote Access

  • 1. Principles of Information Security, Fifth Edition Chapter 6 Security Technology: Firewalls and VPNs If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER, AMERICAN CRYPTOGRAPHER, COMPUTER SECURITY SPECIALIST, AND WRITER Lesson 3 – Remote Access
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Discuss the important role of access control in computer-based information systems, and identify and discuss widely used authentication factors – Describe firewall technology and the various approaches to firewall implementation – Identify the various approaches to control remote and dial-up access by authenticating and authorizing users Principles of Information Security, Fifth Edition 2
  • 3. Learning Objectives (cont’d) – Discuss content filtering technology – Describe virtual private networks and discuss the technology that enables them Principles of Information Security, Fifth Edition 3
  • 4. Remote Access • Unsecured, dial-up connection points represent a substantial exposure to attack. • Attacker can use a device called a war dialer to locate the connection points. • War dialer: automatic phone-dialing program that dials every number in a configured range and records number if modem picks up • Some technologies (RADIUS systems; TACACS; CHAP password systems) have improved the authentication process. Principles of Information Security, Fifth Edition 4
  • 5. Remote Access (cont’d) • RADIUS, Diameter, and TACACS – Systems that authenticate user credentials for those trying to access an organization’s network via dial-up – Remote Authentication Dial-In User Service (RADIUS): centralizes responsibility for user authentication in a central RADIUS server – Diameter: emerging alternative derived from RADIUS – Terminal Access Controller Access Control System (TACACS): validates user’s credentials at centralized server (like RADIUS); based on client/server configuration Principles of Information Security, Fifth Edition 5
  • 6. Principles of Information Security, Fifth Edition 6
  • 7. Remote Access (cont’d) • Kerberos – Provides secure third-party authentication – Uses symmetric key encryption to validate individual user to various network resources – Keeps database containing private keys of clients/servers – Consists of three interacting services: • Authentication server (AS) • Key Distribution Center (KDC) • Kerberos ticket granting service (TGS) Principles of Information Security, Fifth Edition 7
  • 8. Principles of Information Security, Fifth Edition 8
  • 9. Principles of Information Security, Fifth Edition 9
  • 10. Remote Access (cont’d) • SESAME – Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos. • User is first authenticated to authentication server and receives token. • Token is then presented to a privilege attribute server as proof of identity to gain privilege attribute certificate. • Uses public key encryption; adds sophisticated access control features; more scalable encryption systems; improved manageability; auditing features; and options for delegation of responsibility for allowing access Principles of Information Security, Fifth Edition 10
  • 11. Virtual Private Networks (VPNs) • Private and secure network connection between systems; uses data communication capability of unsecured and public network • Securely extends organization’s internal network connections to remote locations • Three VPN technologies defined: – Trusted VPN – Secure VPN – Hybrid VPN (combines trusted and secure) Principles of Information Security, Fifth Edition 11
  • 12. Virtual Private Networks (VPNs) (cont’d) • VPN must accomplish: – Encapsulation of incoming and outgoing data – Encryption of incoming and outgoing data – Authentication of remote computer and perhaps remote user as well • In most common implementation, it allows the user to turn Internet into a private network. Principles of Information Security, Fifth Edition 12
  • 13. Virtual Private Networks (VPNs) (cont’d) • Transport mode – Data within IP packet is encrypted, but header information is not. – Allows user to establish secure link directly with remote host, encrypting only data contents of packet – Two popular uses: • End-to-end transport of encrypted data • Remote access worker connects to office network over Internet by connecting to a VPN server on the perimeter. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Virtual Private Networks (VPNs) (cont’d) • Tunnel mode – Establishes two perimeter tunnel servers to encrypt all traffic that will traverse unsecured network – Entire client package encrypted and added as data portion of packet from one tunneling server to another – Primary benefit to this model is that an intercepted packet reveals nothing about the true destination system. – Example of tunnel mode VPN: Microsoft’s Internet Security and Acceleration (ISA) Server Principles of Information Security, Fifth Edition 15
  • 16. Principles of Information Security, Fifth Edition 16
  • 17. Summary • Firewall technology • Various approaches to remote and dial-up access protection • Content filtering technology • Virtual private networks Principles of Information Security, Fifth Edition 17