SlideShare a Scribd company logo

Lessson 3

Download as PPT, PDF
M
MLG College of Learning, Inc

Remote Acces

Education
1 of 17
Principles of Information Security, Fifth Edition Chapter 6 Security Technology: Firewalls and VPNs If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER, AMERICAN CRYPTOGRAPHER, COMPUTER SECURITY SPECIALIST, AND WRITER Lesson 3 – Remote Access
Learning Objectives • Upon completion of this material, you should be able to: – Discuss the important role of access control in computer-based information systems, and identify and discuss widely used authentication factors – Describe firewall technology and the various approaches to firewall implementation – Identify the various approaches to control remote and dial-up access by authenticating and authorizing users Principles of Information Security, Fifth Edition 2
Learning Objectives (cont’d) – Discuss content filtering technology – Describe virtual private networks and discuss the technology that enables them Principles of Information Security, Fifth Edition 3
Remote Access • Unsecured, dial-up connection points represent a substantial exposure to attack. • Attacker can use a device called a war dialer to locate the connection points. • War dialer: automatic phone-dialing program that dials every number in a configured range and records number if modem picks up • Some technologies (RADIUS systems; TACACS; CHAP password systems) have improved the authentication process. Principles of Information Security, Fifth Edition 4
Remote Access (cont’d) • RADIUS, Diameter, and TACACS – Systems that authenticate user credentials for those trying to access an organization’s network via dial-up – Remote Authentication Dial-In User Service (RADIUS): centralizes responsibility for user authentication in a central RADIUS server – Diameter: emerging alternative derived from RADIUS – Terminal Access Controller Access Control System (TACACS): validates user’s credentials at centralized server (like RADIUS); based on client/server configuration Principles of Information Security, Fifth Edition 5
Principles of Information Security, Fifth Edition 6
Remote Access (cont’d) • Kerberos – Provides secure third-party authentication – Uses symmetric key encryption to validate individual user to various network resources – Keeps database containing private keys of clients/servers – Consists of three interacting services: • Authentication server (AS) • Key Distribution Center (KDC) • Kerberos ticket granting service (TGS) Principles of Information Security, Fifth Edition 7
Principles of Information Security, Fifth Edition 8
Principles of Information Security, Fifth Edition 9
Remote Access (cont’d) • SESAME – Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos. • User is first authenticated to authentication server and receives token. • Token is then presented to a privilege attribute server as proof of identity to gain privilege attribute certificate. • Uses public key encryption; adds sophisticated access control features; more scalable encryption systems; improved manageability; auditing features; and options for delegation of responsibility for allowing access Principles of Information Security, Fifth Edition 10
Virtual Private Networks (VPNs) • Private and secure network connection between systems; uses data communication capability of unsecured and public network • Securely extends organization’s internal network connections to remote locations • Three VPN technologies defined: – Trusted VPN – Secure VPN – Hybrid VPN (combines trusted and secure) Principles of Information Security, Fifth Edition 11
Virtual Private Networks (VPNs) (cont’d) • VPN must accomplish: – Encapsulation of incoming and outgoing data – Encryption of incoming and outgoing data – Authentication of remote computer and perhaps remote user as well • In most common implementation, it allows the user to turn Internet into a private network. Principles of Information Security, Fifth Edition 12
Virtual Private Networks (VPNs) (cont’d) • Transport mode – Data within IP packet is encrypted, but header information is not. – Allows user to establish secure link directly with remote host, encrypting only data contents of packet – Two popular uses: • End-to-end transport of encrypted data • Remote access worker connects to office network over Internet by connecting to a VPN server on the perimeter. Principles of Information Security, Fifth Edition 13
Principles of Information Security, Fifth Edition 14
Virtual Private Networks (VPNs) (cont’d) • Tunnel mode – Establishes two perimeter tunnel servers to encrypt all traffic that will traverse unsecured network – Entire client package encrypted and added as data portion of packet from one tunneling server to another – Primary benefit to this model is that an intercepted packet reveals nothing about the true destination system. – Example of tunnel mode VPN: Microsoft’s Internet Security and Acceleration (ISA) Server Principles of Information Security, Fifth Edition 15
Principles of Information Security, Fifth Edition 16
Summary • Firewall technology • Various approaches to remote and dial-up access protection • Content filtering technology • Virtual private networks Principles of Information Security, Fifth Edition 17

Recommended

Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPS
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 

Recommended

Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 2 - IDPS
Lesson 2 - IDPSLesson 2 - IDPS
Lesson 2 - IDPS
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
Select idps
Select idpsSelect idps
Select idps
Info-Tech Research Group
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
veeresh35
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges
Behak Kangarloo
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
STS
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
Shafaan Khaliq Bhatti
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 
Introduction to Network security
Introduction to Network securityIntroduction to Network security
Introduction to Network security
mohanad alobaidey
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
Nasir Bhutta
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
ArthyR3
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
Zara Nawaz
 
Security
SecuritySecurity
Security
Rupesh Mishra
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
International Journal of Engineering Inventions www.ijeijournal.com
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
MLG College of Learning, Inc
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
MLG College of Learning, Inc
 
Lessson 2
Lessson 2Lessson 2
Lessson 2
MLG College of Learning, Inc
 

More Related Content

What's hot

Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
John Ely Masculino
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
Ganbayar Sukhbaatar
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
Atif Rehmat
 

What's hot (19)

Select idps
Select idpsSelect idps
Select idps
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network Security
 
CNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking OverviewCNIT 123: Ch 1 Ethical Hacking Overview
CNIT 123: Ch 1 Ethical Hacking Overview
 
Ppt.1
Ppt.1Ppt.1
Ppt.1
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges
 
CompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentalsCompTIA Security+ Module1: Security fundamentals
CompTIA Security+ Module1: Security fundamentals
 
Network security
Network securityNetwork security
Network security
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
 
Chapter 1: Overview of Network Security
Chapter 1: Overview of Network SecurityChapter 1: Overview of Network Security
Chapter 1: Overview of Network Security
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Introduction to Network security
Introduction to Network securityIntroduction to Network security
Introduction to Network security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Topics in network security
Topics in network securityTopics in network security
Topics in network security
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Information Security (Firewall)
Information Security (Firewall)Information Security (Firewall)
Information Security (Firewall)
 
Security
SecuritySecurity
Security
 
call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...call for papers, research paper publishing, where to publish research paper, ...
call for papers, research paper publishing, where to publish research paper, ...
 

Similar to Lessson 3

Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
Firas Alsayied
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
Editor IJCATR
 

Similar to Lessson 3 (20)

Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
 
Lessson 1
Lessson 1Lessson 1
Lessson 1
 
Lessson 2
Lessson 2Lessson 2
Lessson 2
 
Next-Generation Network Security: TechNet Augusta 2015
Next-Generation Network Security: TechNet Augusta 2015Next-Generation Network Security: TechNet Augusta 2015
Next-Generation Network Security: TechNet Augusta 2015
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
 
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a SecureInvestigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
 
WLAN:VPN Security
WLAN:VPN SecurityWLAN:VPN Security
WLAN:VPN Security
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
Chapter 7 Presentation
Chapter 7 PresentationChapter 7 Presentation
Chapter 7 Presentation
 
Cyber security workshop talk.pptx
Cyber security workshop talk.pptxCyber security workshop talk.pptx
Cyber security workshop talk.pptx
 
Network Design and Security Best Practices
Network Design and Security Best PracticesNetwork Design and Security Best Practices
Network Design and Security Best Practices
 
Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP Slide Deck – Session 9 – FRSecure CISSP
Slide Deck – Session 9 – FRSecure CISSP
 
Insights of vpn
Insights of vpnInsights of vpn
Insights of vpn
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
 
Client Server Network Security
Client Server Network SecurityClient Server Network Security
Client Server Network Security
 
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...
 
Client server technology
Client server technologyClient server technology
Client server technology
 
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
Interconnect 2017: 6893 Keep out the bad guys by securing your MQ messaging e...
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 

Recently uploaded (20)

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 

Lessson 3

  • 1. Principles of Information Security, Fifth Edition Chapter 6 Security Technology: Firewalls and VPNs If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology. BRUCE SCHNEIER, AMERICAN CRYPTOGRAPHER, COMPUTER SECURITY SPECIALIST, AND WRITER Lesson 3 – Remote Access
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Discuss the important role of access control in computer-based information systems, and identify and discuss widely used authentication factors – Describe firewall technology and the various approaches to firewall implementation – Identify the various approaches to control remote and dial-up access by authenticating and authorizing users Principles of Information Security, Fifth Edition 2
  • 3. Learning Objectives (cont’d) – Discuss content filtering technology – Describe virtual private networks and discuss the technology that enables them Principles of Information Security, Fifth Edition 3
  • 4. Remote Access • Unsecured, dial-up connection points represent a substantial exposure to attack. • Attacker can use a device called a war dialer to locate the connection points. • War dialer: automatic phone-dialing program that dials every number in a configured range and records number if modem picks up • Some technologies (RADIUS systems; TACACS; CHAP password systems) have improved the authentication process. Principles of Information Security, Fifth Edition 4
  • 5. Remote Access (cont’d) • RADIUS, Diameter, and TACACS – Systems that authenticate user credentials for those trying to access an organization’s network via dial-up – Remote Authentication Dial-In User Service (RADIUS): centralizes responsibility for user authentication in a central RADIUS server – Diameter: emerging alternative derived from RADIUS – Terminal Access Controller Access Control System (TACACS): validates user’s credentials at centralized server (like RADIUS); based on client/server configuration Principles of Information Security, Fifth Edition 5
  • 6. Principles of Information Security, Fifth Edition 6
  • 7. Remote Access (cont’d) • Kerberos – Provides secure third-party authentication – Uses symmetric key encryption to validate individual user to various network resources – Keeps database containing private keys of clients/servers – Consists of three interacting services: • Authentication server (AS) • Key Distribution Center (KDC) • Kerberos ticket granting service (TGS) Principles of Information Security, Fifth Edition 7
  • 8. Principles of Information Security, Fifth Edition 8
  • 9. Principles of Information Security, Fifth Edition 9
  • 10. Remote Access (cont’d) • SESAME – Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos. • User is first authenticated to authentication server and receives token. • Token is then presented to a privilege attribute server as proof of identity to gain privilege attribute certificate. • Uses public key encryption; adds sophisticated access control features; more scalable encryption systems; improved manageability; auditing features; and options for delegation of responsibility for allowing access Principles of Information Security, Fifth Edition 10
  • 11. Virtual Private Networks (VPNs) • Private and secure network connection between systems; uses data communication capability of unsecured and public network • Securely extends organization’s internal network connections to remote locations • Three VPN technologies defined: – Trusted VPN – Secure VPN – Hybrid VPN (combines trusted and secure) Principles of Information Security, Fifth Edition 11
  • 12. Virtual Private Networks (VPNs) (cont’d) • VPN must accomplish: – Encapsulation of incoming and outgoing data – Encryption of incoming and outgoing data – Authentication of remote computer and perhaps remote user as well • In most common implementation, it allows the user to turn Internet into a private network. Principles of Information Security, Fifth Edition 12
  • 13. Virtual Private Networks (VPNs) (cont’d) • Transport mode – Data within IP packet is encrypted, but header information is not. – Allows user to establish secure link directly with remote host, encrypting only data contents of packet – Two popular uses: • End-to-end transport of encrypted data • Remote access worker connects to office network over Internet by connecting to a VPN server on the perimeter. Principles of Information Security, Fifth Edition 13
  • 14. Principles of Information Security, Fifth Edition 14
  • 15. Virtual Private Networks (VPNs) (cont’d) • Tunnel mode – Establishes two perimeter tunnel servers to encrypt all traffic that will traverse unsecured network – Entire client package encrypted and added as data portion of packet from one tunneling server to another – Primary benefit to this model is that an intercepted packet reveals nothing about the true destination system. – Example of tunnel mode VPN: Microsoft’s Internet Security and Acceleration (ISA) Server Principles of Information Security, Fifth Edition 15
  • 16. Principles of Information Security, Fifth Edition 16
  • 17. Summary • Firewall technology • Various approaches to remote and dial-up access protection • Content filtering technology • Virtual private networks Principles of Information Security, Fifth Edition 17