Chapter 7 - 01 - Discuss Essential Network Security Protocols - 05_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Transport Layer Security (TLS) QO Transport layer security (TLS) ensures a secure communication between client-server applications over the internet QO O It prevents the network communication from being eavesdropped or tampered ’ \ Layers of TLS Protocol TLS Record Protocol = |t ensures connection security with encryption TLS Record Protocol TLS Handshake Protocol = ITLS Record Protocol 1 1 1 |tensures server and client authentication ‘ TCP/IP Copyright © by EC Transport Layer Security (TLS) The transport layer security (TLS) provides a secure communication of data in addition to the confidentiality and reliability between the communicating parties. The following are the properties of a secure TLS connection: = |t ensures confidentiality and reliability of data during communication between a client and a server using symmetric cryptography. = |t authenticates communication applications using public key cryptography. = The authentication codes can maintain the reliability of the data. = TLS consists of two protocols: o TLS record protocol: This protocol provides security using the encryption method. o TLS handshake protocol: This protocol provides security by performing an authentication of a client and a server before communication. Module 07 Page 703 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Application ITI.S Record Protocol Figure 7.13: Layers of TLS Protocol Module 07 Page 704 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Secure Sockets Layer (SSL) A QO Secure sockets layer (SSL) was developed by Netscape for managing the security of a message transmission on O It uses the RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections the internet Client Hello session ID, key (includes SSL version, exchange alg pression algorithms, and MAC algorithms) Determines the SSL version and encryption algorithms to be used for the communication; sends Server Hello message (Session 1D) and Certificate message (local certificate) Hash value is cakulated for the exchanged handshak ges and then compared 9 to the hash value received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends a Change Cipher Spec message and also sends Finished (hash of handshak ) e H Secure Sockets Layer (SSL) The secure sockets layer (SSL) is a protocol used for providing a secure authentication mechanism between two communicating applications such as a client and a server. SSL requires a reliable transport protocol, such as TCP, for data transmission and reception. Any application-layer protocol that is higher than SSL, such as HTTP, FTP, and telnet, can form a transparent layer over the SSL. SSL acts as an arbitrator between the encryption algorithm and session key. It also verifies the destination server prior to the transmission and reception of data. SSL encrypts the complete data of the application protocol to ensure security. The SSL protocol also offers “channel security” via three basic properties: = Private channel: All the messages are encrypted after a simple handshake is used to define a secret key. = Authenticated channel: The server endpoint of the conversation is always encrypted, whereas the client endpoint is optionally authenticated. = Reliable channel: Message transfer undergoes an integrity check. SSL uses both asymmetric and symmetric authentication mechanisms. Public key encryption verifies the identities of the server, the client, or both. Once the authentication is completed, the client and the server can create symmetric keys allowing them to communicate and transfer data rapidly. An SSL session is responsible for carrying out the SSL handshake protocol for organizing the states of the server and clients, thus ensuring the consistency of the protocol. Module 07 Page 705 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 Client Hello message (includes SSL version, randomly generated data, encryption algorithms, session ID, key exchange algorithms, compression algorithms, and MAC algorithms) T TN < sevennnd Determines the SSL version and encryption algorithms to be used for the communication; sends Server Hello message (Session ID) and Certificate message (local certificate) < A ° Sends a Server Hello Done message e Verifies the Digital certificate; generates a random premaster secret (Encrypted with server's public key) and sends Client Key Exchange message with the premaster secret T T TP PP PP PP TP Sends a Change Cipher Spec message and also sends Finished message (hash of handshake message) Hash value Is calculated for the exchanged handshake messages and then compared to the hash value received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends a Change Cipher Spec message and also sends Finished message (hash of handshake message) -3 A : 6 : H - Figure 7.14: Working of SSL Module 07 Page 706 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Secure Real-time Transport Protocol (SRTP) QO O The Secure Real-time Transport Protocol is an advanced version of the Real-Time Transport Protocol (RTP) It provides security features such as encryption, confidentiality, integrity, authentication, and defense against replay attacks and denial-of-service attacks for RTP messages O SRTP and SRTCP are secure versions of RTP and RTCP, respectively, which are used for media transmission between connected devices Device 2 Device 1 Copyright © by | L All Rights Reserved. Reproductions Strictly Prohibited. Secure Real-time Transport Protocol (SRTP) The Secure Real-Time Transport Protocol (SRTP) is an advanced version of the Real-Time Transport Protocol (RTP). SRTP provides security features, such as encrypt ion, confidentiality, integrity, authentication, and defense against replay attacks and denialof-service (DoS) attacks, for RTP messages. SRTP employs the Advanced Encryption Standar d (AES) as the default encryption method, but it can also accommodate new encryption standar ds. SRTP and Secure RTP Control Protocol (SRTCP) are secure versions of RTP and RTCP, respectively, and are used for media transmission between connected devices. While SRTP is used for transmitting data, SRTCP controls and checks the transmi tted data. SRTP LDAPS Remote User Client T a TLS request Q TLS response > LDAPS Server o Bind request........................................................................................ > e Bind successful 0 User authentication request o Search successful 0 Authentication/authorization request (-....................................................................................... ¢ Login successful N N 0 Authentication/authorization successful PRI (AP AT AT A TP Lightweight Directory Access Protocol over SSL (LDAPS) Lightweight Directory Application Protocol Secure (LDAPS) or LDAP over SSL is a secure version of LDAP that establishes a secure connection using SSL/TLS to ensure that all the data packets being transferred between an LDAP client and LDAP server are encrypted. LDAPS safeguards user credentials, maintaining privacy and integrity across the network. As LDAP transmits all the data in plaintext, the secure version of LDAP (LDAPS) is preferred. The communication or packet transfer between an LDAP client and server machines are monitored or managed through a secure network monitoring program or device known as an LDAPS client. How LDAPS works To establish a secure LDAPS connection between a remote user and a server, the configurations or credentials are stored either in an LDAP-compatible database or an LDAP server. The LDAPS client is a program configured as a part of the OS of the user device. The LDAPS client communicates with the LDAP server on behalf of the remote user. The LDAPS authentication process is as follows: = The remote user signs into an OS or LDAPS client using Telnet/SSH. = The LDAPS client builds a TCP connection with the LDAPS server through a TLS request. = Upon receiving a TLS response from the server, the client and server validate their identities. = The LDAPS client validates itself from a proxy account, which is created on the LDAPS server through a Bind request. = After the successful Bind operation, the server transfers an acknowledgment message to the LDAPS client. Module 07 Page 708 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 = The LDAPS client then sends user credentials for authentication. = After completing the authentication/authorization process with the server successfully, the LDAP client informs the remote user about the successful connection or login attempt. rernncnnneeen) DIDEA.......... SSH/Telnet LDAPS Remote A Client e TLS request Q TLS response o Bind request e Bind successful Q User authentication request o Search successful................................................................................. > DT T LDAPS Server T LT T PP PP >.................................................................................. : o Login successful ---------------------------------------------------------------------------------- Figure 7.16: Working of LDAPS Module 07 Page 709 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.