Chapter 7 - 01 - Discuss Essential Network Security Protocols - 01_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 Module Flow e Discuss Essential Network Security Protocols Understand Different Types of Proxy Servers and their Benefits :;)fi;c:t:rsoi;cst! ity B;‘::g‘: 9 Discuss Fundamentals of VPN and its importance in Network Security Understand Different Types of Firewalls and their Role Discuss Other Network Security Controls Understand Different Types of IDS/IPS and their Role Discuss Importance of Load Balancing in Network Security Understand Different Types of Honeypots Understand Various Antivirus/Anti-malware Software Copyright © by EC L Al Rights Reserved. Reproduction is Strictly Prohibited Discuss Essential Network Security Protocols The objective of this section is to explain the various essential network security protocols that work at the network, transport, and application layers. Details of Remote Access Dial-In User Service (RADIUS), TACAS terminal access controller access control system plus (TACACS+), Kerberos, Pretty good privacy (PGP), S/MIME, Hyper Text Transfer Protocol Secure (HTTPS), Transport Layer Security (TLS), Secure Sockets Layer (SSL), Internet protocol Security (IPSec), etc. protocols will be discussed in this section. Module 07 Page 680 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 Network Security Protocols RADIUS POP3S DNSSEC SRTP SNMPv3 O == I (1 S TACACS+ IMIAPS Secure HTTP LDAPS SSH = X & B 3 Kerberos PGP HTTPS IPsec OAUTH s ]| pra O ) SMTPS S/MIME TLS/SSL SFTP OpenID Connect e < ) S Network Security Protocols There are various security protocols that work at the network, transport, and application layers. These protocols help organizations to enhance the security of their data and communication against different types of attacks. The security protocols that work at the transport layer are as follows: o Transport Layer Security (TLS): The TLS protocol provides security and dependability of data between two communicating parties. o Secure Sockets Layer (SSL): The SSL protocol communication between a client and a server. provides security to the The security protocols that work at the network layer are as follows: o Internet Protocol Security (IPsec): The during the transmission of data. IPSec protocol authenticates the packets The security protocols that work at the application layer are as follows: o Pretty Good Privacy (PGP) protocol: The PGP protocol provides cryptographic privacy and authentication for network communication and enhances the security of emails. o S/MIME protocol: o Secure HTTP: Secure world wide web. Commonly known as Secure/Multi-Purpose Extension. The S/MIME protocol provides security to e-mails. Module 07 Page 681 HTTP Internet provides security to the data traversing through mail the Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls o Exam 212-82 Hyper Text Transfer Protocol Secure (HTTPS): The HTTPS protocol is widely used across the Internet to secure network communication. o Kerberos: Kerberos is a client-server model that is implemented for authenticating requests in computer networks. o RADIUS: The RADIUS and accounting (AAA) server. o TACACS+: protocol TACACS+ provides centralized authentication, authorization, for remote-access servers to communicate with a central provides authentication, authorization, and accounting (AAA) services for network communication. o SMTPS: Simple mail transfer protocol secure (SMTPS) provides the secure transmission of SMTP messages using the TLS protocol. It provides security services such as confidentiality, authentication, and data integrity to SMTP messages. o POP3S: POP3 is a variation of the POP protocol with an extension to an authentication mechanism for email services. Post office protocol version 3 secure (POP3S) is a variation of POP3 that provides security for email communications using the SSL protocol. o IMAPS: Secure SSL/TLS. o DNSSEC: o IMAP Domain (IMAPS) Name provides System security to email Security Extensions communications (DNSSEC) is a using suite of specifications maintained by the Internet Engineering Task Force (IETF). It is used for securing certain types of information provided by DNS. SRTP: Secure Real-Time Transport Protocol (SRTP) is a profile of RTP that provides security services such as confidentiality, authentication, and replay protection to RTP messages. o LDAPS: The working of Lightweight Directory Access Protocol over SSL (LDAPS) is similar to that of LDAP. It uses SSL/TLS protocols to provide security to LDAP data. o SFTP: Secure File Transfer Protocol (SFTP) is a secure version of FTP and an extension of SSH2 protocol. o SNMPv3: Simple Network Management Protocol version 3 (SNMPv3) is an upgraded version of SNMPv2c and SMNPv1. It provides improved security for network management activities. o SSH: It is network management protocol primarily used in Unix and Linux for secure remote login. o OAuth: OAuth is an open-source protocol that enables the secure authorization of web, mobile, and desktop applications. o OpenlID Connect: OpenlD Connect is an authentication protocol built as a thin layer on the OAuth 2.0 protocol. Module 07 Page 682 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Remote Authentication Dial-in User Service (RADIUS) O Remote authentication dial-in user service (RADIUS) is an authentication protocol which provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server Authentication Steps in RADIUS 1) Aclient initiates a connection by sending the access-request packet to the server 2) The server receives the access request from the client and compares the credentials with the ones stored in the database. If the provided information matches, then it sends the access-accept message along with the access-challenge to the client for additional authentication, else it sends back an accept-reject message 3) Client sends the accounting-request to the server to specify the accounting information for a connection that was accepted Packet Type-Access Req (Username, Access-Accept/Access-Reject(User Service, Framed Protocol) Access Server RADIUS Server Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Remote Authentication Dial-in User Service (RADIUS) (Cont’d) Radius Accounting Steps M(a) O L@J h Client sends the accounting-request to i @mms nAnlus Client Server RADIUS: Accounting- Request. the server to specify- the accounting i 1 ct_status_type=start Beesce o......... it accepted i Accounting-R RS RADIUS: e e information for a connection that was QO. The server receives this message and 5 sends back the accounting-response message which states the successful establishment of the network i | i I [ i e o 9.......... RADIUS: Accounting- Request [acct_status_type=stop) e........................................................... > T Copyright © by I e.......... L Al Rights Reserved. Reproductionis Strictly Prohibited. Remote Authentication Dial-in User Service (RADIUS) RADIUS stands for remote authentication dial-in user service. It was developed by Livingston Enterprises as a networking protocol, which provides centralized authentication, authorization, and accounting (AAA) for remote access servers to communicate with a central server. RADIUS has a client-server model, which works on the application layer of the OSI model by using UDP or TCP as a transport protocol. The RADIUS protocol is the de-facto standard for remote user authentication and is documented in RFC 2865 and RFC 2866. Module 07 Page 683 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Authentication Steps in RADIUS: = Aclient initiates a connection by sending the access-request packet to the server. = The server receives the access request from the client and compares the credentials with the ones stored in the database. If the provided information matches, then it sends the access-accept message along with the access-challenge to the client for additional authentication, else it sends back an accept-reject message. = (lient sends the accounting-request to the server to specify the accounting information for a connection that was accepted. Packet Type-Access Request (Username, Password). —_— Access-Accept/Access-Reject(User Service, Framed Protocol) g Crrrrrrransnsnss e i s s a s rsE s s ns s s s s s as s s EaER R R R nnnnnn Access Challenge (optional) (Reply Message) T T PRSP EE PP EEPERPERTPEEPTERPEEPERTYS = Access Server RADIUS Server Figure 7.1: Authentication Steps in RADIUS Radius Accounting Steps: = (Client sends the accounting-request to the server to specify the accounting information for a connection that was accepted. = The server receives this message and sends back the accounting-response which states the successful establishment of the network. RADIUS Client message RADIUS Server RADIUS: Accounting- Request o [acct_status_type=start].................................................................. > RADIUS: Accounting-Response D T T T T T T I I T LI LTI sessssssnn RADIUS: Accounting- Request B T TR L R L RADIUS: Accounting-Response L TN T cesssssane RADIUS: Accounting- Request ssssnssnnnn 9 [acct_status_type=stop] ssssEsEEEsEsssEsssssEEERRERERRR R nnnnnnnnnn] RADIUS: Accounting-Response e 6 eesssnnnne Figure 7.2: Radius Accounting Steps Module 07 Page 684 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 The RADIUS protocol is an AAA protocol that works on mobile as well as local networks. It uses the password authentication protocol (PAP), the challenge handshake authentication protocol (CHAP), or extensible authentication protocol (EAP) in order to authenticate the users communicating with servers. The components of a RADIUS AAA protocol are: = Access clients = Access servers = RADIUS proxies = RADIUS servers = User account databases RADIUS messages are sent as UDP messages and allow only one RADIUS message in the UDP payload section of the RADIUS packet. RADIUS messages consist of a RADIUS header and other RADIUS attributes. Module 07 Page 685 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.