Chapter 7 - 01 - Discuss Essential Network Security Protocols - 02_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Terminal Access Controller Access Control System Plus (TACACS+) Q The terminal access controller access control system plus (TACACS+) is a network security protocol used for AAA of network devices such as switches, routers, and firewalls through one or more centralized servers o ' YP @ £. e PR @ ::'m""“ Network (PSTN)/ ;Tfi::m ;Tfi::um Network {ISON) TACACS+ encrypts the entire communication between the client and the server including the user’s password which protects it from sniffing attacks Itis a client-server model approach 35 where the client (user or network device) requests for connection to a i server, the server authgntncates_the user by examining their credentials v 7, 2. REQUEST is sent to AAA server 1. The AAA client receives a resource for service shell request froma user. This is ~—~ the authentication has already taken place o e O o the service shell > =4= o= 3. RESPONSE is returned tothe beclient indicatinga pass or fail AAA & < Copyright © by L All Rights Reserved. Reproductionis Strictly Prohibited. Terminal Access Controller Access Control System Plus (TACACS+) The terminal access controller access control system plus (TACACS+) is a protocol developed by Cisco. It is derived from the TACACS protocol. It performs AAA separately unlike RADIUS. It is primarily used for device administration. TACACS+ encrypts the entire communication between the client and the server including the user’s password which protects it from sniffing attacks. It is a client-server model approach where the client (user or network device) requests for connection to a server, the server authenticates the user by examining their credentials. Authentication of TACACS+ Consider the following example of authentication network-attached router). The TACACS+ storage (NAS, where a laptop authentication user is connecting to a involves the following steps: = Step 1: A user initiates the connection for authentication = Step 2: The router and the user exchange authentication parameters = Step 3: The router sends the parameters to the server for authentication = Step 4: The server responds with the REPLY message based on the provided information Module 07 Page 686 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 vi_] S S— Remote User :. Public Switched Telephone Network (PSTN)/ Integrated Services Digital Network (ISDN) : Client Remote User @E < - : TACACS+. @ E Router Freees H TACACS+ e hd Security Server P | I - | NSNS EEEEEEEEESEESEEEES TACACS+ Server ssssssssss 1. The AAA client receivesa resource request from a user. This is assuming that the authentication has already taken place > I Corporate Network AAA Client SN | - | sSEsssssssssEsEEEEn 2. REQUEST is sent to AAA server for service shell 3. RESPONSE is returned to the - : > AAA client indicating a pass or fail noo NAS RADIUS Figure 7.4: Schematic Showing the Different Between RADIUS and TACACS+ Protocols RADIUS TACACS+ Combines authentication and authorization Separates all three elements of AAA, thus making it more flexible Encrypts only the password Encrypts the username and password Requires each network device to contain authorization configuration Central management for authorization configuration UDP- Connectionless UDP ports 1645/1646, 1812/1813 TCP- Connection oriented TCP port 49 Table 7.1: Difference between RADIUS and TACACS+ Module 07 Page 687 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls -— Technical Controls Client Q Kerberos is an authenticating method for accessing ". a network -. " Ticket generated Ticket request request Kerberos authentication protocol (KAP). Key.... msmm‘gx........... Distribution | Center (KDC) KDC (Kerberos) e A user sends his/her credentials to an authentication server (AS) The AS hashes the password of the user and verifies their credentials in the active directory database. If the credential matches, then AS (consisting of the ticket 5s N5 5 5".." granting service, TGS) sends back the TGS session key and ticket granting ticket 5 Decrypt the ticket g™ = Once users are authenticated, they send the TGT to request a service ticket to the :. server or TGS for accessing the services ticket to the L Sl Swind using a server secret key [Ticket response response (TGT) to the user to create a session A and the server Server.i Ticket The TGS authenticates the TGT and grants a service ticket to the user. The service ticket consists of the ticket and a session key.._.| :::::‘:‘:’ ::::‘:‘:' confirm the "D" identityof the client The client sends the service ticket to the server. The server uses its key to decrypt the information from the TGS and the client is authenticated to the server Copyright © by EC-{EC-L L All Rights Rights Reserved. Reproductionis Strictly Prohibited Kerberos Kerberos is a network authentication protocol that is implemented for authenticating requests in computer networks. It is based on the client-server model, which uses an encryption technology and a “ticket” mechanism to prove the identity of a user on a non-secure network. Kerberos protocol messages protect the network from replay attacks and eavesdropping. It commonly uses public-key cryptography while authenticating users attempting to access the server. The Kerberos protocol consists of the following steps: = Step 1: A user sends his/her credentials to the authentication server. = Step 2: The authentication server hashes the password credentials with those in the active directory database. If the authentication server (consisting of the ticket granting TGS session key and ticket granting ticket (TGT) to the user = Step 3: Once users are authenticated, they send the TGT to request a service ticket to of the user and verifies the the credential matches, then service (TGS)) sends back the to create a session. the server or TGS for accessing the services = Step 4: The TGS authenticates the TGT and grants a service ticket to the user, which consists of a ticket and a session key. = Step 5: The client sends the service ticket to the server. The server uses its key to decrypt the information from the TGS and the client is authenticated to the server. Module 07 Page 688 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Client Key|. Distribution | Center (KDC) (LT T (T KDC (Kerberos)..., o A Y Ticket Ticket request generated S— and """""" 3| encrypted using a server secret key Decrypt the ticket [.. response [ email communication between over the transport layer > Itis not an extension of SMTP; it > IMAPS (IMAP over TLS/SSL) the email client and email SCIVEY o is used to convert insecure SMTP communication to secure communication using SSL/TLS IMAP is a standard protocol used to retrieve messages from a mailbox, similarly to POP3 usesasecurechannel uses a secure channel to encrypt the IMAP traffic in > It establishes TCP connections over the secure port 995 by default > transit It uses the secure TCP port 993 by default Copyright © D by by [£ Copyright Rights Reserved. Reserved. Reproduction Reproductionisis Strictly Strictly Prohibited Prohibited. LL AllAll Rights Secure Email Services Secure SMTP (SMTPS) Simple mail transfer protocol secure (SMTPS) is a standard protocol used to send messages from one email server to another by providing an authentication mechanism to the email client over the transport layer. It is not an extension of SMTP; rather, it is used to convert insecure SMTP communication to secure communication by adding a secure TLS/SSL channel. Conventional SMTP uses TCP port 25 by default for insecure communication, while SMTPS uses TCP port 465 for encrypted communication. Most applications secure ways, as discussed below. = SMTP communications using TLS. SMTP uses TLS in two different STARTTLS: STARTTLS is an explicit command that forces an insecure SMTP connection to use a secure TLS connection. = SMTPS: SMTPS is an implicit command that connection before communication is initiated. connection automatically establishes a secure Secure POP (POP3S) Post Office Protocol version 3 secure (POP3S) is a standard protocol used to client to download or retrieve emails from a mailbox in a secure manner. POP3 communication using two ports. It allows insecure communication using port communication using port 995. POP3S (POP3 over TLS/SSL) provides authentication services to email communication between an email client and enable an email facilitates email 110 and secure encryption and email server. It establishes secure TCP connections over port 995 by default. Module 07 Page 690 Certified Cybersecurity Technician Copyright © by EG-Gouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Secure IMAP (IMAPS) Internet Message Access Protocol (IMAP) is a standard protocol used to retrieve messages from a mailbox, similar to POP3. IMAP facilitates the access or retrieval of messages in the same mailbox from multiple locations/devices. IMAPS (IMAP over TLS/SSL) uses a secure channel to encrypt IMAP packets in transit. IMAPS uses TCP port 993, which is secure, by default. Module 07 Page 691 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.