Chapter 7 - 01 - Discuss Essential Network Security Protocols - 05_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Transport Layer Security (TLS) QO Transport layer security (TLS) ensures a secure communication between client-server applications over the internet QO O It prevents the network communication from being eavesdropped or tampered ’ \ Layers of TLS Protocol TLS Record Protocol = |t ensures connection security with encryption TLS Record Protocol TLS Handshake Protocol = ITLS Record Protocol 1 1 1 |tensures server and client authentication ‘ TCP/IP Copyright © by EC Transport Layer Security (TLS) The transport layer security (TLS) provides a secure communication of data in addition to the confidentiality and reliability between the communicating parties. The following are the properties of a secure TLS connection: = |t ensures confidentiality and reliability of data during communication between a client and a server using symmetric cryptography. = |t authenticates communication applications using public key cryptography. = The authentication codes can maintain the reliability of the data. = TLS consists of two protocols: o TLS record protocol: This protocol provides security using the encryption method. o TLS handshake protocol: This protocol provides security by performing an authentication of a client and a server before communication. Module 07 Page 703 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Application ITI.S Record Protocol =TI.S Figure 7.13: Layers of TLS Protocol Module 07 Page 704 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Secure Sockets Layer (SSL) A QO Secure sockets layer (SSL) was developed by Netscape for managing the security of a message transmission on O It uses the RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections the internet Client Hello session ID, key (includes SSL version, exchange alg pression algorithms, and MAC algorithms) Determines the SSL version and encryption algorithms to be used for the communication; sends Server Hello message (Session 1D) and Certificate message (local certificate) Hash value is cakulated for the exchanged handshak ges and then compared 9 to the hash value received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends a Change Cipher Spec message and also sends Finished (hash of handshak ) e H Secure Sockets Layer (SSL) The secure sockets layer (SSL) is a protocol used for providing a secure authentication mechanism between two communicating applications such as a client and a server. SSL requires a reliable transport protocol, such as TCP, for data transmission and reception. Any application-layer protocol that is higher than SSL, such as HTTP, FTP, and telnet, can form a transparent layer over the SSL. SSL acts as an arbitrator between the encryption algorithm and session key. It also verifies the destination server prior to the transmission and reception of data. SSL encrypts the complete data of the application protocol to ensure security. The SSL protocol also offers “channel security” via three basic properties: = Private channel: All the messages are encrypted after a simple handshake is used to define a secret key. = Authenticated channel: The server endpoint of the conversation is always encrypted, whereas the client endpoint is optionally authenticated. = Reliable channel: Message transfer undergoes an integrity check. SSL uses both asymmetric and symmetric authentication mechanisms. Public key encryption verifies the identities of the server, the client, or both. Once the authentication is completed, the client and the server can create symmetric keys allowing them to communicate and transfer data rapidly. An SSL session is responsible for carrying out the SSL handshake protocol for organizing the states of the server and clients, thus ensuring the consistency of the protocol. Module 07 Page 705 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls - Technical Controls Exam 212-82 Client Hello message (includes SSL version, randomly generated data, encryption algorithms, session ID, key exchange algorithms, compression algorithms, and MAC algorithms) T TN < sevennnd Determines the SSL version and encryption algorithms to be used for the communication; sends Server Hello message (Session ID) and Certificate message (local certificate) < A ° Sends a Server Hello Done message e Verifies the Digital certificate; generates a random premaster secret (Encrypted with server's public key) and sends Client Key Exchange message with the premaster secret T T TP PP PP PP TP Sends a Change Cipher Spec message and also sends Finished message (hash of handshake message) Hash value Is calculated for the exchanged handshake messages and then compared to the hash value received from the client; If the two match, the key and cipher suite negotiation succeeds. Sends a Change Cipher Spec message and also sends Finished message (hash of handshake message) -3 A : 6 : H - Figure 7.14: Working of SSL Module 07 Page 706 Certified Cybersecurity Technician Copyright © by EC-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Certified Cybersecurity Technician Network Security Controls — Technical Controls Network Security Controls — Technical Controls Exam Exam212-82 212-82 Secure Real-time Real-time Transport Transport Protocol Protocol Secure (SRTP) (SRTP) The Secure Secure Real-time Real-time Transport Transport Protocol Protocol is isanan advanced advanced version version O QO The of the Real-Time Transport Protocol (RTP) of the Real-Time Transport Protocol (RTP) provides security security features features such such asas encryption, encryption, confidentiality, confidentiality, Q O It Itprovides integrity, authentic ation, and defense defense against against replay replay attacks integrity, authentication, and attacks and and denial-of-service attacks attacks for for RTP RTP messages messages denial-of-service SRTP and and SRTCP SRTCP are are secure secure versions versions ofof RTP RTP and and RTCP, RTCP, OO SRTP respectively, which which are are used used for for media media transmission transmission between between respectively, devices connected devices connected Device Device 22 Device 1 Device 1 Copyright Copyright ©© byby | L L AllAll Rights is Strictly Prohibited Rights Reserved. Reserved. Reproduction Reproductions Strictly Prohibited. Secure Real-time Real-time Transport Transport Protocol Protocol (SRTP) Secure The Secure Secure Real-Time Real-Time Transport Transport Protocol Protocol (SRTP) is an advanced The advanced version of of the the Real-Time Real-Time Transpo rt Protoco l (RTP). SRTP provide s securit Transport Protocol provides securityy features, features, such as encryption, encryption, confidentiality, confidentiality, integrity, authentication, authentication, and defense against replay attacks and denialintegrity, denial-of-service of-service (DoS) (DoS) attacks, attacks, for es. SRTP employ for RTP RTP messag messages. employss the Advanc Advanced Encryption Standard (AES) as the default ed Encryption Standard (AES) as the default encrypt ion method , but it can also accom modate new encrypt encryption method, accommodate encryption standards. ion standar ds. SRTP SRTP and and Secure Secure RTP RTP Control Control Protoco Protocoll (SRTCP) are secure version versionss of of RTP RTP and and RTCP, RTCP, respect ively, and are used for media respectively, and media transmi transmission between connected devices.. While While SRTP SRTP isis ssion betwee n connec ted devices used for transmi tting s and used for transmitting data, data, SRTCP SRTCP control controls and checks checks the the transmi transmitted data. tted data. SRTP SRTP LDAPS Remote User Client T a TLS request Q TLS response > LDAPS Server o Bind request........................................................................................ > e Bind successful 0 User authentication request o Search successful 0 Authentication/authorization request (-....................................................................................... ¢ Login successful N N 0 Authentication/authorization successful PRI (AP AT AT A TP Lightweight Directory Access Protocol over SSL (LDAPS) Lightweight Directory Application Protocol Secure (LDAPS) or LDAP over SSL is a secure version of LDAP that establishes a secure connection using SSL/TLS to ensure that all the data packets being transferred between an LDAP client and LDAP server are encrypted. LDAPS safeguards user credentials, maintaining privacy and integrity across the network. As LDAP transmits all the data in plaintext, the secure version of LDAP (LDAPS) is preferred. The communication or packet transfer between an LDAP client and server machines are monitored or managed through a secure network monitoring program or device known as an LDAPS client. How LDAPS works To establish a secure LDAPS connection between a remote user and a server, the configurations or credentials are stored either in an LDAP-compatible database or an LDAP server. The LDAPS client is a program configured as a part of the OS of the user device. The LDAPS client communicates with the LDAP server on behalf of the remote user. The LDAPS authentication process is as follows: = The remote user signs into an OS or LDAPS client using Telnet/SSH. = The LDAPS client builds a TCP connection with the LDAPS server through a TLS request. = Upon receiving a TLS response from the server, the client and server validate their identities. = The LDAPS client validates itself from a proxy account, which is created on the LDAPS server through a Bind request. = After the successful Bind operation, the server transfers an acknowledgment message to the LDAPS client. Module 07 Page 708 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 = The LDAPS client then sends user credentials for authentication. = After completing the authentication/authorization process with the server successfully, the LDAP client informs the remote user about the successful connection or login attempt. rernncnnneeen)>............... DIDEA.......... A SSH/Telnet LDAPS Remote 4A Client e TLS request Q TLS response o Bind request e Bind successful Q User authentication request o Search successful................................................................................. > DT T T T LDAPS Server T LTI LT T PPP PP >.................................................................................. ---------------------------------------------------------------------------------- : o Login successful ---------------------------------------------------------------------------------- Figure 7.16: Working of LDAPS Module 07 Page 709 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited.