Chapter 7 - 01 - Discuss Essential Network Security Protocols - 07_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 IPsec Authentication and Confidentiality Q QO IPsec uses two different security services for authentication and confidentiality oo o Authentication Authentication Header Header (AH): (AH): Provides the the data data authentication authentication ofof Provides the sender Encapsulation Security Payload (ESP): Provides both the data authentication and encryption (confidentiality) of the sender M ea )& File Action View Help "_’*"‘f‘ b ”"T | 2mi 0|| - Security Srf:-:gls Rk Settings hoy S‘ft:"ty 4 S Bml o BZ v U4 Account Policies =3 Neme Name » 4 Account i Descripticn Policy Assigned Last Medifi Modifi Security Policy Wizard Policy Wizsrd IP1P Security > @ Password Policy Policy v |4 Local Policies : 1P Socuty Policy Namo Lockout Policy IP Security Policy Name Name ths IP[P Securty Name the Securty poboy pobcy and and provide provide aa bel beel desorption desoiption » U Audit Palicy Policy » 4 User Rughts Assignment Security Option: »» L4 Security Options » @ ‘\a\'mdamzd:l:dou;umdl with Advar » : ;’3:j:§:jf;::9" Policies » ] Windows Defender Firewall with Advar 1 Network List Manager Policies » | Public Key Policies X a5l Hame [bew Sociny P Porc] e Advanced Audit Policy Configuration /) O—ify oo (o]| o "’"\ Copyright ©© byby [ L All Rights Reserved. Reproduction is Strictly Prohibited IPsec Authentication and Confidentiality IPsec uses two different security services for authentication and confidentiality. Authentication Header (AH): It is useful in providing connectionless integrity and data origin authentication for IP datagrams and anti-replay protection for the data payload and some portions of the IP header of each packet. However, it does not support data confidentiality (no encryption). A receiver can select the service to protect replays, which is an optional service on establishing a security association (SA). against Encapsulation Security Payload (ESP): In addition to the services (data origin authentication, connectionless integrity, and anti-replay service) provided by AH, the ESP protocol offers confidentiality. Unlike AH, ESP does not provide integrity and authentication for the entire IP packet in the transport mode. ESP can be applied alone, in conjunction with AH, or in a nested manner. It protects only the IP data payload in the default setting. In the tunnel mode, it protects both the payload and IP header. Module 07 Page 716 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Exam 212-82 Certified Cybersecurity Technician Network Security Controls -— Technical Controls i Local Security Policy File Action View -— Ti Security Settings (3 Account Policies v [[4 [ Password Policy > (@ Name Neme Description > (4 A User Rights Assignment > (4 4 Security Options >5> [(7] Windows Defender Firewall with Advar, Advar Name: |— 'fi 5> 71 (7] Public Key Policies Descaption: Network List Manager Policies »>.|1 Software Restriction Policies. g g A > | Last Modifi X w» mfi:‘q ). P Secutty Policy Name Mame Name this IP Security policy and provide a brief description :St.o > (A - Audit Policy icati Policy Assigned IP Security Policy Wizard > 4 & Account Lockout Policy v [ 43 Local Policies > Xpd Help e e 2ame= 2@ o Hm Bm bB | [ O A" Polici IP Security Policies on Local Computer Advanced Audit Policy Configuration | < || < [ [ Net> | Cncel > Figure 7.21: Screenshot of local IPsec policy on Windows Module 07 Page 717 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 ¢ Protocol ilAMl \ (SE'TP) 1\.:ll it ,’l‘fil\“l Ui il Q Itis used for secure file transmission and file access over a reliable data stream Q It runs on TCP port 22 V‘m LR i 2 SFTPis a secure version of FTP and an extension of SSH2 protocol e, J O gi3 i§i3 = ;\‘k! Wflfil\“‘ 1 e : % Transfer v Secure File Client Server Copyright © by L All Rights Reserved. Reproductionis Strictly Prohibited. Secure File Transfer Protocol (SFTP) The Secure File Transfer Protocol (SFTP) is an enhanced version of FTP, that is used for accessing and transferring the files over a network securely. This protocol is also called as SSH File Transfer Protocol, as it uses Secure Shell (SSH) for secure transmission and user authentication. This protocol encrypts the plaintext information while transmitting it over a network and restricts unauthorized access and protects from password sniffing, and MITM attacks. The user and server authentication in SFTP is done using either a password or a pair of encryption keys (public and private keys). SFTP is a secure version of FTP and an extension of SSH2 protocol. It is used for secure file transmission and file access over reliable data stream. It runs on TCP port 22. IETF group has designed this protocol to perform secure file transfers and file access over Transport Layer Security (TLS). SFTP protocol supports the full authentication of SSH protocol. This SFTP protocol helps in protecting against password sniffing and man-in-the-middle attacks. SSH connection SFTP connection D) Client Server Figure 7.22: Working of SFTP Module 07 Page 718 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.