Flylib.com

Books Software

 
 
 

Category list


Similar pages

Security + Exam Guide (Charles River Media Networking/Security) - page 29


Buy on amazon.com >>
Crayton Ch. A.
    << Previous page
    Table of contents
    Next page >>
     < Day Day Up > 

    802.1X

    802.1X is an IEEE standard for wireless connectivity that uses port-based access control. It falls under the influence of the initial IEEE standard 802.11 for Wireless Local Area Networks (WLANs). The IEEE (Institute of Electrical and Electronics Engineers) and the standards that apply to networking technologies in general are explained in Chapter 4. In this chapter, we will discuss all of the IEEE 802.11 standards for wireless networking.

    The 802.1X standard is designed to provide a better framework that supports improved security for users on wireless networks by the implementation of centralized authentication. 802.1X uses the Extensible Authentication Protocol (EAP), which enables the technology to work with wireless, Ethernet, and Token Ring networks.

    With 802.1X authentication, a wireless client who wishes to connect to and be authenticated on network is called a supplicant . The supplicant must first request access from an access point, which is also known as an authenticator . If the access point detects the request for access from the supplicant, the access point will enable the supplicant’s port and only let 802.1X traffic be transmitted. This allows the client to transmit a start-up message known as an EAP start message; the supplicant’s identity and credentials are then provided to the access point.

    Next, the access point transmits the information to an authentication server, which is typically a server that runs RADIUS (Remote Authentication Dial-In User Service). The authentication server can use various algorithms to allow the user to be authenticated, eventually. Once the server authenticates the validity of the user , it will transmit either an acceptance or rejection acknowledgement of the client’s request to the access point. If the access point receives positive feedback from the RADIUS authentication server, the access point will enable or activate the supplicant’s port for normal network traffic. See Figure 3.1 for a visual regarding 802.1X authentication.

    click to expand
    Figure 3.1: 802.1X authentication.

    To best understand this process, match the following descriptions with their corresponding numeric values in Figure 3.1:

    1. A start message is sent from the remote client to the access point and the access point asks the client for identification.

    2. The client sends its identity to the access point. The access then transmits or forwards the client’s identity to an authentication server.

    3. The authentication server transmits an accept or reject message to the access point.

    4. If the access point receives an accept message from the authentication server, the client’s port activates and the client is allowed to communicate with the server.

    The 802.1X standard is fairly new and it is likely that CompTIA will target it on the exam specifically within a wireless or remote connectivity related question.

    Microsoft does a great job explaining this technology. If you are interested in learning more about 802.1X, you may find the following site very informative: http://www.microsoft.com/windowsxp/pro/techinfo/planning/wirelesslan/solutions.asp .


     < Day Day Up > 
     < Day Day Up > 

    E-mail Security

    At home or work, e-mail is arguably the most important communication tool available in today’s fast paced technical world. E-mail is a fast, inexpensive, acceptable way to transfer information and communicate. Unfortunately, the use of e-mail and attachments to e-mail messages provide a very large security threat to the welfare of systems and networks in general. Providing secure e-mail and messaging systems has quickly become a top priority for home users and businesses alike.

    Threats

    There are many threats associated with the use of e-mail. Virus threats are usually the most thought of but threats in the form of malicious content, leaks of confidential information, and the threat of those not-so-innocent spammers are becoming much more of a concern today. Server and workstation downtime, as well as the basic loss in human productivity that can result from these threats, are motivating the penny pinchers to invest more in e-mail and network security.

    The most obvious threat to e-mail and e-mail systems comes in the form of e-mail related viruses. E-mail attachments offer an excellent opportunity for dangerous viruses to be proliferated and released even in a firewall-protected corporate network environment. Firewalls protect intranetworks from unauthorized user access. Unfortunately, they do not scan or filter e-mail and attachments. It is important to implement and enforce a proactive plan that includes an e-mail antivirus system with updated virus definitions that scan all attachments that are included with incoming e-mail.

    It is also imperative that e-mail users are educated and informed of the dangers that can occur with the improper handling of dangerous e-mail messages. In other words, good e-mail security plans should include the empowerment of users to assume some basic common sense when opening e-mail and attachments that are suspicious.

    Our basic human nature tells us to click on things we shouldn’t. If curiosity killed the cat, lack of common sense killed the human’s local area network. Here is an example you can use as a demonstration. Create a Hotmail or some form of Web mail account with an obscure address. Then, send an innocent e-mail with an executable attachment to five people you know. Name the subject, “Don’t Open This, It’s Very Dangerous.” Check to see how many of the five people opened the e-mail. Get the meaning? Could this possibly be considered a form of social engineering?

    Confidential information leaks from within corporate infrastructures seem to be very prevalent these days. Disgruntled employees or employees with little common sense can forward company data and personal information to the outside world. This can lead to serious legal ramifications .

    Spammers , or unsolicited commercial mail distributors , can use corporate mail servers as hosts to spread their advertisements within a company and beyond. This can cause a company to be blacklisted with Internet service providers and cause a reduction to the productivity of a mail server.

    Here are some basic guidelines to file that can save you or your company a lot of time, money, and sanity when it comes to protecting e-mail:

    1. Develop a corporate e-mail security policy that defines a set of rules your users should follow. In other words, take the time to educate them on some of the common practices that should be followed, such as confidentiality and general security practices.

    2. Install a proven antivirus protection product that scans all inbound and outbound e-mail and attachments. The product should provide an alerting service and a centralized quarantine snap-in to isolate viruses if detected . Very importantly, if your users have the ability to use outside mail services from their desktops, install a desktop solution that scans IMAP and POP3 mail services.

    3. Install content-filtering software that scans for key phrases and information in e-mail that might be confidential to your company.

    4. Install an anti-spam software product that will identify and allow you to block out unwanted/unsolicited information.

    S/MIME (Secure Multipurpose Internet Mail Extensions)

    S/MIME (Secure Multipurpose Internet Mail Extensions) is a method/protocol used to secure the sending of messages between various e-mail clients . It is based on the RSA (Rivest-Shamir-Adleman) encryption system. S/MIME consists of an updated set of standards that improve upon the original version of MIME. Its main function is to provide authenticity and privacy for e-mail messages in MIME format. S/MIME is included in popular Web browsers that are offered from such vendors as Netscape and Microsoft. S/MIME will also be covered in Chapter 5.

    Note 

    It is likely that you will be asked what S/MIME is associated with. If offered the choice, and there will most likely be a choice, a good selection would be, “e-mail security.”

    PGP (Pretty Good Privacy)

    Developed by Philip R. Zimmerman in 1991, PGP (Pretty Good Privacy) is one of the most common and easiest to use methods for encrypting and decrypting messages over the Internet. It is also free.

    PGP uses public key encryption based techniques to secure messaging. With PGP, a user creates a key pair and protects the private key with what is known as a pass phrase . The public key part of the key pair is used for the encryption of messages for other users.

    Note 

    When using PGP, the pass phrase that protects the private key must not be forgotten. If the user forgets the pass phrase, the message cannot be deciphered.

    In a nutshell , first, PGP will create a session key for a message that is to be encrypted. Next, PGP uses the IDEA (International Data Encryption Algorithm), which uses a block cipher or symmetric cipher and a 128-bit key to encrypt the message. Then, PGP uses the RSA algorithm to encrypt the session key with the receiver’s public key. Finally, the packaged message and key are ready to be sent. PGP will be further discussed in Chapter 5.

    Hoaxes

    A computer-related hoax is a myth or false representation regarding a computer-related virus. The hoax can be either a false warning or an actual file or object that closely resembles that of an actual virus. Hoaxes are usually meant to scare and cause security related hysteria. Typically, hoaxes or the news of possible fake threats spread through the Internet and corporate infrastructures like wildfire . They are like headlines or new office gossip. “Did you hear about the new eat-your-computer- alive virus?” Then, almost as quickly as the hoax is created, office staff and administrators scurry to find a fix.

    The most dangerous of hoaxes will warn the recipient that there is a dangerous file and/or program residing in a system. The hoax will suggest that the recipient remove the dangerous file or program. The bad news—the recipient just wiped out an important system file that is needed for the operating system or program to exist or function. Real nice; we can only hope that the recipient has a good backup!

    Hoaxes can cause a tremendous loss in productivity. The time and resources it takes to investigate hoaxes could be much better spent on actual company production issues. Unfortunately, hoaxes are part of the electronic world in which we live and must be handled with care. Could a hoax be another form of social engineering? You bet.

    The best way to tell if an attachment or suspect file name is actually a hoax is through research and education. A great Internet site that allows you to do a computer virus hoax search from A-Z is http://vmyths.com .

    If you have a good antivirus program and support contract, you can always consult the manufacturer’s Web site or call them for valid viruses/ hoax verification.

    As a basic rule of thumb, you should always assume that a hoax or threat is real but use common sense. Don’t take action based on unprofessional advice or hearsay. Finally, by no means should you apply fixes or patches without consulting a legitimate reference.

    Note 

    Be prepared to answer questions that ask you how you would react to a hoax. Do you go ballistic and get everyone worried, causing large amounts of network traffic with a bombardment of e-mail and IMs (instant messages)? Or, do you remain calm and quietly investigate to see if the hoax is real? Please choose the second option.


     < Day Day Up > 

    Buy on amazon.com >>
    Crayton Ch. A.
      << Previous page
      Table of contents
      Next page >>

      Similar products

       
      flylib.com © Copyright 2008-2013. All Rights Reserved.
      if you may any questions please contact us: flylib@qtcs.net
      Privacy policy