1. Chapter 9 SECURINGNETWORK COMMUNICATION

2. Chapter 9: SECURING NETWORK COMMUNICATION OVERVIEW • List the major threats to network communications. • Describe the functions of Internet Protocol Security (IPSec). • Understand the functions and architecture of the IPSec protocols. • List the components of a Microsoft Windows Server 2003 IPSec implementation. • List the default IPSec policies included in Windows Server 2003 and their applications.

3. Chapter 9: SECURING NETWORK COMMUNICATION OVERVIEW (CONTINUED) • Understand the functions of an IPSec policy’s components. • Use the IP Security Policies snap-in to manage IPSec policies. • List the standards that define common wireless local area network (WLAN) technologies. • Describe the security problems inherent in wireless networking. • List the mechanisms that WLANs running IEEE 802.11 based on the Microsoft Windows operating system can use to authenticate clients and encrypt transmitted data.

4. Chapter 9: SECURING NETWORK COMMUNICATION PLANNING AN IPSec IMPLEMENTATION • Network traffic normally traverses the network unencrypted. • If someone captures traffic from the network, it can be easily viewed. • IPSec extensions are a means of securing the actual network communications.

5. Chapter 9: SECURING NETWORK COMMUNICATION POTENTIAL THREATS

6. Chapter 9: SECURING NETWORK COMMUNICATION INTRODUCING NETWORKSECURITY PROTOCOLS

7. Chapter 9: SECURING NETWORK COMMUNICATION PROTECTING DATA WITH IPSec • IPSec protects data by digitally signing and encrypting it before transmission. • IPSec operates as an extension to Internet Protocol (IP) and provides end-to-end encryption. • IPSec can encrypt any traffic that takes the form of IP datagrams, no matter what kind of information is inside them.

8. Chapter 9: SECURING NETWORK COMMUNICATION IPSec FUNCTIONS • IPSec performs a number of security functions, including key generation, cryptographic checksums, mutual authentication, replay prevention, and IP packet filtering. • Using IPSec prevents viewing, changing, or deleting data in a packet. • IPSec also prevents IP address spoofing.

9. Chapter 9: SECURING NETWORK COMMUNICATION IPSec PROTOCOLS The IPSec standards define two protocols: • IP Authentication Header (AH) • IP Encapsulating Security Payload (ESP)

10. Chapter 9: SECURING NETWORK COMMUNICATION IP AUTHENTICATION HEADER IP Authentication Header protocol: • Does not encrypt the data in IP packets, but it does provide authentication, anti-replay, and integrity services • Ensures that no one has modified the packets en route, and that the packets did actually originate at the system identified by the packet’s source IP address

11. Chapter 9: SECURING NETWORK COMMUNICATION IP ENCAPSULATING SECURITY PAYLOAD: • IP Encapsulating Security Payload • Prevents unauthorized people from being able to read information in packets by encrypting the data • Provides authentication, integrity, and antireplay services • Although AH and ESP perform some of the same functions, using both protocols provides the maximum possible security for a data transmission.

12. Chapter 9: SECURING NETWORK COMMUNICATION TRANSPORT MODE AND TUNNEL MODE • IPSec can operate in two modes: transport mode andtunnel mode. • Transport mode is used between IPSec-enabled computers. • Tunnel mode is used between IPSec-enabled routers.

13. Chapter 9: SECURING NETWORK COMMUNICATION DEPLOYING IPSec • All versions of the Windows operating system since Windows 2000 support IPSec. • IPSec policiesdefine when and how systems should use IPSec. • IPSec implementations on Windows Server 2003 should be compatible with IPSec implementations on other operating systems that conform to Internet Engineering Task Force (IETF) standards.

14. Chapter 9: SECURING NETWORK COMMUNICATION IPSec COMPONENTS IPSec in Windows Server 2003 consists of the following components: • IPSec policy agent • Internet Key Exchange (IKE) • IPSec driver

15. Chapter 9: SECURING NETWORK COMMUNICATION PLANNING AN IPSec DEPLOYMENT • Using IPSec creates additional network traffic. • Processor overhead associated with network communications also increases with IPSec deployment. • Backward compatibility must be considered because operating systems earlier than Windows 2000 do not support IPSec without the addition of third-party software.

16. Chapter 9: SECURING NETWORK COMMUNICATION WORKING WITH IPSec POLICIES • IPSec policies are administered through the IP Security Policies Microsoft Management Console (MMC) snap-in. • IPSec policies define which traffic must be secured and which actions are performed on traffic that does or does not meet criteria. • Three IPSec policies are created by default. More can be created as required.

17. Chapter 9: SECURING NETWORK COMMUNICATION USING THE DEFAULT IPSec POLICIES

18. Chapter 9: SECURING NETWORK COMMUNICATION MODIFYING IPSec POLICIES IPSec policies consist of three elements: • Rules • IP filter lists • Filter actions

19. Chapter 9: SECURING NETWORK COMMUNICATION COMMAND-LINE TOOLS • Netsh.exe • Netdiag.exe

20. Chapter 9: SECURING NETWORK COMMUNICATION TROUBLESHOOTING IPSec There are two ways to ensure that IPSec is functioning: • Perform a packet capture of the network traffic. • Check the statistics node of the IPSec monitor.

21. Chapter 9: SECURING NETWORK COMMUNICATION THE IP SECURITY MONITOR

22. Chapter 9: SECURING NETWORK COMMUNICATION TROUBLESHOOT IPSec AUTHENTICATION There are three methods used toauthenticate an IPSec connection: • Preshared key authentication • Kerberos authentication • Certificate-based authentication

23. Chapter 9: SECURING NETWORK COMMUNICATION SECURING A WIRELESS NETWORK • Wireless networks are becoming increasingly popular. • Related hardware is becoming more affordable. • Wireless networks present more and different security challenges than their wired counterparts.

24. Chapter 9: SECURING NETWORK COMMUNICATION UNDERSTANDING WIRELESS NETWORKING STANDARDS • Wireless networking standards are developed and ratified by the Institute of Electrical and Electronics Engineers (IEEE). • Three standards have been defined: • 802.11b: Offers speeds up to 11 megabits per second (Mbps) • 802.11a: In development. Uses different frequency ranges than 802.11b. Offers speeds up to 54 Mbps • 802.11g: Uses the same frequency ranges as 802.11b. Offers speeds up to 54 Mbps

25. Chapter 9: SECURING NETWORK COMMUNICATION WIRELESS NETWORKING TOPOLOGIES

26. Chapter 9: SECURING NETWORK COMMUNICATION UNDERSTANDING WIRELESS NETWORK SECURITY • Wireless networks present security risks that are not present when using traditional wired networks. • Logical security becomes of paramount concern because physical security measures are not necessarily preventative. • Two main concerns when using wireless networks are unauthorized access and data interception.

27. Chapter 9: SECURING NETWORK COMMUNICATION CONTROLLING WIRELESS ACCESS USING GROUP POLICIES

28. Chapter 9: SECURING NETWORK COMMUNICATION AUTHENTICATING USERS • Open System authentication • Shared Key authentication • IEEE 802.1x authentication

29. Chapter 9: SECURING NETWORK COMMUNICATION OPEN SYSTEM AUTHENTICATION • Open System authentication is the default authentication method used by IEEE 802.11 devices. • Despite the name, it offers no actual authentication. • A device configured to use Open System authentication will not refuse authentication to another device.

30. Chapter 9: SECURING NETWORK COMMUNICATION SHARED KEY AUTHENTICATION • Devices authenticate each other using a secret key that both possess. • The key is shared before authentication using a secure channel. • All the computers in the same basic service set (BSS) must possess the same key.

31. Chapter 9: SECURING NETWORK COMMUNICATION IEEE 802.1x AUTHENTICATION • The IEEE 802.1x standard defines a method of authenticating and authorizing users on any 802 local area network (LAN). • Most IEEE 802.1x implementations useRemote Authentication Dial-In User Service(RADIUS) servers. • RADIUS typically uses one of the following two authentication protocols: • Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) • Protected EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MS-CHAP v2)

32. Chapter 9: SECURING NETWORK COMMUNICATION ENCRYPTING WIRELESS TRAFFIC • The IEEE 802.11 standard uses an encryption mechanism called WEP to secure data while in transit. • WEP uses the RC4 cryptographic algorithm developed by RSA Security Inc. • WEP allows the key length, as well as the frequency with which the computers generate new keys, to be configured.

33. Chapter 9: SECURING NETWORK COMMUNICATION SUMMARY • IPSec is a set of extensions to IP that provide protection for data as it is transmitted over the network. • IPSec can operate in transport mode or tunnel mode. • The IPSec implementation in Windows Server 2003 consists of the IPSec policy agent, IKE, and the IPSec driver. • Windows Server 2003 IPSec has three default policies. You can use these policies or create your own. • IPSec policies consist of rules, IP filter lists, and filter actions. A rule is a combination of an IP filter list and a filter action.

34. Chapter 9: SECURING NETWORK COMMUNICATION SUMMARY (CONTINUED) • Incompatible configuration settings are a common cause of IPSec communication problems. • Most WLANs in use today are based on the 802.11 standards published by the IEEE. • To secure a wireless network, you must authenticate clients before they are granted network access and encrypt all packets transmitted over the wireless link. • To authenticate IEEE 802.11 wireless network clients, you can use Open System authentication, Shared Key authentication, or IEEE 802.1x. • To encrypt transmitted packets, the IEEE 802.11 standard defines the WEP mechanism.