1 / 42

Chapter 9

Chapter 9. Web, Remote Access, and VPN Security. Objectives. Understand Internet security using protocols and services Configure Web browsers for security Configure remote access services for security Configure virtual private network services for security. Internet Security.

marcell-connor
Download Presentation

Chapter 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 9 Web, Remote Access, and VPN Security

  2. Objectives • Understand Internet security using protocols and services • Configure Web browsers for security • Configure remote access services for security • Configure virtual private network services for security Guide to Operating System Security

  3. Internet Security • Protocols and services must be kept secure • To ensure privacy of information • To discourage the spread of malicious software Guide to Operating System Security

  4. Internet Protocols and Services • Hypertext Transfer Protocol (HTTP) • Secure HTTP (S-HTTP) and Hypertext Transfer Protocol Secure (HTTPS) • File Transfer Protocol (FTP) • Network File System (NFS) • Samba and Server Message Block (SMB) Guide to Operating System Security

  5. HTTP • TCP/IP-compatible application protocol-transports information over the Web • Most recent version: HTTP/1.1 • Increases reliability of communications • Enables caching • Can send message responses before full control information from a request is received • Permits multiple communications over a single connection Guide to Operating System Security

  6. S-HTTP and HTTPS • Forms of HTTP used for more secure communications • S-HTTP • Standards-based protocol that enables use of a variety of security measures (including CMS and MOSS) • HTTPS • Essentially proprietary, but more compatible with encryption for IP-level communications • Uses SSL as a subprotocol Guide to Operating System Security

  7. File Transfer Protocol (FTP) • TCP/IP protocol that transfers files in bulk data streams • Uses two TCP ports (20 and 21) • Supports transmission of binary or ASCII formatted files • Commonly used on the Internet • Downloading files can be risky Guide to Operating System Security

  8. File Transfer Protocol (FTP) Guide to Operating System Security

  9. Network File System (NFS) • Designed for UNIX/Linux systems for file sharing • Connection-oriented protocol that runs within TCP • Uses remote procedure calls via TCP port 111 • Sends data in record streams • For security, let only authorized computers use NFS on host computer Guide to Operating System Security

  10. Samba and Server Message Block • Samba • Available for UNIX and Linux computers • Enables exchange of files and printer sharing with Windows-based computers through SMB protocol • Server Message Block • Used by Windows-based systems • Enables sharing files and printers • Employed by Samba Guide to Operating System Security

  11. Using Samba Guide to Operating System Security

  12. Configuring Web Browsers for Security • Applying security measures to popular Web browsers • Internet Explorer • Mozilla • Netscape Navigator Guide to Operating System Security

  13. Configuring Internet Explorer Security • Used with Windows and Mac OS X • Configure version of HTTP, use of HTTPS, FTP, and download access • Configure security by zones • Internet • Local intranet • Trusted sites • Restricted sites Guide to Operating System Security

  14. Internet Explorer Security Settings Guide to Operating System Security

  15. Configuring Internet Explorer Security • Internet Explorer Enhanced Security Configuration (Windows Server 2003) • Applies default security to protect server • Uses security zones and security parameters preconfigured for each zone Guide to Operating System Security

  16. Installing IE Enhanced Security Configuration Guide to Operating System Security

  17. Configuring Mozilla Security • Open-source Web browser • Can run on • Linux (by default with GNOME desktop) • UNIX • Mac OS X • OS/2 • Windows-based systems • Security configuration is combined with privacy configuration options Guide to Operating System Security

  18. Mozilla Security Categories Guide to Operating System Security

  19. Privacy & Security Option in Mozilla Guide to Operating System Security

  20. Configuring Netscape Navigator Security • Nearly identical to Mozilla; GUI offers: • A buddy list • Link to Netscape channels • Different sidebar presentation Guide to Operating System Security

  21. Netscape Navigator in Windows 2000 Server Guide to Operating System Security

  22. Privacy & Security Options in Netscape Guide to Operating System Security

  23. Configuring Remote Access Services for Security • Remote access • Ability to access a workstation or server through a remote connection (eg, dial-up telephone line and modem) • Commonly used by telecommuters Guide to Operating System Security

  24. Microsoft Remote Access Services • Enables off-site workstations to access a server through telecommunications lines, the Internet, or intranets Guide to Operating System Security

  25. Microsoft RAS Guide to Operating System Security

  26. Microsoft RAS - Supported Clients • MS-DOS • Windows 3.1 and 3.11 • Windows NT/95/98 • Windows Millennium • Windows 2000 • Windows Server 2003 and XP Professional Guide to Operating System Security

  27. Microsoft RAS • Supports different types of modems and communications equipment • Compatible with many network transport and remote communications protocols Guide to Operating System Security

  28. Microsoft RAS – Supported Connections (Continued) • Asynchronous modems • Synchronous modems • Null modem communications • Regular dial-up telephone lines • Leased telecommunication lines (eg, T-carrier) Guide to Operating System Security

  29. Microsoft RAS – Supported Connections (Continued) • ISDN lines (and “digital modems”) • X.25 lines • DSL lines • Cable modem lines • Frame relay lines Guide to Operating System Security

  30. Microsoft RAS – Supported Protocols • NetBEUI • TCP/IP • NWLink • PPP • PPTP • L2TP Guide to Operating System Security

  31. Understanding Remote Access Protocols • Transport protocols • TCP/IP • IPX • NetBEUI • Remote access protocols • Serial Line Internet Protocol (SLIP) • CSLIP • Point-to-Point Protocol (PPP) • PPTP • L2TP Guide to Operating System Security

  32. Configuring a RAS Policy • Employ callback security options (No Callback, Set by Caller, Always Callback to) • Install Internet Authentication Service (IAS) • Can be employed with Remote Authentication Dial-In User Service (RADIUS) and RADIUS server • Add participating RAS and VPN servers Guide to Operating System Security

  33. Remote Access Policies Objects in the IAS Tree Guide to Operating System Security

  34. Granting Remote Access Permission to RAS Guide to Operating System Security

  35. Enabling Access for a User’s Account via Remote Access Policy Guide to Operating System Security

  36. Configuring a RAS Policy • Use Remote Access Policies to configure security types • Authentication • Encryption • Dial-in constraints Guide to Operating System Security

  37. RAS Authentication Types (Continued) • Challenge Handshake Authentication Protocol (CHAP) • Extensible Authentication Protocol (EAP) • MS-CHAP v1 (aka CHAP with Microsoft extensions) • MS-CHAP v2 (aka CHAP with Microsoft extensions version 2) Guide to Operating System Security

  38. RAS Authentication Types (Continued) • Password Authentication Protocol (PAP) • Shiva Password Authentication Protocol (SPAP) • Unauthenticated Guide to Operating System Security

  39. RAS Encryption Options Guide to Operating System Security

  40. RAS Dial-in Constraints Options • Idle and session timeouts • Day and time restrictions • Whether access is restricted to a single number • Whether access is restricted based on media used Guide to Operating System Security

  41. Security on a Virtual Private Network • VPN • An intranet designed for restricted access by specific clients based on subnets, IP addresses, user accounts, or a combination • Apply same remote access policies as to RAS servers Guide to Operating System Security

  42. Summary • Protocols and services that enable Internet security • Configuring Web browsers for security • Internet Explorer • Mozilla • Netscape Navigator • How to configure a server’s remote access services to enforce security • Applying security options to a VPN Guide to Operating System Security

More Related