Phase 6
Network Security
Network security involves the protection of data as it travels the wires of your private network, or even as it traverses the public wires of the Internet. We’ll look at several techniques, including encrypting data for file transfers and implementing security on wireless networks.
The virtual private network (VPN) is one of the most common approaches to securing data as it flows over the network. There are many types of VPNs, and they vary in their strength of authentication, encryption, and integrity validation. Generally speaking, the stronger the authentication, encryption, and integrity validation, the greater the overhead on the system and the poorer the performance of the data transmission.
A VPN is often referred to as a tunnel, since it creates a secure tunnel through the nonsecure Internet.
VPNs typically have three major components:
- An authentication mechanism (which may be one-way or mutual), such as the following:
- Passwords
- Kerberos
- SESAME (Secure European System for Applications in a Multivendor Environment)
- Digital certificates (PKI)
- An encryption algorithm (or standard), which provides confidentiality; examples include the following:
- RC4
- DES
- 3DES
- AES
- An integrity-validation mechanism, which ensures that the data hasn’t been tampered with and can provide nonrepudiation in the strongest forms; examples include the following:
- MD5
- SHA1
- SHA2
- MAC
- MIC
- CCMP
First you’ll look at deploying VPNs on a corporate network through the use of Group Policy Objects (GPOs), and you’ll see how to take advantage of Active Directory to assist with this process. Then you’ll look at building a point-to-point VPN from a VPN client to a VPN server, as you would over the Internet. You’ll also explore performing secure, remote administration and securely launching administrative tools.
The tasks in this phase map to Domains 2, 3, and 5 objectives for the CompTIA Security+ exam (www.comptia.org/certifications/listed/security.aspx).