2.17. Identifying the Purpose and Function of Various Security Protocols

As we discussed earlier, a protocol is a set of standards or defined rules of behavior. In regard to computers, the protocol is somewhat like a language that defines how computers communicate. If two computers do not share the same set of rules, they cannot communicate with each other. When we are connecting computers, we ensure that we are using the same protocol so that the computers can communicate; however, we can also use protocols to create an environment that does not allow another computer to interpret the communication.

The purpose of security protocols is to create a secure communication channel by using a set of rules and standards that are known only by specific entities. Computers that are configured with the correct protocols and other specific configuration can communicate, but other computers cannot interpret the communication. You can choose from several security protocols for your own environment. Some are designed to authenticate computers, while others are designed to encrypt or scramble data so that it cannot be read by others. Encryption protocols continue to evolve, but let's look at some protocols of which you should be aware for the test.

2.17.1. Critical Information

You should be able to identify the most common security protocols. In addition, be able to describe the purpose and function of each of the most common protocols used for authentication and encryption.

2.17.1.1. Internet Security Protocol (IPSec)

Internet Security Protocol (IPSec) is a protocol designed to encrypt data during communication between two computers. It operates at the Network layer of the OSI model and provides security for protocols that operate at the higher layers of the OSI model. Because of this, you can use IPSec to secure practically all TCP/IP-related communications.

The function of IPSec is to ensure that data on network is safe from being viewed, accessed, or modified by anyone except the intended receiver. IPSec can be used to provide security within networks as well as between networks. To be more specific, IPSec has three main security services:

Data verification

Ensures that the data that is received is actually from the source from which it appears to have originated.

Protection from data tampering

Ensures that the data has not been changed in any way during the transmission between the sending computer and the receiving computer.

Private transactions

Ensures that the data that is sent is readable only by the intended receiver.

There are two main modes of IPSec: transport mode and tunnel mode. Transport mode is used to send and receive encrypted data within the same network. Tunnel mode is used to send encrypted data between networks. It includes an encryption mechanism as well as an authentication mechanism. The only Microsoft clients that can use IPSec are Windows 2000 Professional and later.

2.17.1.2. Layer 2 Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol that is used to secure data transfer and prevent data from being modified during transit. It is considered more secure than PPTP, but it is limited in use to the very latest clients and servers. The only Microsoft clients that support L2TP are Windows 2000 Professional and later. Windows 2000 Server and later servers also support L2TP.

L2TP authenticates the client in a two-phase process. First, it authenticates the computer and then it authenticates the user. Authenticating the computer helps to prevent a man-in-the-middle attack where the data is first intercepted by another computer and then forwarded to the intended receiver. LT2P can also authenticate the end of the tunnel with an IP address, so that it doesn't send data to an unintended receiver. L2TP works by using digital certificates, which means the computers that use L2TP must support digital certificates.

2.17.1.3. Secure Sockets Layer (SSL)

Secure Sockets Layer (SSL) is a security protocol that is used on the Internet. It was originally developed by Netscape for use with its Navigator browser. SSL uses public key encryption to secure communications over the Internet. You can use SSL to connect to a website by using a secure Uniform Resource Locator (URL) that begins with https://instead of http://. You must also use a browser that supports SSL.

SSL secures communication over the Internet by providing three key services:

Server authentication

The user can confirm a server's identity. This is very useful if you are purchasing something on the Web. On the Internet Explorer browser, you can double-click on the "gold lock" at the bottom of a secure page to view a server's certificate of authentication.

Client authentication

The server can confirm a user's identity. This is for sensitive information such as banking information or medical information. The server can verify the identity of the requester before sending the information.

Encrypted connections

Data can be protected during transit. You can configure SSL to encrypt the data and to prevent the data from being tampered with or modified during transit.

2.17.1.4. Wired Equivalent Privacy (WEP)

As we discussed in Chapter 1, wireless networks are becoming increasingly popular in today's networks. Because of this, we need to secure communications on wireless networks just as we secure them on wired networks. One of the first attempts at wireless security was Wired Equivalent Privacy (WEP), which attempted to secure wireless connections on 802.11b-based networks. WEP attempted to secure the connections by encrypting the data transfer, but WEP was found not to be "equivalent to wired" security because the security mechanisms that were used to establish the encryption were not encrypted. In addition, WEP only operates at the lower layers of the OSI model and therefore cannot offer end-to-end security for applications. Because of these shortcomings, many people have chosen newer and more sophisticated methods of securing wireless communications.

2.17.1.5. Wi-Fi Protected Access (WPA)

Wi-Fi Protected Access (WPA) was designed to improve on WEP as a means of securing wireless communications. It can usually be installed as an upgrade on systems that currently use WEP. WPA offers two distinct advantages over WEP:

• Improved data encryption through Temporal Key Integrity Protocol (TKIP), which scrambles the keys using a hashing algorithm. TKIP also provides an integrity-checking feature that ensures that the keys haven't been tampered with or altered.

• User authentication through the use of the EAP and user certificates. This ensures that only authorized users are given access to the network.

2.17.1.6. 802.1x

The latest and most advanced form of wireless security is 802.1x, which is the name for the IEEE standard that it supports. This type of wireless security is a standard feature of the latest operating systems such as Windows XP Professional. Access can be controlled per user and/or per port. 802.1x uses EAP to provide the following methods of authentication:

EAP Transport Level Security (EAP-TLS)

This is the strongest method of encryption. EAP-TLS requires a certificate-based security environment. In other words, a form of certificate authority must be used. It provides mutual authentication, negotiation of the encryption method, and encrypted key determination between the client and the authenticator.

Protected EAP (PEAP)

PEAP uses TLS to enhance the security of other authentication methods such as CHAP. PEAP can be used without certificates unless it is being used in conjunction with MS-CHAP v2, which requires certificates in order to provide mutual authentication between the client and the server.

Remote Authentication Dial-In User Services (RADIUS)

Clients can be authenticated to use a wireless connection based on a current logon that can be authenticated by a domain controller. This method is used only when the user has an account in a domain such as a Microsoft Windows Active Directory domain.

2.17.2. Exam Essentials

Describe the purpose and function of IPSec. IPSec is a protocol designed to secure data communication between two computers. The function of IPSec is to ensure that the transmitted data has not been viewed accessed or modified by anyone except the intended receiver. IPSec can be used within networks (transport mode) and/or between networks (tunnel mode).

Explain the purpose and function of L2TP. L2TP is a tunneling protocol that is considered more secure than PPTP. L2TP uses digital certificates to provide authentication of the client computer as well as the user of the connection. L2TP can protect against the man-in-the-middle attack by authenticating the client computer and the tunnel IP address before sending data down the tunnel.

Understand the purpose and function of SSL. SSL is a security protocol for sending information over the Internet. You can access a secure website on a browser using https:// at the beginning of the URL instead of http://. SSL uses public key cryptography to provide secure communication and to allow authentication of the server to the client, authentication of the client to the server, and encryption of the data transfer.

Know the purpose and function of WEP. WEP was one of the first attempts to provide security for a wireless network. WEP provides security by encrypting the data traffic after the user has authenticated, but the authentication itself is in clear text and not secure. The shortcomings of WEP have resulted in its replacement by stronger methods of wireless security, such as WPA and 802.1x.

Describe the purpose and function of WPA. WPA is a wireless security protocol that was developed to strengthen the security of wireless systems that were already using WEP. WPA offers advantages, including improved encryption methods using TKIP and improved authentication methods using EAP.

Explain the purpose and function of 802.1x. 802.1x is the most advanced wireless protocol available today. It can control access on a per user and/or per port basis. 802.1x can be used in conjunction with certificate-based methods, standard methods (such as CHAP), or RADIUS authentication with a centralized authenticator.