Material Estudio

Guide to Operating
System Security
Chapter 1
Operating Systems Security
Keeping Computers and
Networks Secure
Objectives
Explain what operating system and network

security means
Discuss why security is necessary
Explain the cost factors related to security
Describe the types of attacks on operating
systems and networks
Discuss system hardening, including features
in operating systems and networks that enable
hardening
Guide to Operating System Security
What Is Operating System and

Network Security?
Ability to reliably store, modify, protect, and

grant access to information, so that
information is only available to designated
users
Operating Systems and Security
Operating systems
Provide basic programming instructions to

computer hardware
Interface with user application software and
computers BIOS to allow applications to interact
with hardware
Security issue
Potential to provide security functions at every

level of operation
Operating System Components
Application programming interface (API)

Basic input/output system (BIOS)
Basic form of security: Configure BIOS password

security
Kernel
Resource managers
Device drivers
Operating System Functions and

Components
Computer Networks and

Security
Computer network
System of computers, print devices, network

devices, and computer software linked by
communications cabling or radio and microwaves
Security issue
All networks have vulnerable points that require

security
Types of Networks
Classified by reach and complexity
Local area networks (LANs)

Metropolitan area networks (MANs)
Wide area networks (WANs)
Enterprise networks
Resources in an Enterprise
Network
Careers in Information Security
Number of jobs has increased by 100% per

year since 1998
Potential for healthy salaries and
organizational advancement
10
Why Security Is Necessary
Protects information and resources

Ensures privacy
Facilitates workflow
Addresses security holes and software bugs
Compensates for human error or neglect
11
Protecting Information and

Resources
Security protects information and resources of:
Businesses
Educational institutions
Government
Telecommuters
Personal users
12
Ensuring Privacy
Potential for serious legal and business

consequences when an intruder accesses
private information
13
Facilitating Workflow
Potential for loss of money, data, or both if a

step in the work process is compromised due
to a security problem
14
Addressing Security Holes or

Software Bugs
After purchasing a new OS, software, or

hardware:
Test rigorously for security and reliability

Check security defaults
Install patches immediately
15
Compensating for
Human Error or Neglect
Use an OS that enables the organization to set

up security policies
Develop written security policies
Implement training
Test security of new operating systems and
software
16
Setting Up Local Security

Policies
17
Cost Factors
Cost of deploying security
Should be an element in total cost of ownership

(TCO)
Cost of not deploying security
18
Types of Attacks
Standalone
workstation or server
attacks
Attacks enabled by
access to passwords
Viruses, worms, and
Trojan horses
Buffer attacks
Denial of service
Source routing attack
Spoofing
E-mail attack
Port scanning
Wireless attacks
19
Standalone Workstation
or Server Attacks
Easy to take advantage of a logged-on

computer that is unattended and unprotected
Avoid by setting up a password-protected
screen saver
20
Attacks Enabled by Access to

Passwords
Users defeat password protection by
Sharing them with others

Writing them down and displaying them
Attackers have sophisticated ways of gaining

password access
21
Attempting to Log On to a Telnet

Account
22
Viruses
Virus
Able to replicate throughout a system

Infects a disk/file, which infects other disks/files
Some cause damage; some dont
Virus hoax
E-mail falsely warning of a virus
23
Worm
Endlessly replicates on the same computer, or

sends itself to many other computers on a
network
Continues to create new files but does not
infect existing files
24
Trojan Horse
Appears useful and harmless, but does harm

Can provide hacker with access to or control of
the computer
25
Buffer Attacks
Attacker tricks buffer software into attempting

to store more information than it can contain
(buffer overflow)
The extra information can be malicious
software
26
Denial of Service (DoS) Attacks
Interfere with normal access to network host,

Web site, or service by flooding network with:
Useless information, or
Frames or packets containing errors that are not
identified by a network service
Distributed DoS attack
One computer causes others to launch attacks

directed at one or more targets
27
Source Routing Attack
Attacker modifies source address and routing

information to make a packet appear to come
from a different source
Can be used to breach a privately configured
network
A form of spoofing
28
Spoofing
Address of source computer is changed to

make a packet appear to come from a different
computer
Can be used to initiate access to a computer
Can appear as just another transmission to a
computer from a legitimate source
29
E-mail Attack
Attached file may contain:
Virus, worm, or Trojan horse

Macro that contains malicious code
E-mail may contain Web link to a rogue Web

site
30
Port Scanning
Attacker determines live IP address, then runs

port scanning software (eg Nmap or Strobe) to
find a system on which a key port is open or
not in use
To block access through open ports:
Stop OS services or processes that are not in use

Configure a service only to start manually with
your knowledge
Unload unnecessary NLMs
31
Sample TCP Ports
32
Using the kill Command

in Red Hat Linux
33
Managing Mac OS X Sharing

Services
34
Wireless Attacks
Generally involve scanning multiple channels

Key elements
Wireless network interface card

Omnidirectional antenna
War-driving software
Difficult to determine when someone has

compromised a wireless network
35
Organizations That Help

Prevent Attacks (Continued)
American Society for Industrial Security

(ASIS)
Computer Emergency Response Team
Coordination Center (CERT/CC)
Forum of Incident Response and Security
Teams (FIRST)
InfraGard
36
Organizations That Help

Prevent Attacks (Continued)
Information Security Forum (ISF)

Information Systems Security Association
(ISSA)
National Security Institute (NSI)
SysAdmin, Audit, Network, Security (SANS)
Institute
37
Hardening Your System
Taking specific actions to block or prevent

attacks by means of operating system and
network security methods
38
General Steps to Harden a

System (Continued)
Learn about OS and network security features

Consult Web sites of security organizations
Only deploy services and processes that are
absolutely necessary
Deploy dedicated servers, firewalls, and
routers
39
General Steps to Harden a

System (Continued)
Use OS features that are provided for security

Deploy as many obstructions as possible
Audit security regularly
Train users to be security conscious
Monitor OSs and networks regularly for
attackers
40
Overview of Operating System

Security Features
Logon security
Digital certificate
security
File and folder
security
Shared resource
security
Security policies
Remote access
security
Wireless security
Disaster recovery
41
Logon Security
Requires user account and password to access

OS or network
User account provides access to the domain
42
Objects in a Domain
43
Digital Certificate Security
Verifies authenticity of the communication to

ensure that communicating parties are who
they say they are
44
File and Folder Security
Lists of users and user groups can be given

permission to access resources
Attributes can be associated with resources to
manage access and support creation of
backups
45
Shared Resource Security
Ways to control access to resources:
Use a list of users and groups that should be

configured
Use domains
Publish resources in a directory service (eg, Active
Directory or NDS)
46
Using an Access List
47
Security Policies
Security default settings that apply to a

resource offered through an OS or directory
service
May apply only to local computer, or to other
computers
May specify that user account passwords must
be a minimum length and be changed at
regular intervals
48
Remote Access Security
Enable remote access only when absolutely

necessary
Many forms, including:
Callback security
Data encryption
Access authentication
Password security
49
Wireless Security
Implement Wired Equivalent Privacy (WEP)

Create a list of authorized wireless users based
on the permanent address assigned to the
wireless interface in the computer
50
Disaster Recovery
Use of hardware and software techniques to

prevent loss of data
Perform backups
Store backups in a second location
Use redundant hard disks
Enables restoration of systems and data

without loss of critical information
51
Overview of Network Security

Features
Authentication and encryption

Firewalls
Topology
Monitoring
52
Authentication
Using a method to validate users who attempt

to access a network or resources, to ensure
they are authorized
Examples
User accounts with passwords

Smart cards
Biometrics
53
Encryption
Protects information sent over a network by

making it appear unintelligible
Generally involves using a mathematical key
54
Firewalls
Software or hardware placed between

networks that selectively allows or denies
access
55
Topology
Different designs yield different results in

terms of security planning and hardening
Also affects security in terms of where specific
devices are placed
56
Monitoring
Involves determining performance and use of

an OS or network
Enables you to determine weak points of a
system or network and address them before a
problem occurs
57
Summary
Operating system and network security

Why such security is vital
Careers in information security
The cost of security; the cost of not having security
Common types of attacks
Techniques for guarding against attacks on operating
systems and on networks
58
Guide to Operating
System Security
Chapter 2
Viruses, Worms, and
Malicious Software
Learning Objectives
Explain how viruses, worms, and Trojan

horses spread
Discuss typical forms of malicious software
and understand how they work
Use techniques to protect operating systems
from malicious software and to recover from
an attack
Viruses, Worms, and Trojan

Horses
Different forms of malicious software

(malware)
Intended to
Cause distress to a user

Damage files or systems
Disrupt normal computer and network functions
Viruses
Programs borne by a disk or a file that has the

ability to replicate
Typically affect
Executable program
Script or macro
Boot or partition sector of a drive
How Viruses Spread
Transported from one medium or system to

another
Replicated throughout a system (eg,
W32.Pinfi)
Virus Classification (Continued)
How they infect systems
Boot or partition sector

File infector
Macro
Multipartite
Virus Classification (Continued)
How they protect themselves from detection or

from a virus scanner
Armored
Polymorphic
Stealth
Companion
Benign or destructive
Worms
Programs that replicate on the same computer

or send themselves to many other computers
Can open a back door
How Worms Spread
Buffer overflow (eg, Code Red and Code

Red II)
Port scanning or port flooding
Compromised passwords
Trojan Horses and How They

Spread
Programs that at first appear useful, but can

cause damage or provide a back door
Examples
Backdoor.Egghead
AOL4FREE
Simpsons AppleScript Virus
10
Locations for Viruses, Worms,

and Trojan Horses (Continued)
11

12

13
Location for a UNIX/Linux

System
14
Location for a Windows XP

System
15
Typical Methods Used by

Malicious Software
Executable methods
Boot and partitions sector methods
Macro methods
E-mail methods
Software exploitation
Spyware
16
Executable Methods
Files that contain lines of computer code that

can be run
Examples: .exe, .com, .bat, .bin, .btm, .cgi, .pl,

.cmd, .msi
Can infect source or execution code of a

program
17
Boot and Partition Sector

Methods
Particularly affect Windows and UNIX systems

Typically infect/replace instructions in MBR or
Partition Boot Sector
Can corrupt address of primary partition
May move boot sector to another location if size of
virus exceeds space allocated for boot sector
Eradication typically involves recreating MBR and
Partition Boot Sector instructions
18
Macro Methods
A virus can infect a macro and spread each

time the macro is used
Software is configured so that macros are
disabled unless digitally signed by a trusted
source
19
Macro Protection
20
E-Mail Methods
Sent as attachments to e-mail
21
Software Exploitation
Particularly aimed at new software and new

software versions
Examples of potential vulnerabilities
DNS services
Messaging services
Remote access services
Network services and applications
22
Spyware
Software placed on a computer
typically without users knowledge

reports back information about users activities
Some operate through monitoring cookies
23
Protecting an OS from
Malicious Software
Install updates
View what is loaded when a system is booted
Use malicious software scanners
Use digital signatures for system and driver
files
Back up systems and create repair disks
Create and implement organizational policies
24
Installing Updates for Windows
Windows Update
Provides access to patches that are regularly issued
Service packs
Address security issues and problems affecting

stability, performance, or operation of features
included with the OS
25
Using Windows Update
26
Using Windows Update
27
Installing Updates for

Red Hat Linux (Continued)
Issued frequently; can be downloaded from

Web site
Red Hat Network Alert Notification Tool must
be configured
28
Installing Updates for

Red Hat Linux (Continued)
29
Installing Updates for NetWare
Download updates and/or consolidated support

packs from Novells Web site
30
Installing Updates for Mac OS X
Software Update tool enables you to:
Configure the system to automatically check for

updates at specified intervals
Manually check for updates
View currently installed updates
31
Installing Updates for Mac OS X
32
Viewing What Is Loaded When

a System Is Booted
Windows 2000, Windows XP Professional,

and Windows Server 2003
Red Hat Linux and NetWare
View information on-screen

Have a log record information (Advanced Options
menu)
Automatically display boot load information
Mac OS X
Display boot process by booting into either single

user mode or verbose mode
33
Advanced Options Menu
34
Using Malicious Software

Scanners
Effective way to protect operating system

Scan systems for virus, worms, and Trojan
horses
Often Called Virus Scanners
35
Malicious Software Scanners:

Features to Look For (Continued)
Scans memory and removes viruses

Continuous memory scanning
Scans hard and floppy disks and removes
viruses
Scans all know file formats
Scans HTML documents and e-mail
attachments
36
Malicious Software Scanners:

Features to Look For (Continued)
Automatically runs at a scheduled time

Manual run option
Detects known and unknown malicious
software
Updates for new malicious software
Scans files that are downloaded
Uses protected or quarantined zones for
downloaded files
37
Using a Virus Scanner
38
Virus Scanning Software (Continued)
continued 39
Virus Scanning Software (Continued)
40
Using Digital Signatures for

System and Driver Files
Digital signature
Code placed in a file to verify its authenticity by

showing that it originated from a trusted source
Driver signing
Placing a digital signature in a device driver to

Show that the driver is from a trusted source
Indicate compatibility with an OS
41
Backing Up Systems and

Creating Repair Disks
Most OSs offers ways to back up your system

Some OSs enable creation of a boot disk or
repair disk
Windows 2000
Emergency Repair Disk (ERD)
Windows XP or Windows Server 2003

Automated System Recovery (ASR) set
Red Hat Linux

Boot disk
42
Creating a Windows 2000 ERD
Create a new ERD each time you:
Install software
Make a server configuration change
Install a new adapter
Add a NIC
Restructure a partition
Upgrade the OS
Enables you to fix problems with the server
43
Creating a Windows 2000 ERD
44
Creating an ASR Set
Two components
Backup of all system files (1.5 MB or more)

Backup of system settings (about 1.44 MB)
Does not back up application data files
45
Creating an ASR Set
46
Creating a Red Hat Linux

Boot Disk
Enables booting a system from a floppy disk
47
Creating and Implementing

Organizational Policies (Continued)
Provide users with training in security techniques

Train users about common malicious software
Require users to scan floppies and CDs before use
Establish policies about types of media that can be
brought in from outside and how they can be used
Establish policies that discourage/prevent users from
installing their own software
48
Creating and Implementing

Organizational Policies (Continued)
Define policies that minimize/prevent

downloading files; require users to use a virus
scanner on any downloaded files
Create quarantine areas for files of uncertain
origin
Use virus scanning on e-mail and attachments
Discard e-mail attachments from unknown or
untrusted sources
49
Chapter Summary
Viruses, worms, and Trojan horses
Typical forms of malicious software
How they spread through operating systems and

across networks
What they target and why
Boot sector viruses
Viruses that attack through macros
How to set up defenses, such as operating

system patches and repair disks
50
Guide to Operating
System Security
Chapter 3
Security Through
Authentication and
Encryption
Objectives
Explain encryption methods and how they are

used
Describe authentication methods and how they
are used
Explain and configure IP Security
Discuss attacks on encryption and
authentication methods
Encryption
Uses a secret code to disguise data

Makes data unintelligible to everyone except
intended recipients
Protects data from attackers using a sniffer
Uses cryptography
Typically involves a key and an algorithm
Encryption Methods (Continued)
Stream cipher and block cipher

Secret key
Public key
Hashing
Data encryption standard (DES)
RSA encryption
Encryption Methods (Continued)
Pluggable authentication modules (PAMs)

Microsoft Point-to-Point Encryption (MPPE)
Encrypting File System (EFS)
Cryptographic File System (CFS)
Stream Cipher and Block Cipher
Stream cipher
Every bit in a stream of data is encrypted
Block cipher
Encrypts groupings of data in blocks

Typically has specific block and key sizes
Secret Key
Keeps encryption key secret from public

access, particularly over a network connection
Uses symmetrical encryption (same key to
encrypt and decrypt)
Public Key
Uses public key and private key combination

(asymmetric encryption)
Public key can be communicated over an
unsecured connection
Hashing
Uses one-way function to mix up message

contents
Scrambles message
Associates it with a unique digital signature
Enables it to be picked out of a table
Often used to create a digital signature

Hashing algorithms work on only one side of a
two-way communication
Typically Used Hashing

Algorithms
Message Digest 2 (MD2)

MS-CHAP v1
MS-CHAP in Windows Server 2003

Secure Hash Algorithm 1 (SHA-1)
10
MS-CHAP v1 or MS-CHAP
Encryption
11
Data Encryption Standard
Developed by IBM; refined by the National

Bureau of Standards
Originally developed to use a 56-bit encryption
key
New version: 3DES (Triple DES)
Hashes data three times

Uses a key of up to 168 bits in length
12
Using DES with IPSec in Windows

Server 2003
13
Advanced Encryption Standard
Adopted by U.S. government to replace DES

and 3DES
Employs private-key block-cipher form of
encryption
Employs an algorithm called Rijndael
14
RSA Encryption
Uses asymmetrical public and private keys

along with an algorithm that relies on factoring
large prime numbers
The algorithm uses a trapdoor function to
manipulate prime numbers
More secure than DES and 3DES
Used in Internet Explorer and Netscape
Navigator
15
Pluggable Authentication
Modules
Can be installed in UNIX or Linux OS without

rewriting and recompiling existing code
Enable use of encryption techniques other than
DES for passwords and communications on a
network
16
Microsoft Point-to-Point
Encryption
Used by Microsoft operating systems for

remote communications over PPP or PPTP
Uses RSA encryption
Basic encryption (40-bit key)

Strong encryption (56-bit key)
Strongest encryption (128-bit key)
17
Encrypting File System
Set by an attribute of Windows OSs that use

NTFS
Protects folder/file contents on hard disk
Enables user to encrypt contents of folder/file so it

can only be accessed via private key code by user
who encrypted it
Employs DES for encryption

Uses a registered recovery agent
18
How to Configure EFS
As an advanced folder attribute

By using cipher command in Command
Prompt window
19
Configuring EFS as an
Advanced Folder Attribute
20
Cipher Command-Line Parameters
21
Cryptographic File System
File system add-on available as open source

software for UNIX and Linux systems
Enables encryption of disk file systems and
NFS files
22
Summary of Encryption
Techniques (Continued)
continued 23
Summary of Encryption
Techniques (Continued)
24
Authentication
Process of verifying that a user is authorized to

access particular resources
Typically associated with logon process
Validates both user account name and
password before giving access to resources
Often uses encryption techniques to protect
user names and passwords
25
Authentication Methods (Continued)
Session authentication
Digital certificates
NT LAN Manager
Kerberos
Extensible Authentication Protocol (EAP)
Secure Sockets Layer (SSL)
26
Authentication Methods (Continued)
Transport Layer Security (TLS)

Secure Shell (SSH)
Security token
27
Session Authentication
Ensures packets can be read in correct order

Provides a way to encrypt the sequence order
to discourage attackers
28
Digital Certificate
Set of unique identification information

typically put at the end of the file or associated
with a computer communication
Shows that the source of the file or
communication is legitimate
Typically encrypted by a private key and
decrypted by a public key
Issued by a certificate authority
29
Digital Certificate Contents
Version
Certificate serial number
Signature algorithm identifier
Name of issuer
Validity period
Subject name
Subject public key information
30
NT LAN Manager
Form of session authentication and

challenge/response authentication compatible
with all Microsoft Windows operating systems
Challenge/response authentication
Hashes an accounts password

Uses a secret key
31
Kerberos
Employs private-key security and use of

tickets that are exchanged between the client
who requests logon and network services
access and the server, application, or directory
service that grants access
32
Kerberos Configuration Options
33
Extensible Authentication
Protocol
Multipurpose authentication method used on

networks and in remote communications
Can employ many encryption methods (DES,
3DES, public key encryption, smart cards, and
certificates)
Typically provides an authentication
communication between a computer and a
server used to authenticate computers access
34
Secure Sockets Layer
Service-independent; broad uses for

e-commerce, HTTP, HTTPS, FTP, SMTP, and
NNTP
Developed by Netscape
Uses RSA public-key encryption
Most commonly used form of security for
communications and transactions over the Web
35
Transport Layer Security
Modeled after SSL

Uses private-key symmetric data encryption
and TLS Handshake Protocol
36
Secure Shell
Developed for UNIX/Linux systems to provide

authentication security for TCP/IP
applications, including FTP and Telnet
37
Using Secure Shell
38
Security Token
Physical device, often resembling a credit card

or keyfob, used for authentication
Communicates with an authentication server to
generate the password, using encryption for
exchange of password-generating information
39
Advantages of Security Token
User does not have to memorize password

Value of password only lasts as long as the
communications session; new password is
created next time the security token is used
40
41
IP Security (IPSec)
Set of IP-based secure communications and

encryption standards developed by the IETF
Protect network communications through IP
Elements that enable security measures
Authentication header
Encapsulating Security Payload (ESP)
42
IPSec Security Roles
43
Authentication Header (AH)
Ensures integrity of a data transmission

Ensures authentication of a packet by enabling
verification of its source
44
Specific Fields in AH
Next header
Payload length
Reserved
Security Parameter Index (SPI)
Sequence number
Authentication Data
45
Encapsulating Security Payload

(ESP)
Encrypts packet-based data

Authenticates data
Generally ensures security and confidentiality
of network layer information and data within
packet
46
Specific Fields in ESP
Security Parameter Index (SPI)

Sequence number
Payload data
Padding
Pad length
Next header
Authentication date
47
Attacks on Encryption and

Authentication
48
Guidelines for Resisting Attacks
Use strong passwords

Use strongest forms of authentication and
encryption permitted by OS
Use longest encryption keys possible
Inventory encryption and authentication
methods used by OS; close any holes
Have administrators use personal accounts
with administrative privileges (rather than use
administrative account directly)
49
Summary
Encryption methods and how operating

systems use them
How systems authenticate one another
How to configure Kerberos authentication
logon security
How to use IP security to keep your TCP/IP
network secure
Typical methods attackers use to defeat
encryption and authentication
50
Guide to Operating
System Security
Chapter 4
Account-based Security
Objectives
Discuss how to develop account naming and security

policies
Explain and configure user accounts
Discuss and configure account policies and logon
security techniques
Discuss and implement global access privileges
Use group policies and security templates in
Windows 2000 Server and Windows Server 2003
Account Naming
Provides orderly access to server and network

resources
Enables administrators to monitor security:
Which users are accessing the server

What resources they are using
Establish conventions for account names
Users actual name

Users function
Security Policies
Apply to all accounts or to all accounts in a

particular directory service container
Affected elements:
Password security
Expiration period
Minimum length
Password recollection
Account lockout
Authentication method
Creating User Accounts in

Windows 2000 Professional
Typically installed with:
Administrator account
Guest account
To create and manage user accounts:
Start Settings Control Panel Users and

Passwords, or
Right-click My Computer Manage Local Users
and Groups Users

Windows XP Professional
Installed with:
Account that usually consists of users name

Guest account
HelpAssistant account for remote desktop help
Support accounts for Microsoft and computer manufacturer
To create and manage user accounts:
Start Control Panel User Accounts, or

Right-click My Computer Manage Local Users and
Groups Users
Managing User Accounts in


Windows 2000 Server/Server 2003
Installed with:
Guest account
Other accounts, depending on services installed on
server
Create new accounts by entering account

information and password controls
Local user account on a server that is not part of a

domain
Account in the Active Directory
Managing User Accounts in

Windows 2000 Server
Creating a New User
Complete name, user logon name, password,

and password confirmation information
User must change password at next logon

User cannot change password
Password never expires
Account is disabled
Further configure associated properties
10
Account Properties in Windows

Server 2003
General tab
Address tab
Account tab
Profile tab
Telephones tab
Organization tab
Member Of
Dial-in
Environment
Sessions
Remote Control
Terminal Services
Profile
COM+ tab
11
Account Properties in Windows

Server 2003
12
Account Tab
13

Red Hat Linux 9.x
Each user account is associated with a user

identification number (UID)
Assign users with common access needs to a
group via a group identification number (GID)
14
Contents of Linux Password File

(/etc/passwd)
Username
Encrypted password or reference to shadow
file
UID and GID
Information about the user
Location of users home directory
Command that is executed as user logs on
15
Linux Shadow File

(/etc/shadow)
Available only to system administrator

Contains password restriction information
Minimum/maximum number of days between

password changes
When password was last changed
When password will expire
Amount of time account can be inactive before
access is prohibited
16
Creating User Accounts and

Groups in Linux
Use command-line commands
Create new user with useradd

Modify parameters with usermod
Delete accounts with userdel
Use Red Hat User Manger from GNOME

desktop
17
Creating Accounts with the

Command Line
18
Creating Accounts with Red Hat

User Manager
19

NetWare 6.x
Use ConsoleOne tool
20

Mac OS X (Continued)
Choose Accounts icon in System Preferences

window
Name of account holder

Short name for logging on
Password
Password hint
21

Mac OS X (Continued)
Tools that enable server management (Mac OS

X Server)
Server Admin
Macintosh Manager
22
Accounts Option in Mac OS X
23
Mac OS X Logon Options
Automatically log on to specific account when

computer is booted
Log on by viewing a name and password box,
or by seeing a list of user accounts
Hide Restart and Shut Down buttons
Show password hint after three unsuccessful
logon attempts
24
Mac OS X Server
Tools
Server Admin
MacIntosh Manager
25
Setting Account Policies and

Configuring Logon Security
Place restrictions on passwords

Automatically lock out accounts after a
specified number of unsuccessful logon
attempts
26
Guidelines for Building Strong

Passwords
Do use
7+ characters
Combination of upper- and
lowercase letters, numbers,
and characters
Symbol character(s)
Coded phrase to help you
remember
Do not use
Words in the dictionary or

proper names
Sports terms or names of
sports teams
Your account name
Consecutive characters
Common slang terms
27
Using Account Policies in Windows

Server 2000/Server 2003
Set up as part of group policy that applies to all

accounts in an Active Directory container
Can also be configured for a local computer
Account policy options affect:
Password security
Account lockout
28
Password Security Options in

Windows Server 2000/Server 2003
Enforce password history

Maximum password age
Minimum password age
Minimum password length
Password(s) must meet complexity
requirements
Store password using reversible encryption
29
Account Lockout Options in

Windows Server 2000/Server 2003
Account lockout duration

Account lockout threshold
Reset account lockout container after
30
Account Security Options in

Red Hat Linux 9.x
No formal account security policies

Enables configuration of security options
associated with individual accounts (using Red
Hat User Manager)
Stores security information in shadow file
(/etc/shadow) as properties associated with
accounts
31
Account Password Configuration

Options in Red Hat Linux
Setting an account to expire on a particular

date
Locking a user account
Expiration of account passwords so that users
have to reset them
32
Red Hat Linux Account

Password Configuration
9.x
33
Using Account Templates in

NetWare 6.x
Configure through user templates before

accounts are created
Use ConsoleOne utility to create user
templates
34
Establishing Account Properties

with User Template (NetWare 6.x)
(Continued)
Home directory location and access rights to

that directory
Requirement for a password
Minimum password length
Requirement that password be changed
within specified interval of time
Grace period that limits number of times
user can log in after password has expired
35
Establishing Account Properties

with User Template (NetWare 6.x)
Requirement that a new password be used each

time the old one is changed
Time restrictions
Intruder detection capabilities
Limit on number of simultaneous connections
Workstation logon restrictions
36
Intruder Detection in
NetWare 6.x
37
Using Global Access Privileges
User rights govern user and administrative

functions
NetWare 6.x
Uses access rights, applied in a different way, for

more fine-tuned access functions
Role-based security establishes administrative
roles for managing a server
38
Windows Server 2000/

Server 2003 User Rights
(Continued)
Enable account or group to perform

predefined tasks
Basic rights: access a server

Advanced: create accounts and manage server
functions
Can be assigned to user accounts or to groups
Groups are more efficient (inherited rights)
39

Server 2003 User Rights
(Continued)
Give server administrative security controls
over who can access server and Active
Directory resources
Two categories
Privileges
Manage server or Active Directory functions
Logon rights
Access accounts, computers, and services
40

Server 2003 Privileges (Continued)
41

42

43

Server 2003 Logon Rights
44
Role-based Security in
NetWare 6.x
Allocated according to administrative roles

(managing tasks or network services)
DHCP Management
DNS Management
eDirectory
iPrint Management
License Management
45
Using Group Policies in Windows

Server 2000/Server 2003
Enables standardization by setting policies in

Active Directory or on local computer (eg,
account policies, user rights, IPSec policies)
Evolved from Windows NT Server 4.0 concept
of system policy
Use Poledit.exe to configure basic user account

and computer parameters (domain-wide or
specific)
46
Differences Between System

Policy and Group Policy
System policy
Group policy
Largest range is the domain
Can cover multiple domains in one site
Fewer objects to configure
More objects to configure
Focus on clients desktop

environment as controlled by
Registry settings
Set for more environments
Less secure
More secure
Can live on after no longer

needed
Dynamically updated and configured

to represent most current needs
47
Defining Characteristics of
Group Policy
Can be set for a site, domain, OU, or local

computer
Stored in group policy objects
Local and nonlocal GPOs
48
Configuring Client Security

Using Policies
Advantages to customizing settings used by

clients
Improved security
Consistent working environment
Customize settings by configuring policies on

Windows 2000/2003 servers that clients access
When client logs on, policies are applied
49
Manually Configuring Policies

for Clients
Use either:
Group Policy Snap-in (Windows 2000 Server)

Group Policy Object Editor Snap-in (Windows
Server 2003)
Use Administrative Templates object under

User Configuration in a group policy object to
customize desktop settings for client
computers
50
Manually Configuring Policies

for Clients
51
Configuring Administrative
Templates
52
Automated Configuration of
Administrative Templates
53
Configuring Administrative
Templates
54
Configuring Additional Security

Options
Fine-tune security on a server by configuring

security options within local policies in a GPO
Enables you to configure group policy security
for special needs
55

Options
56
Group Policy Security Options
57

Options
58
Summary
Considerations when creating formal policies

about account naming and security
How to set up accounts in different operating
systems
How to configure those accounts to implement
an organizations policies
User rights and role-based security
How to work with group policies and security
templates
59
Guide to Operating
System Security
Chapter 5
File, Directory, and Shared
Resource Security
Objectives
Implement directory, folder, and file security

Configure shared resource security, using share
permissions in Windows 2000/XP/2003
Use groups to implement security
Troubleshoot security
Directory, Folder, and File

Security (Continued)
Access control lists (security descriptors)

associate users and groups with specific access
capabilities
ACL components
Discretionary access control list (DACL)

System access control list (SACL)
Directory, Folder, and File

Categories of information in an ACL
User accounts that can access the object

Rights and permissions that determine level of
access
Ownership of the object
Whether specific events associated with an object
are to be audited
Windows 2000/XP/2003 Folder

and File Security
Use attributes and permissions related to file

system used with the OS
NTFS is better than FAT16 or FAT32
Able to set standard and special permissions

Supports use of EFS
Enables disk quotas to be set
Configuring Folder and File

Attributes
Attributes in FAT16, FAT32, and NTFS are

stored as header information
Attributes available in FAT16/FAT32formatted disks
Read-only
Hidden
Archive

Attributes
NFTS Security Attributes
Read-only
Hidden
Archive
Index
Compress
Encrypt
NFTS Security

Permissions
Use Add and Remove buttons on folder

properties Security tab to change which users
and groups have permission
Modify existing permissions by clicking on the
group and checking or removing checks in
Allow and Deny columns
10

Permissions
11
Folder and File Permissions

Supported by NTFS
12
Configuring Inheritable
Permissions
13
UNIX and Linux Directory and

File Security (Continued)
Permissions
Read (r)
Write (w)
Execute (x)
Special permissions for executable programs
Set User ID (SUID)

Set Group ID (SGID)
14
UNIX and Linux Directory and

File Security (Continued)
Permissions criteria
Use chmod command to set up permissions
Ownership (o)
Group membership (g)
Other (o)
All (a)
Symbolic format
Octal format
Use chown command to change ownership
15
Viewing Permissions Settings
16
Red Hat Linux 9.x System

Directories
17
NetWare 6.x Directory and File

Security
Access controlled through:
Attributes associated with files and directories

Access rights granted to trustees
18
NetWare Directory Attributes
19
NetWare File Attributes (Continued)
20
NetWare File Attributes (Continued)
21
NetWare Directory Attributes
22
NetWare Access Rights
23
NetWare Access Rights
24
NetWare Trustee Rights
25
Mac OS X Folder and File

Security
Ways to configure file and folder permissions
Command-line commands
Set Get Info properties of a file
26
Using Command-Line
Commands in Mac OS X
27
Configuring Ownership &

Permission for a Mac OS x File
28
Mac OS X Get Info Folder and

File Permissions
29
Shared Resource Security
Sharing or accessing resources directories,

folders, files, and printers over a network
Windows 2000/XP/2003
Red Hat Linux 9.x
NetWare 6.x
Mac OS X
30
Sharing Resources in Windows

2000/XP/2003
Use share permissions

Protecting a shared folder
Full Control
Change
Read
Protecting a shared printer
31
Protecting a Shared Folder
32
Protecting a Shared Printer
Print
Manage Documents
Manage Printers
Special Permissions
Read
Change
Take Ownership
33
Sharing Resources in
Red Hat Linux 9.x
Enable access through:
Telnet and FTP
Use with Secure Shell capabilities
Network File System (NFS)
Protecting directory resources

Protecting printer resources
Queue-based printing
Novell Distributed Print Services (NDPS)
34
NetWare 6.x
Protecting directory resources
Mapping and search mapping
Protects through attributes and trustee access rights
Protecting printer resources
35
NetWare Drive Mappings
36
Mac OS X
Enable access through System Preferences

Protecting a shared folder
Protecting a shared printer
37
Using Security Groups
Group together accounts that have similar

characteristics
Eliminates repetitive steps in managing user
and resource access
38
Using Groups in
Related to concept of scope of influence

Types; used for security and distribution
groups
Local
Domain local
Global
Universal
39
Implementing Local Groups
Used to manage resources in Windows

2000/XP Professional
40
Implementing Local Groups
41
Implementing Domain Local

Groups
Used when Active Directory is deployed

Used to manage resources in a domain
Give access to global groups from the
same/other domains access to those resources
42
Implementing Domain Local

Groups
43
Implementing Global Groups
Intended to contain user accounts from single

domain
Can be set up as member of a domain local
group in same or other domain
44
Implementing Global Groups
45
Implementing Universal Groups
Spans domains and trees within a Windows

Active Directory forest
46
Guidelines for Using Groups
Global groups
Domain local groups
Hold accounts as members

Provide access to resources in a specific domain
Universal groups
Provide extensive access to resources
47
Using Groups in
Red Hat Linux 9.x
Assign each group a unique group

identification number (GID)
Assign permissions to access resources to the
group
48
Using Groups in NetWare 6.x
Create groups with ConsoleOne tool

Configure trustee access rights for the group
Assign accounts to the group
Assign specific login script to the group
49
Using Groups in Mac OS X
Automatically managed and assigned by the

operating system
50
Troubleshooting Security
Windows XP Professional and Windows

Server 2003
View the effective permissions
NetWare 6.x
View the effective rights
51
Viewing Effective Rights in

NetWare 6.x
52
Summary
How to configure directory, folder, and file

security for Windows 2000/XP/2003,
Linux 9.x, Netware 6.x, and Mac OS X
How to fine-tune security for common and
unique circumstances
Specialized share permissions for Windowsbased systems; used when folders are shared
across a network through FAT16/32 and NTFS
continued 53
Summary
How to configure and use security groups to

manage access to shared resources
How to use effective permissions and effective
rights tools in Windows XP/2003 and
NetWare 6.x to ensure that directory, folder,
and file security is properly set and that there
are no security holes
54
Guide to Operating
System Security
Chapter 6
Firewalls and Border
Security
Objectives
Understand how TCP, UDP, and IP work, and

the security vulnerabilities of these protocols
Explain the use of IP addressing on a network
and how it is used for security
Explain border and firewall security
Configure the firewall capabilities in operating
systems
Transmission Control
Protocol/Internet Protocol
Networking protocol that serves as a universal

language of communication for networks and
operating systems
Ubiquity makes it a prime target for attackers
Three core component protocols
Transmission Control Protocol (TCP)

User Datagram Protocol (UDP)
Internet Protocol (IP)
Understanding TCP
Establishes reliable connection-oriented

communications between communicating
devices on networks
Enables communications to operate in an
orderly fashion through use of sequence
numbers and acknowledgments
Fields in a TCP Header
TCP and UDP Ports in Relation

to Port Scanning
continued

to Port Scanning (Continued)

to Port Scanning (Continued)
Understanding UDP
Connectionless protocol
Can be used instead of TCP
Faster communications when reliability is less
of a concern
Performs no flow control, sequencing, or
acknowledgment
Port-scanning attacks are less productive
against it
Fields in a UDP Header
10
Understanding How IP Works
Enables packet to reach different subnetworks

on a LAN and different networks on a WAN
Networks must use transport methods
compatible with TCP/IP
11
Basic Functions of IP
Data transfer
Packet addressing
Packet routing
Fragmentation
Simple detection of packet errors
12
IP as a Connectionless Protocol
Provides network-to-network addressing and

routing information
Changes size of packets when size varies from
network to network
Leaves reliability of communications in hands
of the embedded TCP segment
13
TCP/IP Datagram
14
Fields in an IP Packet Header
15
How IP Addressing Works
Identifies a specific station and the network on

which it resides
Each IP address must be unique
Uses dotted decimal addressing
Enables use of network IDs and host IDs for
locating networks and specific devices on the
network
16
IP Address Classes
Fives classes Class A through Class E each

used with different type of network
Reflect size of network and whether the packet
is unicast or multicast
17
IP Address Classes
18
IP Address Classes (Continued)
19
IP Address Classes (Continued)
20
Using a Subnet Mask
Required by TCP/IP addresses

Determine how portions of addresses on a
network are divided into network ID and host
ID
Divide a network into subnetworks to control
network traffic
21
Creating Subnetworks
Subnet mask contains a subnet ID within network and

host IDs
Enables routing devices to ignore traditional class
designations
Creates more options for segmenting networks through

multiple subnets and additional network addresses
Overcomes four-octet limitation in IPv4
Newer way to ignore class designation
Classless interdomain routing (CIDR)
22
Border and Firewall Security
Firewalls protect internal or private networks

Firewall functions
Packet filtering
Network address translation
Working as application gateways or proxies
23
Implementing Border Security
24
Packet Filtering
Use characteristics of a packet

Determines whether a packet should be
forwarded or blocked
Techniques
Stateless packet filtering

Stateful packet filtering
25
Securing a Subnet with a

Firewall
26
Network Address Translation

(NAT)
Discourages attackers; all protected network

addresses are seen by outsiders as a single
address
Enables a network to use IP addresses on the
internal network that are not formally
registered for Internet use
27
Ways to Perform NAT

Translation
Dynamic translation (or IP masquerade)

Static translation
Network redundancy translation
Load balancing
28
Proxy
Computer located between a computer on an

internal network and a computer on an external
network
Acts as a middleman to:
Filter application-level communications

Perform caching
Create virtual circuits with clients for safer
communications
29
Proxy Configurations
Application-level gateways
Circuit-level gateways
30
Proxy Firewall as an
Application-Level Gateway
31
Proxy Firewall as a Circuit-Level

Gateway
32
Using Routers for Border

Often used as firewalls because they can filter

packets and protocols
Forward packets and frames to networks using
a decision-making process based on:
Routing table data

Discovery of most efficient routes
Preprogrammed information
33
Using Routers for Border

Protocols used by routers in a local system
Routing Information Protocol (RIP)
Uses only hop count as its metric
Open Shortest Path First (OSPF)
Router sends only the link-state routing message

Compact packet format
Shared updated routing table information among routers
34
OSPF Border Areas
35
Using Firewall Capabilities in

Operating Systems
Important when the computer:
On which OS is running is directly connected to

the Internet
Is in a demilitarized zone (DMZ)
36
Configuring a Firewall in
Enable Internet Connection Firewall (ICF)
Monitors source and destination addresses that

come in and go out of the computer via Internet
Maintains table of IP addresses allowed into OS
Discards communications from unauthorized IP
addresses
Discourages port scanning via an Internet
connection
37
38
Windows Server 2003
Enable ICF, enabling only those services that

are needed on the server
39
Windows Server 2003
40
Configuring NAT in Windows

Server 2003
Routing and Remote Access Services (RRAS)
Remote access (dial-up or VPN)

Network address translation (NAT)
Virtual Private Network (VPN)
Secure connection between two private networks
Custom configuration
41

Server 2003
42

Server 2003
43
Configuring NAT in
Windows 2000 Server
Set up Windows server as an Internet

connection server with NAT in Windows
2000 Server Routing and Remote Access tool
Enables multiple computers to share a
connection to an external network
Provides address translation services for all
computers that share the connection, thus
protecting those computers
44
Red Hat Linux 9.x
Use Security Level Configuration tool (High,

Medium, No Firewall)
Customize firewall by designating trusted
devices
Allow or deny access to WWW (HTTP), FTP,
SSH, DHCP, mail (SMTP), or Telnet
45
Configuring NAT and a Firewall

Using IPTables (Red Hat Linux 9.x)
Configure through a terminal window using

iptables command
Enables configuration of packet filter rules
through use of tables
Set of rules (chain) is applied to packets containing

specific information
46
Sample Iptables Parameters
47
Configuring NAT and a Firewall

Using IPTables (Red Hat Linux 9.x)
Make sure IPChains is turned off

Start IPTables service and ensure that it starts
automatically each time OS is booted
Configure firewall to deny incoming,
outgoing, and forwarded packets
Make sure all configured options are saved and
reused each time computer is booted
48
Configuring a Mac OS X
Firewall
Use System Preferences via the Sharing icon

Allow or deny network communications
through TCP and UDP ports by turning
specific services on or off
Turn firewall on or off
49
Summary
TCP, UDP, and IP protocols, their security

vulnerabilities and how to mitigate them
IP addressing and how it can be used to thwart
attacks
How border and firewall security use
characteristics of TCP, UDP, and IP to build
more secure networks
How to configure firewall capabilities of
operating systems
50
Guide to Operating
System Security
Chapter 7
Physical and Network
Topology Security
Objectives
Explain physical security methods for

workstations, servers, and network devices
Implement a network topology for security
Explain network communications media in
relation to security
Use structured network design for security
Physical Security
Limiting physical access

Location of equipment
Construction quality
Devices to protect
Workstations
Servers
Network devices and communications media
Workstation Security
Password protect user accounts

Configure screen saver with a password
Log off or turn off computers when not in use
Lock office doors
Keep ventilation holes unobstructed
Keep liquids away from computer
Workstation Security
Server Security (Continued)
Centralized versus decentralized

considerations
Environmentally controlled computer room
Strong access controls
Cipher locks on locked doors
Power regulation devices
Server Security (Continued)
Motion sensors
Camera-monitored entrances and equipment
Fire detection and suppression equipment
Screen savers for servers
Configuring Screen Savers
Windows Server
Red Hat Linux 9.x
Use screen saver options with passwords for

servers
Lock a screen using screen saver
NetWare
SCRSAVER command at the console

SECURE CONSOLE command
Configuring a NetWare Screen

Saver (Continued)
Configuring a NetWare Screen

Saver
10
Network Devices
Access servers
Bridges
Chassis hubs
Firewalls
Hubs
Multiplexers
Repeaters
Routers
Switches
Transceivers
UPS
11
Securing Network Devices
Place central wiring and network devices in

wiring closets that follow EIA/TIA-569
standards
Telecommunications room
Main cross-connect
Intermediate cross-connect
Locate wiring closets away from sources of

EMI and RFI
12
Designing a Network Topology

for Security
Main network topologies
Bus
Ring
Star
Bus-star
13
Bus Topology
Cable runs from one computer to the next, like

a chain
Terminators connect to each bus cable segment
Disadvantages
Easily compromised by removing a terminator

Easy for unauthorized person to tap into cable
segment
14
Bus Topology
15
Ring Topology
Continuous path for data; no logical beginning

or ending point; no terminators
Easier to manage, more reliable, and more
secure than the bus
More expensive than the bus
16
Ring Topology
17
Star Topology
Multiple stations attached to central hub or

switch
Allows you to emphasize security, efficiency,
and reliability
18
Star Topology
19
Star Topology
Advantages
Wide variety of equipment available

Unauthorized taps are difficult
Easier to manage than the bus
Expansion options
Disadvantages
Hub or switch is single point of failure

Requires more cable than bus
20
Logical Bus Networks in a

Physical Star Layout
Most common topology

Advantages
No exposed terminators to pose security risk

Expansion capabilities
21
Communications Media and

Network Security
Coaxial cable
Twisted-pair cable
Fiber-optic cable
Wireless technologies
22
Coaxial Cable
Copper wire construction

Thick and thin varieties
Suitability
Older LANs
LANs with strong sources of signal interference
23
Thick Coaxial Cable
24
Thin Coaxial Cable (Thinnet)
25
Twisted-Pair Cable
Copper wire construction

Shielded twisted-pair (STP) and unshielded
twisted-pair (UTP)
Most commonly used cabling
26
Twisted-Pair Cable
27
Fiber-Optic Cable
Glass (usually) or plastic cable

Single mode and multimode
Suitability
High-speed LAN and WAN access

To connect networks between different locations
In situations with significant electrical interference
Where security is a concern
28
Fiber-Optic Cable
29
Wireless Technologies
Radio, infrared, or microwave

Suitability
Difficult or too expensive to use cable

When flexibility to move network hosts and
devices is required
30
Comparing Cable Types
31
Using Structured Design
Follow accepted guidelines for cable

installation
Deploy structured wiring design
Implement structured network design
32
Guidelines for Cable Installation

(Continued)
Meet or exceed maximum bandwidth

requirements
Category 5 or better UTP cable
Multimode fiber-optic riser cable between
floors
IEEE specifications
Single-mode fiber-optic cable for long runs
33

(Continued)
Wireless options where needed

Star-based cable plants
High-quality cable
Building codes (eg, plenum cable)
Do not exceed tension limits of twisted-pair
cable
34

(Continued)
Follow rules for cable bend radius

Extra cable at endpoints
Qualified contractor
Label all cable
Ground cable plants (EIA/TIA-607 standard)
35
Structured Wiring Requirements
Flexible cabling
Wiring stations into a physical star
Adherence to EIA/TIA-568-A/EIA-TIA-568-B
standards for horizontal wiring
Centralizing cable plant in chassis hubs or
switches
continued 36
Structured Wiring Requirements
Intelligence built into chassis hubs and

switches to detect problems at stations
Ability to isolate hosts and servers on their
own cable segments
Ability to provide high-speed links to hosts
and servers and other network devices
37
Structured Wiring Design
38
Structured Network Design
Solid horizontal and vertical wiring design

enables:
Centralizing a network at strategic points

Customization for security and efficiency
Linking together by a fast backbone
39
Structured Network for

Centralized Management
Figure 7-10 Structured network for centralized management

40
Vertical Wiring Principles
Extended star topology between devices

High-speed cable
to reduce congestion
not susceptible to EMI and RFI
EIA/TIA-568-A/EIA-TIA-568-B standards for
vertical or backbone cabling
Riser-rated cable for cable runs through cable ports or
vertical shafts
Fire-stop material to cover cable between floors
41
Centralized Management
Central points are established for critical

network functions
Simple Network Management Protocol
(SNMP)
Community name
Network management station (NMS)

Network agents
42
Using Virtual LANs
Can be used as a central management tool

Potential problems
Improper configuration exposes network to

security risks
Trunks are vulnerable to attacks
43
Using Network Redundancy for

Security
Vital network areas remain running even if

equipment fails or an attack occurs
44
Designing for Redundancy
Figure 7-11 Designing for redundancy

45
Building Multiple Redundant

Pathways
Figure 7-12 Building multiple redundant pathways

46
Summary
How to physically secure workstations and

servers
How network topologies can be used to
enhance security
Which network media offer the best security
How to combine network topology and media
in a structured wiring and networking design
for efficiency and security
47
Guide to Operating
System Security
Chapter 8
Wireless Security
Objectives
Explain wireless networking and why it is used

Describe IEEE 802.11 radio wave networking
Explain Bluetooth networking
Describe attacks on wireless networks
Discuss wireless security measures
Configure security for wireless interfaces in
workstation operating systems
Introduction to Wireless
Networking
Enables communications where a wired

network is impractical
Reduces installation costs
Provides anywhere access
Enables easier small and home office
networking
Enables data access to fit the application
Attacks on Wireless Networks
Many opportunities, particularly through

sniffer software
Difficult or impossible to detect
Wireless Network Support

Organizations
Wireless LAN Association (WLANA)

WINLAB
Why Use a Wireless Network

Instead of a Wired Network?
A wired network can be difficult or impossible

to install in some situations
Radio Wave Technologies
Network applications use high frequencies

measured in hertz
Line-of-sight transmission
Spread spectrum technology
Popular technologies
IEEE 802.11 standard

Bluetooth
Advantages
Relatively inexpensive
Easy to install
Provide anywhere access
Offer an alternative for hard-to-cable areas
Disadvantages
Do not have speeds to match 100Mbps

communications
Frequencies may experience interference
IEEE 802.11 Radio Wave

Networking (Continued)
Advantages in terms of compatibility and

reliability
Devices are not proprietary
Encompasses fixed and mobile stations
Recognizes indoor and outdoor
communications
10
IEEE 802.11 Radio Wave

Networking (Continued)
Kinds of communication
Discrete units (asynchronous)

Governed by time restrictions
11
How IEEE 802.11 Wireless

Networks Function
Components
Access methods
Handling of data errors
Transmission speeds
Authentication
Topologies
Multiple-cell wireless LANs
12
Wireless Components
Wireless NIC (WNIC)
Functions as a transmitter/receiver (transceiver)
Access point
Antennas
Directional antenna
Omnidirectional antenna
13
Directional Antenna
14
Omnidirectional Antenna
15
Wireless Networking Access

Methods
Priority-based access
Carrier Sense Multiple Access with Collision
Avoidance (CSMA/CA)
16
Handling Data Errors
Automatic repeat request (ARQ) characteristic
Helps reduce communication errors created by

sources of interference
17
Transmission Speeds
18
Infrared Wireless Networking
802.11R standard
Can be broadcast in a single direction or in all
directions
Transmits in range of 100 GHz to 1000 THz
19
Infrared Wireless Networking
Security factors
Difficult to intercept without someone knowing

Not susceptible to interference from RFI and EMI
Disadvantages (but also make it more secure)
Data transmission rates only reach up to 16 Mbps

(directional) and can be less than 1 Mbps
(omnidirectional)
Does not go through walls
20
Diffused Infrared Wireless

Communication
21
Using Authentication to
Disconnect
Prevents two communicating stations from

being inadvertently disconnected by a
nonauthorized station
22
802.11 Network Topologies
Independent basic service set (IBSS) topology
Consists of two or more wireless stations that can

be in communication
Does not use an access point
Extended service set (ESS) topology
Uses one or more access points to provide a larger

service area than an IBSS topology
23
IBSS Wireless Topology
24
ESS Wireless Topology
25
Multiple-Cell Wireless LANs
ESS wireless topology that employs two or

more access points
Inter-Access Point Protocol (IAPP)
Roaming protocol that enables a mobile station to

move from one cell to another without losing
connection
26
Bluetooth Radio Wave

Networking
Uses frequency hopping in the 2.4-GHz band

designated by FCC for unlicensed ISM
transmissions
Uses time-division duplexing (TDD) for
packet transmissions
27
Anatomy of Attacks on Wireless

Networks
Antenna
Wireless network interface card
GPS
War-driving software
28
Rogue Access Point
Wireless access point installed without

knowledge of network administrator
Not configured to have security
Provides an attacker with an unsecured
entryway to packet communications
29
Attacks Through Long-Range

Antennas
Increases reach of a signal

Enables network to be monitored from a
greater distance without being observed
30
Man-in-the-Middle Attacks
Interception of a message meant for a different

computer
Attacker operates between two communicating
computers in order to:
Listen in on communications
Modify communications
31
Pitfalls of Wireless
Communications
Inherently not secure because they are

transported over radio waves
Considerations
Avoid wireless communications for extremely

sensitive information
Configure tightest security available
32
Wireless Security Measures
Open system authentication

Shared key authentication
Wired Equivalent Privacy (WEP)
Service set identifier (SSID)
802.1x security
802.1i security
33
Open System Authentication
Two stations can authenticate each other

Provides little security, only mutual agreement
to authenticate
Default form of authentication in 802.11
34
Shared Key Authentication
Uses symmetrical encryption
Same key for both encryption and decryption
35
Same encryption key is used at both stations

that are communicating
36
37
Service Set Identifier (SSID)
Identification value:
typically up to 32 characters in length

defines a logical network for all devices that
belong to it
Each device is configured to have same SSID

Typically used in ESS, but not IBSS
38
802.1x Security
Port-based form of authentication
Does not include encryption
Uncontrolled port
Controlled port
can be set up to work with EAP and its evolving
versions (EAP-TTLS and PEAP)
Use different computers for authentication

server and authenticator
39
802.1i Security
Builds on 802.1x standard

Implements Temporal Key Integrity Protocol
(TKIP) for creating random encryption keys
from one master key
40
Configuring Security for

Wireless Interfaces
Windows 2000/XP Professional
Red Hat Linux 9.x
Support use of WNICs

Supports use of WNICs (installed through
GNOME desktop Network Device Control tool)
Mac OS X
Built-in compatibility for AirPort WNICs and base

stations (access points)
41
Windows 2000 Professional

Wireless Security Techniques
Open system
authentication
Shared key
authentication
WEP (40-bit and
104-bit keys)
SSID
802.1x
EAP
Authentication
through RADIUS
42
Wireless Security Techniques
Open system
authentication
Shared key
authentication
WEP (40-bit and
104-bit keys)
SSID
802.1x
EAP and EAP-TLS
PEAP
Authentication
through RADIUS
43
Red Hat Linux Wireless Security

Techniques

WEP (40-bit and 104-bit keys)
SSID
802.1x
44
Mac OS X Wireless Security

Techniques

WEP (40-bit and 104-bit keys)
SSID
RADIUS authentication
Firewall protection
45
Summary
How wireless networks work

Popular approaches to wireless networking
IEEE 802.11
Bluetooth
Types of attacks against wireless networks

Wireless security measures and how to
implement them in client operating systems
46
Guide to Operating
System Security
Chapter 9
Web, Remote Access, and
VPN Security
Objectives
Understand Internet security using protocols

and services
Configure Web browsers for security
Configure remote access services for security
Configure virtual private network services for
security
Internet Security
Protocols and services must be kept secure
To ensure privacy of information

To discourage the spread of malicious software
Internet Protocols and Services
Hypertext Transfer Protocol (HTTP)

Secure HTTP (S-HTTP) and Hypertext
Transfer Protocol Secure (HTTPS)
File Transfer Protocol (FTP)
Samba and Server Message Block (SMB)
HTTP
TCP/IP-compatible application protocoltransports information over the Web

Most recent version: HTTP/1.1
Increases reliability of communications

Enables caching
Can send message responses before full control
information from a request is received
Permits multiple communications over a single
connection
S-HTTP and HTTPS
Forms of HTTP used for more secure

communications
S-HTTP
Standards-based protocol that enables use of a variety of

security measures (including CMS and MOSS)
HTTPS
Essentially proprietary, but more compatible with

encryption for IP-level communications
Uses SSL as a subprotocol
TCP/IP protocol that transfers files in bulk data

streams
Uses two TCP ports (20 and 21)
Supports transmission of binary or ASCII
formatted files
Commonly used on the Internet
Downloading files can be risky
Designed for UNIX/Linux systems for file

sharing
Connection-oriented protocol that runs within
TCP
Uses remote procedure calls via TCP port 111
Sends data in record streams
For security, let only authorized computers use
NFS on host computer
Samba and Server Message

Block
Samba
Available for UNIX and Linux computers

Enables exchange of files and printer sharing with
Windows-based computers through SMB protocol
Server Message Block
Used by Windows-based systems

Enables sharing files and printers
Employed by Samba
10
Using Samba
11
Configuring Web Browsers for

Security
Applying security measures to popular Web

browsers
Internet Explorer
Mozilla
Netscape Navigator
12
Configuring Internet Explorer

Security
Used with Windows and Mac OS X

Configure version of HTTP, use of HTTPS,
FTP, and download access
Configure security by zones
Internet
Local intranet
Trusted sites
Restricted sites
13
Internet Explorer Security

Settings
14
Configuring Internet Explorer

Security
Internet Explorer Enhanced Security

Configuration (Windows Server 2003)
Applies default security to protect server

Uses security zones and security parameters
preconfigured for each zone
15
Installing IE Enhanced Security

Configuration
16
Configuring Mozilla Security
Open-source Web browser

Can run on
Linux (by default with GNOME desktop)

UNIX
Mac OS X
OS/2
Windows-based systems
Security configuration is combined with

privacy configuration options
17
Mozilla Security Categories
18
Privacy & Security Option in Mozilla
19
Configuring Netscape Navigator

Security
Nearly identical to Mozilla; GUI offers:
A buddy list
Link to Netscape channels
Different sidebar presentation
20
Netscape Navigator in Windows

2000 Server
21
Privacy & Security Options in

Netscape
22
Configuring Remote Access

Services for Security
Remote access
Ability to access a workstation or server through a

remote connection (eg, dial-up telephone line and
modem)
Commonly used by telecommuters
23
Microsoft Remote Access

Services
Enables off-site workstations to access a server

through telecommunications lines, the Internet,
or intranets
24
Microsoft RAS
25
Microsoft RAS - Supported

Clients
MS-DOS
Windows 3.1 and 3.11
Windows NT/95/98
Windows Millennium
Windows 2000
Windows Server 2003 and XP Professional
26
Microsoft RAS
Supports different types of modems and

communications equipment
Compatible with many network transport and
remote communications protocols
27
Microsoft RAS Supported

Connections (Continued)
Asynchronous modems
Synchronous modems
Null modem communications
Regular dial-up telephone lines
Leased telecommunication lines (eg, T-carrier)
28

Connections (Continued)
ISDN lines (and digital modems)

X.25 lines
DSL lines
Cable modem lines
Frame relay lines
29

Protocols
NetBEUI
TCP/IP
NWLink
PPP
PPTP
L2TP
30
Understanding Remote Access

Protocols
Transport protocols
TCP/IP
IPX
NetBEUI
Remote access protocols
Serial Line Internet Protocol (SLIP)
CSLIP
Point-to-Point Protocol (PPP)
PPTP
L2TP
31
Configuring a RAS Policy
Employ callback security options (No

Callback, Set by Caller, Always Callback to)
Install Internet Authentication Service (IAS)
Can be employed with Remote Authentication

Dial-In User Service (RADIUS) and RADIUS
server
Add participating RAS and VPN servers
32
Remote Access Policies Objects in

the IAS Tree
33
Granting Remote Access

Permission to RAS
34
Enabling Access for a Users

Account via Remote Access Policy
35
Configuring a RAS Policy
Use Remote Access Policies to configure

security types
Authentication
Encryption
Dial-in constraints
36
RAS Authentication Types (Continued)
Challenge Handshake Authentication Protocol

(CHAP)
Extensible Authentication Protocol (EAP)
MS-CHAP v1 (aka CHAP with Microsoft
extensions)
MS-CHAP v2 (aka CHAP with Microsoft
extensions version 2)
37
RAS Authentication Types (Continued)
Password Authentication Protocol (PAP)

Shiva Password Authentication Protocol
(SPAP)
Unauthenticated
38
RAS Encryption Options
39
RAS Dial-in Constraints Options
Idle and session timeouts

Day and time restrictions
Whether access is restricted to a single number
Whether access is restricted based on media
used
40
Security on a Virtual Private

Network
VPN
An intranet designed for restricted access by

specific clients based on subnets, IP addresses,
user accounts, or a combination
Apply same remote access policies as to RAS

servers
41
Summary
Protocols and services that enable Internet

security
Configuring Web browsers for security
Internet Explorer
Mozilla
Netscape Navigator
How to configure a servers remote access

services to enforce security
Applying security options to a VPN
42
Guide to Operating
System Security
Chapter 10
E-mail Security
Objectives
Understand the use of SMTP in e-mail and

attacks on SMTP
Explain how e-mail can be secured through
certificates and encryption
Discuss general techniques for securing e-mail
Configure security in popular e-mail tools
Overview of SMTP
Enables exchange of e-mail across networks

and the Internet
Provides reliable but not guaranteed
message transport
No logon ID or password required
A client and server process
Sending E-Mail by SMTP
Parts of SMTP Messages
Address header
Envelope
Message header
Domain literal
Multihomed host
Host names
Message text
Overview of SMTP
Protocols used to store and retrieve e-mail
Post Office Protocol (POP)

Internet Message Access Protocol (IMAP)
Operating Systems That Use

SMTP by Default
Microsoft Outlook Express on Windows

2000/XP/2003
Microsoft Outlook in Windows-based systems
that have Microsoft Office
Ximian Evolution Mail in Red Hat Linux 9.x
Mail in Mac OS X
E-mail Server Software Systems

That Use SMTP
Eudora
Lotus Domino Mail Server
Mailtraq
Merak Email
Microsoft Exchange
Sendmail
SuSE Linux Open Exchange Server
E-mail Attacks on SMTP
Surreptitious alteration of a DNS server

Direct use of command-line e-mail tools to
attack SMTP communications
Spread of unsolicited commercial e-mail
(spam)
DNS Server Directing E-mail
10
E-mail Attacks Through Altering

DNS Server Information
11
Using Command-Line Tools for

E-mail Attacks
Attacker can use maliciously constructed e-mail to

attack an SMTP server
UNIX/Linux
Easier; attacker can use built-in e-mail commandline options
12
Unsolicited Commercial E-mail

(UCE)
Relatively inexpensive for sender

Expensive for users whose resources are
diminished by UCE traffic
Expensive in terms of wasted time (estimated
25% of all Internet e-mail traffic is spam)
13
Ways to Control UCE (Spam)
Turn off open SMTP relay capability

Configure SMTP server to have restrictions
Require a computer to authenticate to
Microsoft Exchange before e-mail is relayed
Direct e-mail not addressed to internal
recipients to a bogus IP address
Obtain tools to block e-mail
14
Securing E-mail Through

Certificates and Encryption
Ensures privacy
Reduces chances of forgery or someone other
than sender adding an attachment
Accepted methods
Secure Multipurpose Internet Mail Extensions

(S/MIME)
Pretty Good Privacy (PGP)
15
Using S/MIME Encryption
Provides encryption and authentication for

e-mail transmissions
An extension of MIME
16
MIME
Provides extensions to original SMTP address header

information
Different types of message content can be encoded
for transport over the Internet
Additional header fields
MIME-version
Content-type
Content-transfer-encoding
Content-ID
Content-description
17
Using S/MIME Encryption
Uses digital certificates based on X.509

standard
Has flexibility to use 168-bit key Triple DES
Designed to follow Public-Key Cryptography
Standards (PKCS)
18
Using PGP Security
Provides encryption and authentication for

e-mail transmissions
Sometimes preferred by users of open systems
(UNIX/Linux); enables use of X.509 or PGP
digital certificates
Unique characteristic of PGP certificate: web
of trust
19
Contents of PGP Digital

Certificate
PGP version number

Public key
Information about certificate holder
Digital signature of certificate holder
Validity period of the certificate
Preferred algorithm for the key
20
Typical Encryption Methods

Used by PGP
CAST
IDEA
Triple DES
21
Other Techniques for Securing

E-mail
Train users
Scan e-mail
Control the use of attachments
22
Training Users for E-mail

Security
Never send personal information or a password

response via e-mail
Delete e-mail from unrecognized sources
Use message filtering, if available
23
Scanning E-mail
Place virus scanning software on e-mail

gateway
Update virus definitions frequently
Quarantine specific kinds of attachments
Scan zipped files
Scanner code should be written to be relatively
fast
24
Controlling the Use of

Attachments
Delete attachments from unknown sources

Never configure software to automatically
open attachments
Avoid using HTML format for opening e-mail
Use virus scanner on e-mail before opening it
Place attachments in quarantine
25
Backing Up E-mail
For storage
To ensure that unread e-mail is not lost if
server goes down
26
Configuring Security in Popular

E-mail Tools
Microsoft Outlook Express

Microsoft Outlook
Ximian Evolution Mail in Red Hat Linux 9.x
Mail in Mac OS X
27
Included with Windows 2000/XP/2003

Can obtain messages from SMTP-based
servers running e-mail server software
Can be used to access newsgroups
28
29
Security Measures Supported

by Outlook Express
S/MIME (version 3)
40-bit and 128-bit RC2 encryption
64-bit RC2 encryption
56-bit DES encryption
168-bit Triple DES encryption
Digital signatures encrypted using SHA-1
30
Configuration Options for

Outlook Express
31
Enables you to export e-mail to Microsoft

Outlook or a Microsoft Exchange server
Can be used to back up messages from other
systems
Enables you to block or filter messages from
unwanted sources
32
Microsoft Outlook
Included with Microsoft Office

Has multiple capabilities
E-mail communications
Calendar
Ability to track tasks, list contacts, and make notes
33
Microsoft Outlook Security

Features
S/MIME (version 3)
40-bit and 128-bit RC2 encryption
64-bit RC2 encryption
56-bit DES encryption
168-bit Triple DES encryption
Digital signatures encrypted using SHA-1
V1 Exchange Server Security certificates
34

Microsoft Outlook
35
Microsoft Outlook
Ability to back up messages by exporting to a

file (many file types available)
Ability to add specific Web sites to junk e-mail
list
36
Ximian Evolution Mail in

Red Hat Linux 9.x
Processes e-mail
Schedules activities on a calendar
Records tasks
Creates list of contacts
Summary function (weather, inbox/outbox
totals, appointments, updates and errata)
37

Red Hat Linux 9.x
38

Red Hat Linux 9.x
Capability to configure more than one account

with unique properties
Can be configured to use either PGP security
or GnuPG
39

Evolution Mail
40
Apple Mail (Continued)
Comes with Mac OS X

Focuses on handling e-mail activities
Enables creation of filters to reject mail from
unwanted or unknown sources
Capability to configure different accounts
41
42
Uses PGP for security

Can specify use of SSL for security over
Internet links to e-mail
Provides different authentication methods for
verifying access to an e-mail account
Password authentication
Kerberos version 4 and version 5
MD5 challenge-response
43
Summary
How operating systems use SMTP for e-mail

Sources of e-mail attacks
Over 90% of malicious software strikes through

e-mail
How certificates and encryption can protect

e-mail
How to configure security in e-mail software
typically used with operating systems
44
Guide to Operating
System Security
Chapter 11
Security through Disaster
Recovery
Objectives
Deploy UPS systems

Create hardware redundancy and apply faulttolerance options
Deploy RAID
Back up data and operating system files
Uninterruptible Power Supply
Best fault-tolerance method to prevent power

problems from causing data loss and
component damage
Provides immediate battery power to
equipment during unexpected power loss
Protects against lost data and downtime
Uninterruptible Power Supply
Selecting and Deploying a UPS

(Continued)
Online (inline)
Powered directly from batteries

More guaranteed protection
Offline (standby)
Switches to batteries when reduction in city power

is detected
Less expensive
Batteries can last longer, but may not switch to
battery in time for full protection
Selecting and Deploying a UPS

(Continued)
Provides power for limited time period

Usually guards against power surges
Can communicate information to computers it
supports
Requires periodic testing to ensure it is
working
Configuring a UPS in
All support serial and USB communications

with a UPS
Red Hat Linux
Supported by Red Hat Linux 9.x

Obtain UPS serial or USB communications
software from manufacturer
Use configuration software provided by UPS
manufacturer
NetWare 6.x
Communicates through serial port connection

and employment of AIOCOMX and UPS_AIO
NLMs
UPS_AIO Configuration Options

(Continued)
Option
Description
msgdelay=seconds
Configured in seconds, time to wait until a message

is sent to all users that power is out (default - 5
seconds)
msginterval=seconds
Configured in seconds, interval between multiple

warning messages sent to all users (default - 30
seconds; minimum interval - 20 seconds)
path
Location of UPS_AIO NLM if it is not in the

SYS:SYSTEM directory
downtime=seconds
Configured in seconds, amount of time to wait on

battery power (while main power is out) until
automatically shutting down
port=portnumber
Number of the port to which UPS is attached, such

as serial port 1(port=1)
10
UPS_AIO Configuration Options

(Continued)
Option
Description
signal_high
Specifies that signal sent from UPS is a high signaling

value (most UPSs employ a low signal; this option is not
typically used; consult UPS manual)
drivertype=value
Driver loaded to enable UPS communications (AIOCOMX is

1; check documentation for the value associated with a
specialized driver accompanying UPS)
board=value
Value used with a specialized communications board

provided with UPS (consult UPS documentation)
Displays brief description of options used with UPS_AIO

NLM (options are not displayed in the graphicGUI
mode; press Alt+Esc after entering the command to see
description; press Alt+Esc repeatedly; click forward arrow to
return to graphic mode)
11
Mac OS X
Obtain UPS serial or USB communications

software from manufacturer
12
Creating Hardware Redundancy

and Fault Tolerance
Hardware redundancy includes
Using redundant components

Employing multiprocessor systems
Clustering services
Placing servers in different locations
Implementing data warehousing
13
Using Redundant Components
Network interface cards (NICs)

Power supplies
14
Using Redundant NICs
Designed to match particular network transport

methods, computer bus types, network media
Network connection requirements:
Appropriate connector for network medium

Transceiver
MAC controller
Protocol control firmware
15
Considerations When Using

Redundant NICs
Fast speed (up to 100 Mbps for a workstation)

Match network transport method
Support both full-duplex and half-duplex
transmissions
Brand-name, high-quality NICs
Latest driver and protocol control firmware
16
Using Redundant Power

Supplies
Can take over if main power supply fails

Consider for the following:
SMTP mail servers

Servers that authenticate users to a network
Web servers
Database servers
17
Employing Multiprocessor
Systems
Symmetric multiprocessor (SMP) computers
Two or more computers share the processing load

If one stops working, remaining processors take
over
Make sure you understand the specific

requirements for adding CPUs to your OS
18
Clustering Servers
Links multiple computers and their resources

Two models
Shared disk model

Shared nothing model
19
Clustering Servers
20
Shared Nothing Clustering

Model
Main connection
Backup connection is case of server failure
Main connection
Figure 11-3 Shared nothing clustering model

21
Placing Servers in Different

Locations
Microsoft distributed file system (DFS)
Available in Windows 2000 Server/Server 2003

Provides fault tolerance by placing copies of the
same folders on computers in different locations
Folders appear to exist in one centralized hierarchy of

folders
Has many advantages
22
Implementing Data
Warehousing
Duplicating a main databases data, typically

on another computer
Often created for queries and reporting and to
provide backup of the main database
23
Fault-Tolerance Options
Disk mirroring
Disk duplexing
Redundant array of inexpensive (or
independent) disks (RAID)
24
Disk Mirroring
25
Disk Duplexing
26
Using RAID
Set of standards for lengthening disk life and

preventing data loss
Goal: to spread disk activity equally across all
volumes
27
Essential RAID levels
RAID level 0 (striping)

RAID level 1 (mirroring and duplexing)
RAID level 2
RAID level 3
RAID level 4
RAID level 5 (striping combined with error
correction and checksum verification)
28
RAID Support in Windows 2000

Server/Server 2003
Support only RAID levels 0, 1, and 5 for disk

fault tolerance
Levels 1 and 5 recommended
Recognize two types of disks
Basic
Dynamic
29

Server/Server 2003 (Continued)
Configuration considerations
Boot and system files can be placed on RAID level

1, but not on RAID level 5
RAID level 1 uses two hard disks; RAID level 5
uses from 3 to 32
RAID level 1 is more expensive to implement than
RAID level 5
30

Server/Server 2003 (Continued)
Configuration considerations
RAID level 5 requires more memory than RAID

level 1
Disk read access is faster than write access in
RAID level 1 and RAID level 5
RAID level 5 has much faster read access than
RAID level 1
31
Creating a RAID Volume in

32
RAID Support in
Red Hat Linux 9.x
Supports RAID levels 0, 1, and 5

Configured at installation when using GUI
installation mode
First install all disks and associated hardware
Plan for the number of spare partitions
Choose Disk Druid from Disk Partitioning
Setup screen
33
RAID Support in NetWare 6.x
Supports RAID levels 0, 1, and 5

Can manage RAID using Novell Storage
Services (NSS) tools from ConsoleOne
NetWare 6.5 offers iManage, a browser tool
for managing objects
34
RAID Support in Mac OS X
Supports RAID levels 0 (striping) and 1

(mirroring)
Apple recommends not placing boot files on
RAID disks
35
Software RAID versus

Hardware RAID
Software RAID
Implements fault tolerance through computers

operating system
Hardware RAID
Implemented through RAID hardware (eg,

adapter)
Independent of operating system
More expensive than software RAID
36
Advantages of Hardware RAID
Faster read and write response

Ability to place boot and system files on
different RAID levels
Ability to hot swap a failed disk with one
that works or is new
More setup options to retrieve damaged data
and to combine different RAID levels within
one array of disks
37
Backing Up Data
Binary backup
Full file-by-file backup
Partial backups
Differential
Incremental
38
Advantages of Local Backups

over Remote Backups
No extra load on network

Enable backups on multiple computer network
Provide more assurance that the Registry is
backed up (Windows 2000/XP/2003)
Attacker using a sniffer cannot intercept
backup traffic over a network
39
Tape Rotation
Ensures alternatives in case there is a bad or

worn tape
Tower of Hanoi procedure
40
Tape Rotation
41
Backups
Normal
Incremental
Differential
Copy
Daily
42
Backup Options
43
UNIX and Red Hat Linux

Backup Tools
volcopy (not available in Red Hat Linux)
Sometimes used with labelit utility

Sometimes tar utility is used
dump
Commands used to restore
restore (Red Hat Linux)

ufsrestore
restor
44
NetWare 6.x Backup Options
Uses Storage Management System (SMS)

NLMs are loaded at Server Console prior to
starting backup TSAs designed to read and
back up specific types of data
45
Target Service Agents (TSAs)
TSA600 for NetWare 6.x

TSANDS to back up NDS database and
eDirectory
GWTSA for GroupWise information
Windows NT TSA to back up Windows NT,
2000, and XP data
W95TSA to back up Windows 95/98 data
46
Starting a backup in Netware 6.0
47
Choosing What to Backup in

Netware 6.0
48
NetWare 6.x Backup Options
49
Mac OS X
Supports use of dump and tar
From the terminal window, or

Obtain a third-party utility that uses these utilities
for backup
Can also use Copy utility on Edit menu
50
Summary (Continued)
Using disaster recovery techniques to:
Secure operating systems

Prevent data loss
Reduce downtime
Selecting and deploying a UPS to prevent

power interruptions
51
Summary (Continued)
Using redundant hardware components and

implementing RAID for secure data storage
Backing up data and operating system files to
minimize loss in the event of computer failure
52
Guide to Operating
System Security
Chapter 12
Security through Monitoring
and Auditing
Objectives
Understand the relationship between

baselining and hardening
Explain intrusion-detection methods
Use audit trails and logs
Monitor logged-on users
Monitor a network
Baselining and Hardening
Baselines
Measurement standards for hardware, software,

and network operations
Used to establish performance statistics under
varying loads or circumstances
Overview of Intrusion Detection
Detects and reports possible network and

computer system intrusions or attacks
Main approaches
Passive
Active
Network-based
Inspectors
Auditors
Decoys and honeypots
Passive Intrusion Detection
Detects and records intrusions; does not take

action on findings
Effective as long as administrator checks logs
Can create filters or traps
Examples of monitored activities
Login attempts
Changes to files
Port scans
Third-Party Passive
Intrusion-Detection Tools
Klaxon
Loginlog
Lsof
Network Flight Recorder
RealSecure
Dragon Squire
PreCis
Active Intrusion Detection
Detects an attack and sends alert to

administrator or takes action to block attack
May use logs, monitoring, and recording
devices
Third-Party Active
Intrusion-Detection Tools
Entercept
AppShield
Snort
SecureHost
StormWatch
Active Intrusion Detection
Host-based Intrusion Detection
Software that monitors the computer on which

it is loaded
Logons
Files and folders
Applications
Network traffic
Changes to security
Host wrappers and host-based agents
10
Host-based Intrusion Detection
11
Network-based Intrusion
Detection
Monitors network traffic associated with a

specific network segment
Typically places NIC in promiscuous mode
12
Network-based Intrusion
Detection
13
Inspector
Examines captured data, logs, or other recorded

information
Determines if an intrusion is occurring or has
occurred
Administrator sets up inspection parameters, for
example:
Files changed/created under suspicious circumstances

Permissions unexpectedly changed
Excessive use of computers resources
14
Auditor
Tracks full range of data and events normal

and suspicious, for example:
Every time services are started and stopped

Hardware events or problems
Every logon attempt
Every time permissions are changed
Network connection events
Records information to a log
15
Decoys and Honeypots
Fully operational computers that contain no

information of value
Draw attackers away from critical targets
Provide a means to identify and catch or block
attackers before they harm other systems
16
Using Audit Trails and Logs
A form of passive intrusion detection used by

most operating systems:
Red Hat Linux 9.x
NetWare 6.x
Mac OS X
17
Viewing Logs in Windows

2000/XP/2003 (Continued)
Accessed through Event Viewer

Event logs can help identify a security problem
Filter option can help quickly locate a problem
18
Viewing Logs in Windows

2000/XP/2003 (Continued)
Principal event logs
System
Security
Application
Event logs for installed services
Directory Service
DNS Service
File Replication
19
Event Viewer in Windows

Server 2003
20
Viewing an Event in Windows

Server 2003
21
Viewing Logs in Red Hat

Linux 9.x (Continued)
Offers a range of default logs

Log files
Have four rotation levels

Managed through syslogd
22

Linux 9.x (Continued)
Two ways to view default logs
Open LogViewer (Main Menu System Tools

System Logs)
Enables creation of a filter on the basis of a keyword

(eg, failed, denied, rejected)
Use Emacs or vi editors or use cat command in a

terminal window
23
Red Hat Linux 9.x Default Logs

(Continued)
Log Name
Location and
Filename
Description
Boot Log
/var/log/boot.log.x
Contains messages about processes and

events that occur during bootup or
shutdown
Cron Log
/var/log/cron.x
Provides information about jobs that are

scheduled to run or that have already run
Kernel Startup /var/log/dmesg.x

Log
Shows startup messages sent from the

kernel
Mail Log
/var/log/maillog.x
Contains messages about mail server

activities
News Log
/var/log/spooler.x
Provides messages from the news server
24
Red Hat Linux 9.x Default Logs

(Continued)
Log Name
Location and
Filename
Description
RPM
Packages Log
/var/log/rpmpkgs.x
Shows list of software packages

currently installed; updated each day
through a job scheduled via cron
command
Security Log
/var/log/secure.x
Provides information about security

events and processes
System Log
/var/log/messages.x
Contains messages related to system

activities
Update Agent
Log
/var/log/up2date.x
Shows updates that have been

performed by the Update Agent
XFree86 Log
/var/log/xfree86.x.log Contains information about what is

installed from XFree86
25

Linux 9.x
26
Viewing Logs in NetWare 6.x

(Continued)
Log Name
Location & Filename
Description
Access Log SYS:NOVONYX\SUITESPOT\

Contains information about
ADMIN-SERV\LOGS\ACCESS.TXT access services to the
NetWare server
Audit Log
SYS:ETC\AUDIT.LOG
Contains an audit trial of

user account activities
Console
Log
SYS:ETC\CONSOLE.LOG
Traces activities performed

at the server console
Error Log
SYS:NOVONYX\SUITESPOT\
ADMIN-SERV\LOGS\ERROR.TXT
Contains error information

recorded for the NetWare
server
27
Viewing Logs in NetWare 6.x

(Continued)
Log Name
Location & Filename
Module Log
SYS:ETC\CWCONSOL.LOG Contains a listing of modules that

have been loaded
NFS Server
Log
SYS:ETC\NFSSERV.LOG
Provides information about NFS

server services, including
changes to a service and
communications through TCP and
UDP
Schema
Instructions
Log
SYS:ETC\SCHINST.LOG
Tracks schema events, including

changes to the schema
Description
28

Linux 9.x
29
Viewing Logs in Mac OS X (Continued)

Log Name
Location and Filename
Description
FTP Service Log /var/log/ftp.log
Contains information about FTP

activity, including sessions,
uploads, downloads, etc.
Last.Login Log
/var/log/lastlog
Provides information about last

login activities
Directory
Service Log
/var/log/lookupd.log
Provides log of lookupd (look up

directory services) daemon,
including requests relating to
user accounts, printers, and
Internet resources
Mail.Service Log /var/log/mail.log
Stores messages about e-mail

activities
30
Viewing Logs in Mac OS X (Continued)

Log Name
Location and Filename
Description
Network
Information
Log
/var/log/netinfo.log
Tracks messages related to network

activity
Print Service
Log
/var/log/lpr.log
Contains information about printing

activities
Security Log
/var/log/secure.log
Provides information about security

events
System Log
/var/log/system.log
Contains information about system

events, including processes that are
started or stopped, buffering
activities, console messages, etc.
31
Viewing Logs in Mac OS X
32
Reasons for Monitoring

Logged-on Users
Assess how many users are typically logged on

at given points in time
Baseline information
To determine when a shutdown would have the
least impact
Be aware of security or misuse problems
33
Monitoring Users in Windows

2000/XP/2003
Use Computer Management tool to access

Shared Folders
Shared Folder options
Shares
Sessions
Open Files
Use Task Manager (Windows XP and

Windows Server 2003)
34
Monitoring Users in
35
Monitoring Users in
Windows 2000 Server
36
Monitoring Users in
37
Monitoring Users in Red Hat

Linux 9.x
Use the who command
38
who Command Options

Option
Description
-a
Displays all users
-b
Shows the time when the system was last booted
-i
Shows the amount of time each user process has been idle
-q
Provides a quick list of logged-on users, and provides a user count
-r
Shows the run level
-s
Displays a short listing of usernames, line in use, and logon time
-u
Displays the long listing of usernames, line in use, logon time, and
process number
--help
Displays help information about the who command
-H
Displays who information with column headers
39
Monitoring Users in Red Hat

Linux 9.x
40
Monitoring Users in
NetWare 6.x
MONITOR
Connections
Loaded modules
File open/lock
Other server-monitoring functions
NetWare Remote Manager
View current connections

View files opened by particular users
Send messages to a particular user or all users
Clear connections
41
Monitoring Users in Mac OS X
Use the who command in a terminal window
Supports few options (primarily -H and -u)
Process Viewer
42
Monitoring a Network
Network Monitor
Network monitoring software with the most

features
Comes with Windows 2000 Server and Windows
Server 2003
43
Why Network Monitoring Is

Important
Networks are dynamic

Administrator must distinguish an attack from
an equipment malfunction
Establish and use benchmarks to help quickly
identify and resolve problems
44
Using Microsoft Network

Monitor
Uses Network Monitor Driver to monitor

network from servers NIC (promiscuous
mode)
Sample activities that can be monitored
Percent network utilization

Frames and bytes transported per second
Network station statistics
NIC statistics
Error data
45
Network Monitor Driver
Detects many forms of network traffic

Captures packets and frames for analysis and
reporting by Network Monitor
46

Monitor
Start from Administrative Tools menu

Four panes of information
Graph
Total Statistics
Session Statistics
Station Statistics
View captured information
47

Monitor
48
Network Monitor Panes

Pane
Information Provided in Pane
Graph
Provides bar graphs for %Network Utilization, Frames Per Second,

Bytes Per Second, Broadcasts Per Second, and Multicasts Per
Second
Total
Provides total statistics about network activity that originates from or
Statistics is sent to the computer (station) using Network Monitor; includes
statistics for Network Statistics, Captured Statistics, Per Second
Statistics, Network Card (MAC) Statistics, and Network Card (MAC)
Error Statistics
Session Provides statistics about traffic from other computers on the
Statistics network: MAC (device) address of each computer's NIC and data
about number of frames sent from and received by each computer
Station
Provides total statistics on all communicating network stations:
Statistics Network (device) address of each communicating computer,
Frames Sent, Frames Received, Bytes Sent, Bytes Received,
Directed Frames Sent, Multicasts Sent, and Broadcasts Sent
49
Viewing Capture Summary Data
50
Creating a Filter in Network

Monitor
Two property types
Service Access Point (SAP)

Ethertype (ETYPE)
51
Using Capture Trigger
Software performs a specific function when a

predefined situation occurs
52
Using Network Monitor to Set

Baselines
From the Graph pane
% Network Utilization
Frames Per Second
Broadcasts Per Second
Multicasts Per Second
53
Summary (Continued)
Creating baselines to help quickly identify

when an attack is occurring
Intrusion-detection methods
Employed through an operating system

Third-party software
Using auditing and logging tools to track

intrusion events
54
Summary
Monitoring user activities
GUI-based Computer Management tool in

who command in Red Hat Linux and Mac OS X
Network monitoring with Microsoft Network

Monitor
55
Operating System
Security
Lesson 1:
Security Principles
Objectives
Explain the need for security in Linux and

Windows 2000 environments
Describe industry evaluation criteria used
for security
Identify the guidelines for determining the
three general security levels
Discuss the security mechanisms used to
implement security systems
Objectives
(contd)
Identify the different areas of security

management
Describe Windows 2000 and Linux out-ofthe-box security measures
Implement tools to evaluate key security
parameters in Windows 2000 and Linux
Describe security components in the
Windows 2000 security architecture
Security
Services
Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation
Evaluation
Criteria
European Information Technology Security

Evaluation Criteria document BS 7799
Trusted Computer Systems Evaluation
Criteria
Common Criteria
Security Levels
Low
Medium
High
Security
Mechanisms
Specific
- Encipherment
- Digital signature
- Access control
- Data integrity
- Authentication
- Traffic padding
Wide
- Trusted
functionality
- Security labels
- Audit trails
- Security
recovery
Windows 2000
Security
Exploits
Windows 2000 registry
Windows 2000
Security Architecture
Windows 2000 security components

- C2 certification
Windows 2000 objects
Security components
- SIDs
- Access tokens
- Security descriptors
- Access control lists and entities
Security subsystem
Linux
Security
Configuration problems
- Misconfigured authentication settings
- Unnecessary services
- Default account policies
- Non-root user access to sensitive
commands
Pluggable
Authentication Modules
Editing PAM files

PAM directories
PAM entry format
Telnet access and the root account
Summary

for security


Summary
(contd)

management


Lesson 2:
Account Security
Objectives
Describe the relationship between account

security and passwords
Explain techniques for securing accounts
in Windows 2000 and Linux
Prune users, detect account changes,
rename default accounts, and implement
password policies in Windows 2000 and
Linux
Objectives
(contd)
Identify Linux commands for password

aging and explain how to log unsuccessful
logon attempts
Explain Linux security threats, restrict
account access, and monitor accounts
Passwords
Windows 2000 and strong passwords

- Enforcing strong passwords
- Dictionary attacks
Linux and strong passwords
- Shadow passwords
- The root account
Verifying
System State
Cross-referencing information on nondomain controllers

Built-in and external tools
Renaming default accounts
Windows 2000 account policies
Password lockout
Password
Aging in Linux
Linux command options

Timing out users
Monitoring accounts
System-wide event logging facility
Summary


Linux
Summary
(contd)

logon attempts

Lesson 3:
File System
Security
Objectives
Identify the Windows 2000 file-level

permissions
Assign NTFS permissions
Explain the importance of drive partitioning
and how it relates to security
Describe how copying and moving a file
affect file security
Identify remote file access control
permissions
Objectives
(contd)
Describe Linux file system security

concepts
Explain the function of the umask
command
Discuss the purpose of setuid, setgid,
and sticky bits
Windows 2000
File System Security
File-level permissions
Standard 2000 permissions
Drive partitioning
Copying and moving files
Remote File
Access Control
Remote access permissions

- Full Control
- Modify
- Read & Execute
- No Access
Share permissions
Linux
Files
File information
Permissions
The umask command
The chmod command
UIDs and GIDs
The set bits: setuid, setgid and sticky
bits
Summary
permissions



permissions
Summary
(contd)

concepts

command

and sticky bits
Lesson 4:
Assessing Risk
Objectives
Identify general and specific operating

system attacks
Describe a keylogger programs function
Change Windows 2000 system defaults
Scan a system to determine security risks
Explain Linux security concerns
Security
Threats
Accidental threats
Intentional threats
- Passive threats
- Active threats
Types of
Attacks
Spoofing/masquerade
Replay
Denial of service
Insider
Trapdoor
Trojan horses
Windows 2000
Security Risks
Default directories
Default accounts
Default shares and services
General UNIX
Security Vulnerabilities
Viruses
Buffer overflows
Keyloggers
Invisible KeyLogger Stealth and Windows

2000
Keylogging and securing the Linux search
path
Protecting yourself against keyloggers
System
Port Scanning
Advanced security scanners

- WebTrends Security Analyzer
UNIX
Security Risks
The rlogin command

- Interactive sessions: Telnet vs. rlogin
Network Information System (NIS)
NIS
Security Concerns
NIS security problems

- No authentication requirements
- Contacting server by broadcast
- Plain-text distribution
- Encryption and authentication
- Portmapper processes and
TCPWrappers
- The securenets file
NIS+
NFS
Security Concerns
Users, groups and NFS

Secure RPC
NFS security summary
Summary
system attacks

Lesson 5:
Reducing Risk
Objectives
Explain the purpose and importance of

system patches and fixes, and apply
system patches
Modify the Windows 2000 Registry for
security
Lock down and remove services for
effective security in Windows 2000 and
Linux
Patches
and Fixes
Microsoft service packs

Red Hat Linux errata
Windows 2000
Registry Security
Registry structure
- Subtrees and their uses
Auditing the registry
Setting registry permissions
Disabling and Removing

Services in Windows 2000
Securing network connectivity

Miscellaneous configuration changes
Disabling and
Removing Services in UNIX
Bastille
- The tarball format
- Downloading and installing Bastille
- Running Bastille in text mode
Summary
system patches

security

Linux
Operating
System Security
Security Principles
Account Security
Assessing Risk
Reducing Risk
Operating System
Security
Lesson 1:
Security Principles
Objectives

for security
Objectives
(contd)

management
Security
Services
Authentication
Access control
Data confidentiality
Data integrity
Nonrepudiation
Evaluation
Criteria
European Information Technology Security

Evaluation Criteria document BS 7799
Trusted Computer Systems Evaluation
Criteria
Common Criteria
Security Levels
Low
Medium
High
Security
Mechanisms
Specific
- Encipherment
- Digital signature
- Access control
- Data integrity
- Authentication
- Traffic padding
Wide
- Trusted
functionality
- Security labels
- Audit trails
- Security
recovery
Windows 2000
Security
Exploits
Windows 2000 registry
Windows 2000
Security Architecture
Windows 2000 security components

- C2 certification
Windows 2000 objects
Security components
- SIDs
- Access tokens
- Security descriptors
- Access control lists and entities
Security subsystem
Linux
Security
Configuration problems
- Misconfigured authentication settings
- Unnecessary services
- Default account policies
- Non-root user access to sensitive
commands
Pluggable
Authentication Modules
Editing PAM files

PAM directories
PAM entry format
Telnet access and the root account
Summary

for security


Summary
(contd)

management


Lesson 2:
Account Security
Objectives

Linux
Objectives
(contd)

logon attempts
Passwords
Windows 2000 and strong passwords

- Enforcing strong passwords
- Dictionary attacks
Linux and strong passwords
- Shadow passwords
- The root account
Verifying
System State
Cross-referencing information on nondomain controllers

Built-in and external tools
Renaming default accounts
Windows 2000 account policies
Password lockout
Password
Aging in Linux
Linux command options

Timing out users
Monitoring accounts
System-wide event logging facility
Summary


Linux
Summary
(contd)

logon attempts

Lesson 3:
File System
Security
Objectives

permissions
permissions
Objectives
(contd)

concepts
command
and sticky bits
Windows 2000
File-level permissions
Standard 2000 permissions
Drive partitioning
Copying and moving files
Remote File
Access Control
Remote access permissions

- Full Control
- Modify
- Read & Execute
- No Access
Share permissions
Linux
Files
File information
Permissions
The umask command
The chmod command
UIDs and GIDs
The set bits: setuid, setgid and sticky
bits
Summary
permissions



permissions
Summary
(contd)

concepts

command

and sticky bits
Lesson 4:
Assessing Risk
Objectives

system attacks
Security
Threats
Accidental threats
Intentional threats
- Passive threats
- Active threats
Types of
Attacks
Spoofing/masquerade
Replay
Denial of service
Insider
Trapdoor
Trojan horses
Windows 2000
Security Risks
Default directories
Default accounts
Default shares and services
General UNIX
Security Vulnerabilities
Viruses
Buffer overflows
Keyloggers
Invisible KeyLogger Stealth and Windows

2000
Keylogging and securing the Linux search
path
Protecting yourself against keyloggers
System
Port Scanning
Advanced security scanners

- WebTrends Security Analyzer
UNIX
Security Risks
The rlogin command

- Interactive sessions: Telnet vs. rlogin
Network Information System (NIS)
NIS
Security Concerns
NIS security problems

- No authentication requirements
- Contacting server by broadcast
- Plain-text distribution
- Encryption and authentication
- Portmapper processes and
TCPWrappers
- The securenets file
NIS+
NFS
Security Concerns
Users, groups and NFS

Secure RPC
NFS security summary
Summary
system attacks

Lesson 5:
Reducing Risk
Objectives

system patches
security
Linux
Patches
and Fixes
Microsoft service packs

Red Hat Linux errata
Windows 2000
Registry Security
Registry structure
- Subtrees and their uses
Auditing the registry
Setting registry permissions
Disabling and Removing

Services in Windows 2000
Securing network connectivity

Miscellaneous configuration changes
Disabling and
Removing Services in UNIX
Bastille
- The tarball format
- Downloading and installing Bastille
- Running Bastille in text mode
Summary
system patches

security

Linux
Operating
System Security
Security Principles
Account Security
Assessing Risk
Reducing Risk
01/08/13
An Illustrated Guide to IPsec
Steve Friedl's Unixwiz.net Tech Tips

IPsec is a suite of protocols for securing network connections, but the
details and many variations quickly become overwhelming. This is
particularly the case when trying to interoperate between disparate
systems, causing more than one engineer to just mindlessly turn the knobs
when attempting to bring up a new connection.
Table of Contents
1. So many flavors...
2. The IP Datagram
3. AH: Authentication only
4. ESP: Encapsulating Security
Payload
5. Building a real VPN
6. Other Matters
This Tech Tip means to give bottom-up

coverage of the low-level protocols used
in an IPv4 context (we provide no coverage of IPv6). This is not a
deployment guide or best-practices document we're looking at it
strictly at the protocol level on up, rather than from the big picture
on down.
NOTE: originally this was to be a pair of papers, with the second
covering Key Exchange and the like, but it appears that this was not
meant to be. Sorry.
So many flavors...
One of the first things that one notices when trying to set up IPsec is that there
are so many knobs and settings: even a pair of entirely standards-conforming
implementations sports a bewildering number of ways to impede a successful
connection. It's just an astonishingly-complex suite of protocols.
One cause of the complexity is that IPsec provides mechanism, not policy: rather
than define such-and-such encryption algorithm or a certain authentication
function, it provides a framework that allows an implementation to provide nearly
anything that both ends agree upon.
In this section, we'll touch on some of the items in the form of a glossary, with a
compare-and-contrast to show which terms relate to which other terms. This is
not even remotely complete.
AH versus ESP
"Authentication Header" (AH) and "Encapsulating Security Payload" (ESP) are
the two main wire-level protocols used by IPsec, and they authenticate (AH)
and encrypt+authenticate (ESP) the data flowing over that connection. They
are typically used independently, though it's possible (but uncommon) to use
them both together.
Tunnel mode versus Transport mode
Transport Mode provides a secure connection between two endpoints as it encapsulates IP's
payload, while Tunnel Mode encapsulates the entire IP packet to provide a virtual "secure hop"
between two gateways. The latter is used to form a traditional VPN, where the tunnel generally
creates a secure tunnel across an untrusted Internet.
MD5 versus SHA-1 versus DES versus 3DES versus AES versus blah blah blah
Setting up an IPsec connection involves all kinds of crypto choices, but this is simplified
substantially by the fact that any given connection can use at most two or (rarely) three at a
time.
unixwiz.net/techtips/iguide-ipsec.html
1/18
01/08/13
Authentication calculates an Integrity Check Value (ICV) over the packet's contents, and it's
usually built on top of a cryptographic hash such as MD5 or SHA-1. It incorporates a secret key
known to both ends, and this allows the recipient to compute the ICV in the same way. If the
recipient gets the same value, the sender has effectively authenticated itself (relying on the
property that cryptographic hashes can't practically be reversed). AH always provides
authentication, and ESP does so optionally.
Encryption uses a secret key to encrypt the data before transmission, and this hides the actual
contents of the packet from eavesdroppers. There are quite a few choices for algorithms here,
with DES, 3DES, Blowfish and AES being common. Others are possible too.
IKE versus manual keys
Since both sides of the conversation need to know the secret values used in hashing or
encryption, there is the question of just how this data is exchanged. Manual keys require manual
entry of the secret values on both ends, presumably conveyed by some out-of-band mechanism,
and IKE (Internet Key Exchange) is a sophisticated mechanism for doing this online.
Main mode versus aggressive mode
These modes control an efficiency-versus-security tradeoff during initial IKE key exchange. "Main
mode" requires six packets back and forth, but affords complete security during the establishment
of an IPsec connection, while Aggressive mode uses half the exchanges providing a bit less
security because some information is transmitted in cleartext.
We'll certainly face more options as we unwrap IPsec.
The IP Datagram
Since we're looking at IPsec from the bottom up, we must first take a brief detour to revisit the IP
Header itself, which carries all of the traffic we'll be considering. Note that we are not trying to provide
comprehensive coverage to the IP header there are other excellent resources for that (the best
being TCP/IP Illustrated, vol 1).
ver
This is the version of the protocol, which is now
4=IPv4
hlen
IP Header length, as a four-bit number of 32-bit
words ranging from 0..15. A standard IPv4 header is
always 20 bytes long (5 words), and IP Options if
any are indicated by a larger hlen field up to at
most 60 bytes. This header length never includes
the size of payload or other headers that follow.
TOS
Type of Service
This field is a bitmask that gives some clues as to
the type of service this datagram should receive:
optimize for bandwidth? Latency? Low cost?
Reliability?
pkt len
Overall packet length in bytes, up to 65535. This
count includes the bytes of the header, so this
suggests that the maximum size of any payload is at
least 20 bytes less. The vast majority of IP
2/18
01/08/13
datagrams are much, much smaller.

ID
The ID field is used to associate related packets that have been fragmented (large packets broken
up into smaller ones).
flgs
These are small flags that mainly control fragmentation: one marks the packet as ineligible for
fragmentation, and the other says that more fragments follow.
frag offset
When a packet is fragmented, this shows where in the overall "virtual" packet this fragment
belongs.
TTL
This is the Time to Live, and is decremented by each router that passes this packet. When the
value reaches zero, it suggests some kind of routing loop, so it's discarded to prevent it from
running around the Internet forever.
proto
This represents the protocol carried within this packet, and it's going to be central to most of our
discussions. Though the datagram itself is IP, it always encapsulates a subsidiary protocol (TCP,
UDP, ICMP, etc. see the chart below) within. It can be thought of as giving the type of the
header that follows.
header cksum
This holds a checksum of the entire IP header, and it's designed to detect errors in transit. This is
not a cryptographic checksum, and it doesn't cover any part of the datagram that follow the IP
header.
src IP address
The 32-bit source IP address, which the recipient uses to reply to this datagram. Generally
speaking, it's possible to spoof these addresses (i.e., lie about where the datagram is coming
from).
dst IP address
The 32-bit destination IP address, which is where the packet is intended to arrive.
IP Options
These are an optional part of the IP header that contains application-specific information, though
they are not commonly used for routine traffic. The presence of IP options is indicated by a hlen
greater than 5, and they (if present) are included in the header checksum.
Payload
Each protocol type implies its own format for what follows the IP header, and we've used TCP here
just to show an example.
These proto codes are defined by IANA the Internet Assigned Numbers Authority and there are
many more than would ever be used by any single installation, but most will ring a bell with a networksavvy technician. These representative types are taken from the IANA website listing protocols:
Some IP protocol codes
Protocol
code
Protocol Description
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
3/18
01/08/13
IGMP Internet Group Management Protocol
IP within IP (a kind of encapsulation)
TCP Transmission Control Protocol
17
UDP User Datagram Protocol
41
IPv6 next-generation TCP/IP
47
GRE Generic Router Encapsulation (used by PPTP)
50
IPsec: ESP Encapsulating Security Payload
51
IPsec: AH Authentication Header
We'll be studying the last two in detail.
AH: Authentication Only

AH is used to authenticate but not encrypt IP traffic, and this serves the treble purpose of
ensuring that we're really talking to who we think we are, detecting alteration of data while in transit,
and (optionally) to guard against replay by attackers who capture data from the wire and attempt to
re-inject that data back onto the wire at a later date.
Authentication is performed by computing a cryptographic hash-based message authentication code
over nearly all the fields of the IP packet (excluding those which might be modified in transit, such as
TTL or the header checksum), and stores this in a newly-added AH header and sent to the other end.
This AH header contains just five interesting fields, and it's
injected between the original IP header and the payload. We'll
touch on each of the fields here, though their utility may not be
fully apparent until we see how they're used in the larger picture.
next hdr
This identifies the protocol type of the following payload, and
it's the original packet type being encapsulated: this is how
the IPsec header(s) are linked together.
AH len
This defines the length, in 32-bit words, of the whole AH
header, minus two words (this "minus two words" proviso
springs from the format of IPv6's RFC 1883 Extension Headers, of which AH is one).
Reserved
This field is reserved for future use and must be zero.
Security Parameters Index
This is an opaque 32-bit identifier that helps the recipient select which of possibly many ongoing
conversations this packet applies. Each AH-protected connection implies a hash algorithm (MD5,
SHA-1, etc.), some kind of secret data, and a host of other parameters. The SPI can be thought
of as an index into a table of these settings, allowing for easy association of packet with
parameter.
Sequence Number
This is a monotonically increasing identifier that's used to assist in antireplay protection. This
value is included in the authentication data, so modifications (intentional or otherwise) are
detected.
4/18
01/08/13
Authentication Data
This is the Integrity Check Value calculated over the entire packet including most of the
headers The recipient recomputes the same hash; Mismatched values mark the packet as either
damaged in transit, or not having the proper secret key. These are discarded.
Transport Mode
The easiest mode to understand is Transport Mode, which is used to protect an end-to-end
conversation between two hosts. This protection is either authentication or encryption (or both), but it
is not a tunneling protocol. It has nothing to do with a traditional VPN: it's simply a secured IP
connection.
In AH Transport Mode, the IP packet is modified only slightly to include the new AH header between the
IP header and the protocol payload (TCP, UDP, etc.), and there is a shuffling of the protocol code that
links the various headers together.
This protocol shuffling is required to allow the original IP packet to be reconstituted at the other end:
after the IPsec headers have been validated upon receipt, they're stripped off, and the original protocol
type (TCP, UDP, etc.) is stored back in the IP header. We'll see this chain of next header fields again
and again as we examine IPsec.
When the packet arrives at its destination and passes the authentication check, the AH header is
removed and the Proto=AH field in the IP header is replaced with the saved "Next Protocol". This puts
the IP datagram back to its original state, and it can be delivered to the waiting process.
Tunnel Mode
5/18
01/08/13
Tunnel Mode forms the more familiar VPN functionality, where entire IP packets are encapsulated inside
another and delivered to the destination.
Like Transport mode, the packet is sealed with an Integrity Check Value to authenticate the sender
and to prevent modification in transit. But unlike Transport mode, it encapsulates the full IP header as
well as the payload, and this allows the source and destination addresses to be different from those of
the encompassing packet: This allows formation of a tunnel.
When a Tunnel-mode packet arrives at its destination, it goes through the same authentication check
as any AH-type packet, and those passing the check have their entire IP and AH headers stripped off.
This effectively reconstitutes the original IP datagram, which is then injected into the usual routing
process.
Most implementations treat the Tunnel-mode endpoint as a virtual network interface just like an
Ethernet interface or localhost and the traffic entering or leaving it is subject to all the ordinary
routing decisions.
6/18
01/08/13
The reconstituted packet could be delivered to the local machine or routed elsewhere (according to the
destination IP address found in the encapsulated packet), though in any case is no longer subject to
the protections of IPsec. At this point, it's just a regular IP datagram.
Though Transport mode is used strictly to secure an end-to-end connection between two computers,
Tunnel mode is more typically used between gateways (routers, firewalls, or standalone VPN devices)
to provide a Virtual Private Network (VPN).
Transport or Tunnel?
Curiously, there is no explicit "Mode" field in IPsec: what distinguishes
Transport mode from Tunnel mode is the next header field in the AH
header.
When the next-header value is IP, it means that this packet
encapsulates an entire IP datagram (including the independent source
and destination IP addresses that allow separate routing after deencapsulation). This is Tunnel mode.
Any other value (TCP, UDP, ICMP, etc.) means that it's Transport
mode and is securing an endpoint-to-endpoint connection.
The top-level of the IP datagram is structured the same way
regardless of mode, and intermediate routers treat all flavors IPsec/AH
traffic identically without deeper inspection.
We'll note that a host as opposed to a gateway is required to
support both Transport and Tunnel modes, but when creating a hostto-host connection, it seems a little superfluous to use Tunnel mode.
Furthermore, a gateway (router, firewall, etc.) is only required to
support Tunnel mode, though supporting Transport mode is useful only
when creating an endpoint to the gateway itself, as in the case of
network management functions.
Authentication Algorithms
AH carries an Integrity Check Value in the Authentication Data portion of the header, and it's typically
(but not always) built on top of standard cryptographic hash algorithms such as MD5 or SHA-1.
Rather than use a straight checksum, which would provide no real security against intentional
tampering, it uses a Hashed Message Authentication Code (HMAC) which incorporates a secret value
while creating the ICV. Though an attacker can easily recompute a hash, without the secret value he
won't be able to recreate the proper ICV.
HMAC is described by RFC 2104, and this illustration shows how the message data and secret
contribute to the final Integrity Check Value:
7/18
01/08/13
We'll note that IPsec/AH doesn't define what the authentication function must be, it instead provides a
framework which allows any reasonable implementation agreed to by both ends to use. It's possible to
use other authentication functions, such as a digital signature or an encryption function as long as
both sides provide for it.
AH and NAT Not Gonna Happen

Though AH provides very strong protection of a packet's contents because it covers everything that
can be possibly considered immutable, this protection comes at a cost: AH is incompatible with NAT
(Network Address Translation).
NAT is used to map a range of private addresses (say, 192.168.1.X) to and from a (usually) smaller set
of public address, thereby reducing the demand for routable, public IP space. In this process, the IP
header is actually modified on the fly by the NAT device to change the source and/or destination IP
address.
When the appropriate source or header IP address is changed, it forces a recalculation of the header
checksum. This has to be done anyway, because the NAT device typically serves as one "hop" in the
path from source to destination, and this requires the decrement of the TTL (Time To Live) field.
Because the TTL and header checksum fields are always modified in flight, AH knows to excludes them
from coverage, but this does not apply to the IP addresses. These are included in the Integrity Check
Value, and any modification will cause the check to fail when verified by the recipient. Because the ICV
incorporates a secret key which is unknown by intermediate parties, the NAT router is not able to
recompute the ICV.
This same difficulty also applies to PAT (Port Address Translation), which maps multiple private IP
addresses into a single external IP address. Not only are the IP addresses modified on the fly, but the
8/18
01/08/13
UDP and TCP port numbers (and sometimes even to payload).

This requires much more intelligence on the part of the NAT
device, and more extensive modifications to the whole IP
datagram.
For this reason, AH whether in Tunnel or Transport mode is
entirely incompatible with NAT, and it may only be employed
when the source and destination networks are reachable
without translation.
We'll note that this particular difficulty doesn't apply to ESP, as
its authentication and encryption do not incorporate the IP
header being modified by NAT. Nevertheless, NAT does impose
some challenges even on ESP.
NAT translates IP addresses on the fly but it has to keep
track of which connections are flowing through it so that replies
can be properly associated with sources. When using TCP or
UDP, this is commonly done with port numbers (whether
rewritten on the fly or not), but IPsec provides no hook to allow
this.
At first one might suspect the SPI, which appears to be a useful
identifier, but because the SPI is different in both directions,
the NAT device has no way to associate the returning packet
with the outgoing connection.
Addressing this requires special facilities for NAT traversal,
something not covered in this paper.
ESP Encapsulating Security Payload

Adding encryption makes ESP a bit more complicated
because the encapsulation surrounds the payload rather
than precedes it as with AH: ESP includes header and
trailer fields to support the encryption and optional
authentication. It also provides Tunnel and Transport
modes which are used in by-now familiar ways.
The IPsec RFCs don't insist upon any particular encryption
algorithms, but we find DES, triple-DES, AES, and Blowfish
in common use to shield the payload from prying eyes. The
algorithm used for a particular connection is specified by
the Security Association (covered in a later section), and
this SA includes not only the algorithm, but the key used.
Unlike AH, which provides a small header before the
payload, ESP surrounds the payload it's protecting. The
Security Parameters Index and Sequence Number serve the
same purpose as in AH, but we find padding, the next header, and the optional Authentication Data at
the end, in the ESP Trailer.
It's possible to use ESP without any actual encryption (to use a NULL algorithm), which nonetheless
structures the packet the same way. This provides no confidentiality, and it only makes sense if
combined with ESP authentication. It's pointless to use ESP without either encryption or authentication
(unless one is simply doing protocol testing).
Padding is provided to allow block-oriented encryption algorithms room for multiples of their blocksize,
and the length of that padding is provided in the pad len field. The next hdr field gives the type
(IP, TCP, UDP, etc.) of the payload in the usual way, though it can be thought of as pointing
9/18
01/08/13
"backwards" into the packet rather than forward as we've seen in AH.
In addition to encryption, ESP can also optionally provide
authentication, with the same HMAC as found in AH. Unlike
AH, however, this authentication is only for the ESP header
and encrypted payload: it does not cover the full IP
packet. Surprisingly, this does not substantially weaken
the security of the authentication, but it does provide
some important benefits.
When an outsider examines an IP packet containing ESP
data, it's essentially impossible to make any real guesses
about what's inside save for the usual data found in the IP
header (particularly the source and destination IP
addresses). The attacker will certainly know that it's ESP
data that's also in the header but the type of the
payload is encrypted with the payload.
Even the presence or absence of Authentication Data can't
be determined by looking at the packet itself (this
determination is made by using the Security Parameters
Index to reference the preshared set of parameters and
algorithms for this connection).
However, it should be noted that sometimes the envelope provides hints that the payload does not.
With more people sending VoIP inside ESP over the internet, the QoS taggings are in the outside header
and is fairly obvious what traffic is VoIP signaling (IP precedence 3) and what is RTP traffic (IP
precedence 5). It's not a sure thing, but it might be enough of a clue to matter in some circumstances.
ESP in Transport Mode

As with AH, Transport Mode encapsulates just the datagram's payload and is designed strictly for hostto-host communications. The original IP header is left in place (except for the shuffled Protocol field),
and it means that among other things the source and destination IP addresses are unchanged.
10/18
01/08/13
ESP in Tunnel Mode

Our final look of standalone ESP is in Tunnel mode, which encapsulates an entire IP datagram inside the
encrypted shell:
11/18
01/08/13
Providing an encrypted Tunnel Mode connection is getting very close to the traditional VPN that springs
to mind when most of us think about IPsec, but we have to add authentication of one type or another
to complete the picture: this is covered in the following section.
Unlike AH, where an onlooker can easily tell whether traffic is in Tunnel or Transport mode, this
information is unavailable here: the fact that this is Tunnel mode (via next=IP) is part of the
encrypted payload, and is simply not visible to one unable to decrypt the packet.
Putting it all together: Building a real VPN

With coverage of the Authenticating Header and Encapsulating Security Payload complete, we're ready
to enable both encryption and authentication to build a real VPN. The whole purpose of a Virtual Private
Network is to join two trusted networks across an untrusted intermediate network, as is by stringing a
very long Ethernet cable between the two. This is commonly used to connect branch offices with
company headquarters, allowing all users to share sensitive resources without fear of interception.
12/18
01/08/13
Clearly, a secure VPN requires both authentication and encryption. We know that ESP is the only way
to provide encryption, but ESP and AH both can provide authentication: which one do we use?
The obvious solution of wrapping ESP inside of AH is technically possible, but in practice is not
commonly used because of AH's limitations with respect to Network Address Translation. By using
AH+ESP, this tunnel could never successfully traverse a NAT'ed device.
Instead, ESP+Auth is used in Tunnel mode to fully encapsulate the traffic on its way across an
untrusted network, protected by both encryption and authentication in the same thing.
Traffic protected in this manner yields nearly no useful information to an interloper save for the fact
that the two sites are connected by a VPN. This information might help an attacker understand trust
relationships, but nothing about the actual traffic itself is revealed. Even the type of encapsulated
protocol TCP, UDP, or ICMP is hidden from outsiders.
What's particularly nice about this mode of operation is that the end-user hosts generally know nothing
about the VPN or other security measures in place. Since a VPN implemented by a gateway device
treats the VPN as yet another interface, traffic destined for the other end is routed normally.
This packet-in-a-packet can actually be nested yet more levels: Host A and Host B can establish their
own authenticated connection (via AH), and have this routed over the VPN. This would put an AH inner
packet inside an enclosing ESP+Auth packet.
Update - it's important to use authentication even if encryption is used, because encrypt-only
implementations are subject to effective attack as described in the paper Cryptography in Theory and
Practice: The Case of Encryption in IPsec; see the Resources section for more information.
13/18
01/08/13
Touching on Other Matters

IPsec is a very complex suite of protocols, and this Tech Tip cannot possibly give proper justice to
more than a small part of it. In this section we'll mention a few areas that beg for more coverage.
Security Associations and the SPI

It seems self-evident that if two endpoints or gateways are going to establish a secure connection,
some kind of shared secret is required to seed the authentication function and/or key the encryption
algorithm. The matter of just how these are secrets are established is a substantial topic to be
addressed elsewhere, and for the purposes of this discussion we shall just assume that the keys have
magically landed where they belong.
When an IPsec datagram either AH or ESP arrives at an interface, just how does the interface
14/18
01/08/13
know which set of parameters (key, algorithm, and policies) to use? Any host could have many ongoing
conversations, each with a different set of keys and algorithms, and something must be able to direct
this processing.
This is specified by the Security Association (SA), a collection of
connection-specific parameters, and each partner can have one or
more Security Associations. When a datagram arrives, three pieces
of data are used to locate the correct SA inside the Security
Associations Database (SADB):
Partner IP address
IPsec Protocol (ESP or AH)
Security Parameters Index
In many ways this triple can be likened to an IP socket, which is
uniquely denoted by the remote IP address, protocol, and port
number.
Unsure!
It's been pointed out that the

SADB only uses the protocol
type and SPI to select an
entry, not the partner IP
address; we simply don't
know.
This might depend on whether
the association is configured
with main mode or aggressive
mode, but we welcome
clarifications.
Security Associations are one way, so a two-way connection (the

typical case) requires at least two. Furthermore, each protocol
(ESP/AH) has its own SA in each direction, so a full AH+ESP VPN requires four Security Associations.
These are all kept in the Security Associations Database.
A tremendous amount of information is kept in the SADB, and we can only touch on a few of them:
AH: authentication algorithm
AH: authentication secret
ESP: encryption algorithm
ESP: encryption secret key
ESP: authentication enabled yes/no
Many key-exchange parameters
Routing restrictions
IP filtering policy
Some implementations maintain the SPD (Security Policy Database) with command-line tools, others
with a GUI, while others provide a web-based interface over the network. The amount of detail
maintained by any particular implementation depends on the facilities offered, as well as whether it's
operating in Host or Gateway mode (or both).
Key Management
Finally, we briefly visit the very complex matter of key management. This area includes several
protocols and many options, and the bulk of this will be covered in a future paper. This section is
necessarily highly incomplete.
IPsec would be nearly useless without the cryptographic facilities of authentication and encryption, and
these require the use of secret keys known to the participants but not to anyone else.
The most obvious and straightforward way to establish these secrets is via manual configuration: one
party generates a set of secrets, and conveys them to all the partners. All parties install these secrets
in their appropriate Security Associations in the SPD.
But this process does not scale well, nor is it always terribly secure: the mere act of conveying the
secrets to another site's SPD may well expose them in transit. In a larger installation with many devices
using the same preshared key, compromise of that key makes for a very disruptive re-deployment of
new keys.
15/18
01/08/13
IKE Internet Key Exchange exists to allow two endpoints to properly set up their Security
Associations, including the secrets to be used. IKE uses the ISAKMP (Internet Security Association Key
Management Protocol) as a framework to support establishment of a security association compatible
with both ends.
Multiple key-exchange protocols themselves are supported, with Oakley being the most widely used.
We'll note that IPsec key exchange typically takes place over port 500/udp.
Resources
The Internet has a great many resources surrounding IPsec, some better than others. The starting
point, of course, is always with the RFCs (Requests for Comment) that form the Internet standards
defining the protocols. These are the main reference works upon which all other documentation
including this one is based.
Update: In December 2005, a whole new set of RFCs was issued by IETF, and the 43xx series largely
obsoleted the 24xx series. We included references to all the RFCs (old and new) below, though this
document has not really been updated for the new ones.
RFC 2401 Security Architecture for IPsec obsolete
RFC 4301 Security Architecture for IPsec new Dec 2005
This is the overview of the entire IPsec protocol suite from the point of view of the RFCs. This,
and the Documentation Roadmap (RFC 2411) are good places to start.
RFC 2402 AH: Authentication Header obsolete
RFC 4302 AH: Authentication Header new Dec 2005
This defines the format of the IPsec Authentication Header, in both Tunnel and Transport modes.
RFC 2403 Use of HMAC-MD5-96 within ESP and AH
RFC 2404 Use of HMAC-SHA-1-96 within ESP and AH
These two RFCs define authentication algorithms used in AH and ESP: MD5 and SHA-1 are both
cryptographic hashes, and they are part of a Hashed Message Authentication Code. AH always
performs authentication, while ESP does so optionally.
RFC 2104 HMAC: Keyed-Hashing for Message Authentication
This RFC defines the authentication algorithm that uses a cryptographic hash along with a secret
to verify the integrity and authenticity of a message. It's not written to be part of IPsec, but it's
referenced in RFC 2403 and RFC 2404.
RFC 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV
This defines the use of DES (the Data Encryption Standard) as a confidentiality algorithm in the
context of ESP.
RFC 2406 ESP: Encapsulating Security Payload obsolete
RFC 4303 ESP: Encapsulating Security Payload new Dec 2005
ESP is the encrypting companion to AH, and it affords confidentiality to the contents of its
payload. ESP by itself does not define any particular encryption algorithms but provides a
framework for them.
RFC 2407 The Internet IP Security Domain of Interpretation for ISAKMP
This RFC describes the use of ISAKMP Internet Security Association and Key Management
Protocol in the context of IPsec. It's a framework for key exchange at the start of a
conversation, and its use obviates the poor practice of using manual keys.
RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
Hand in hand with RFC 2407, this RFC dives into much more detail on the ISAKMP protocol used to
support key exchange (though it doesn't define the key exchange protocols themselves).
16/18
01/08/13
RFC 2409 The Internet Key Exchange (IKE) Protocol obsolete

RFC 4306 The Internet Key Exchange (IKE) Protocol new Dec 2005
Though ISAKMP provides a framework for key-exchange, it doesn't define the protocols
themselves: this RFC does that. IKE includes initial authentication, as well as Oakley key
exchange.
RFC 2410 The NULL Encryption Algorithm and Its Use With IPsec
IPsec's ESP protocol performs encryption of payload using one of several available algorithms, but
a NULL encryption algorithm is typically made available for testing. Of course, this provides no
confidentiality for the "protected" data, but it may be useful for developers or those attempting to
understand IPsec by sniffing the wire. This RFC is written humorously and could have been (but
was not) written on April 1.
RFC 2411 IP Security Document Roadmap
This RFC provides an layout of the various IPsec-related RFCs, as well as provides a framework for
new RFCs of particular types ("authentication algorithms", "encryption algorithms"). It's a good
starting point.
RFC 2412 The OAKLEY Key Determination Protocol
OAKLEY forms part of IKE (Internet Key Exchange), and it provides a service where two
authenticated parties can agree on the secrets required for IPsec communications.
An Illustrated Guide to Cryptographic Hashes - Unixwiz.net Tech Tip
An introductory paper on the use of cryptographic hashes such as MD5 or SHA-1, which are used
in AH's HMAC for authentication.
IPsec Technical Reference by Microsoft
This provides information on Microsoft's implementation of IPsec in the Windows Server 2003
product, including a great deal about the larger infrastructure required to support IPsec in the
enterprise.
TCP/IP Illustrated, Volume 1, by W. Richard Stevens.
This is the classic textbook on the TCP/IP protocol, covering down to the packet header in
exquisite detail: This is an extraordinary resource.
A Cryptographic Evaluation of IPsec, by Bruce Schneier and Niels Ferguson.
An interesting paper on the security of IPsec, whose main point is that IPsec is far too complex to
ever really be secure (something which has crossed our minds as well). Among their proposals are
to eliminate both Transport Mode and AH: ESP in Tunnel mode can provide all this same
functionality.
RFC 3884 Use of IPsec Transport Mode for Dynamic Routing
In contrast to the Schneier paper, it's also been suggested that Transport Mode is the only one
that's strictly required to accomplish everything, and RFC 3884 shows a way of providing tunnel
mode. It's been suggested to us that this makes some implementation issues much easier, though
we've not really investigated any of it.
Cryptography in Theory and Practice: The Case of Encryption in IPsec ; Paterson & Yau
This very interesting paper discusses some of the dangers of encrypted but not authenticated
IPsec connections, with effective attacks on real systems (including the Linux kernel's
implementation of IPsec). It's a very clever paper.
Protocolo IPsec Alexandru Ionut Grama
This paper was translated into Spanish!
N.B. We are not IPsec experts, and though we've spent a great deal of time researching these
17/18
01/08/13
matters, we may have some details wrong. Feedback and corrections are very much welcome. We're
particularly grateful for the extensive technical feedback provided by IPsec architects at Sun and
Microsoft.
These original figures were produced by the author using Adobe Illustrator.
First published: 2005-08-24
Home
Stephen J. Friedl
Software Consultant
Orange County, CA USA
18/18
Chapter 4
Authentication
Applications
Henric Johnson
Blekinge Institute of Technology,Sweden
http://www.its.bth.se/staff/hjo/
henric.johnson@bth.se
Henric Johnson
Outline
Security Concerns
Kerberos
X.509 Authentication Service
Recommended reading and Web Sites
Henric Johnson
Security Concerns
key concerns are confidentiality and
timeliness
to provide confidentiality must encrypt
identification and session key info
which requires the use of previously shared
private or public keys
need timeliness to prevent replay attacks
provided by using sequence numbers or
timestamps or challenge/response
Henric Johnson
KERBEROS
In Greek mythology, a many headed dog,

the guardian of the entrance of Hades
Henric Johnson
KERBEROS
Users wish to access services on
servers.
Three threats exist:
User pretend to be another user.
User alter the network address of a
workstation.
User eavesdrop on exchanges and use a
replay attack.
Henric Johnson
KERBEROS
Provides a centralized authentication
server to authenticate users to
servers and servers to users.
Relies on conventional encryption,
making no use of public-key
encryption
Two versions: version 4 and 5
Version 4 makes use of DES
Henric Johnson
Kerberos Version 4
Terms:
C = Client
AS = authentication server
V = server
IDc = identifier of user on C
IDv = identifier of V
Pc = password of user on C
ADc = network address of C
Kv = secret encryption key shared by AS an V
TS = timestamp
|| = concatenationHenric Johnson
A Simple Authentication
Dialogue
(1) C AS:
(2) AS C:
(3) C V:
IDc || Pc || IDv
Ticket
IDc || Ticket
Ticket = EKv[IDc || Pc || IDv]
Henric Johnson
Version 4 Authentication
Dialogue
Problems:
Lifetime associated with the ticket-granting
ticket
If too short repeatedly asked for password
If too long greater opportunity to replay
The threat is that an opponent will steal the

ticket and use it before it expires
Henric Johnson
Version 4 Authentication Dialogue

Authentication Service Exhange: To obtain Ticket-Granting Ticket
(1)
C AS:
(2)
AS C:
IDc || IDtgs ||TS1

EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]
Ticket-Granting Service Echange: To obtain Service-Granting Ticket

(3) C TGS:
IDv ||Tickettgs ||Authenticatorc
(4)
EKc [Kc,v|| IDv || TS4 || Ticketv]
TGS C:
Client/Server Authentication Exhange: To Obtain Service

(5) C V:
(6) V C:
Ticketv || Authenticatorc
EKc,v[TS5 +1]
Henric Johnson
10
Overview of Kerberos
Henric Johnson
11
Request for Service in

Another Realm
Henric Johnson
12
Difference Between
Version 4 and 5
Encryption system dependence (V.4 DES)

Internet protocol dependence
Message byte ordering
Ticket lifetime
Authentication forwarding
Interrealm authentication
Henric Johnson
13
Kerberos Encryption Techniques
Henric Johnson
14
PCBC Mode
Henric Johnson
15
Kerberos - in practice
Currently have two Kerberos versions:

4 : restricted to a single realm
5 : allows inter-realm authentication, in beta test
Kerberos v5 is an Internet standard
specified in RFC1510, and used by many utilities
To use Kerberos:
need to have a KDC on your network
need to have Kerberised applications running on all
participating systems
major problem - US export restrictions
Kerberos cannot be directly distributed outside the
US in source format (& binary versions must obscure
crypto routine entry points and have no encryption)
else crypto libraries must be reimplemented locally
Henric Johnson
16
X.509 Authentication
Service
Distributed set of servers that
maintains a database about users.
Each certificate contains the public
key of a user and is signed with the
private key of a CA.
Is used in S/MIME, IP Security,
SSL/TLS and SET.
RSA is recommended to use.
Henric Johnson
17
X.509 Formats
Henric Johnson
18
Typical Digital Signature

Approach
Henric Johnson
19
Obtaining a Users
Certificate
Characteristics of certificates
generated by CA:
Any user with access to the public key of
the CA can recover the user public key
that was certified.
No part other than the CA can modify
the certificate without this being
detected.
Henric Johnson
20
X.509 CA Hierarchy
Henric Johnson
21
Revocation of Certificates
Reasons for revocation:
The users secret key is assumed to be
compromised.
The user is no longer certified by this
CA.
The CAs certificate is assumed to be
compromised.
Henric Johnson
22
Authentication Procedures
Henric Johnson
23
Recommended Reading and

WEB Sites
www.whatis.com (search for kerberos)
Bryant, W. Designing an Authentication
System: A Dialogue in Four Scenes.
http://web.mit.edu/kerberos/www/dialogue.html
Kohl, J.; Neuman, B. The Evolotion of

the Kerberos Authentication Service
http://web.mit.edu/kerberos/www/papers.html
http://www.isi.edu/gost/info/kerberos/
Henric Johnson
24

Material Estudio

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Material Estudio

Hochgeladen von

Copyright:

Verfügbare Formate

Guide to Operating

Explain what operating system and network

Guide to Operating System Security

What Is Operating System and

Ability to reliably store, modify, protect, and

Guide to Operating System Security

Operating Systems and Security

Provide basic programming instructions to

Potential to provide security functions at every

Guide to Operating System Security

Operating System Components

Application programming interface (API)

Basic form of security: Configure BIOS password

Guide to Operating System Security

Operating System Functions and

Guide to Operating System Security

Computer Networks and

System of computers, print devices, network

All networks have vulnerable points that require

Guide to Operating System Security

Classified by reach and complexity

Local area networks (LANs)

Guide to Operating System Security

Guide to Operating System Security

Careers in Information Security

Number of jobs has increased by 100% per

Guide to Operating System Security

Why Security Is Necessary

Protects information and resources

Guide to Operating System Security

Protecting Information and

Security protects information and resources of:

Guide to Operating System Security

Potential for serious legal and business

Guide to Operating System Security

Potential for loss of money, data, or both if a

Guide to Operating System Security

Addressing Security Holes or

After purchasing a new OS, software, or

Test rigorously for security and reliability

Guide to Operating System Security

Use an OS that enables the organization to set

Guide to Operating System Security

Setting Up Local Security

Guide to Operating System Security

Cost of deploying security

Should be an element in total cost of ownership

Cost of not deploying security

Guide to Operating System Security

Guide to Operating System Security

Easy to take advantage of a logged-on

Guide to Operating System Security

Attacks Enabled by Access to

Users defeat password protection by

Sharing them with others

Attackers have sophisticated ways of gaining

Guide to Operating System Security

Attempting to Log On to a Telnet

Guide to Operating System Security

Able to replicate throughout a system

E-mail falsely warning of a virus

Guide to Operating System Security

Endlessly replicates on the same computer, or

Guide to Operating System Security