Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

More documents

Recommendations

Info

138 CHAPTER 8 Security Standards and Services ■ Institute of Electrical and Electronics Engineers, Inc. (IEEE) 802.11w ■ The IEEE 802.11b standard is only for the open and shared-key authentication scheme, which is nonextensible. ■ The IEEE 802.11w is a proposed amendment to the existing 802.11 standards to increase security. ■ The 802.11w defines enhancements for integrity, authenticity and confidentiality of the data, and ensure protection from replay attacks. EXTENSIBLE AUTHENTICATION PROTOCOL EAP is an authentication protocol designed to support several different authentication mechanisms. It runs directly over the data link layer and does not require the use of IP. EAP comes in several different forms: ■ EAP over IP (EAPoIP) ■ Message Digest Algorithm/Challenge Handshake Authentication Protocol (EAP-MD5-CHAP) ■ EAP–TLS ■ EAP–Tunneled Transport Layer Security (TTLS) ■ RADIUS ■ Cisco EAP-Flexible Authentication via Secure Tunneling (FAST) EAP can support per-packet authentication and integrity protection, but it is not extended to all types of EAP messages. For example, negative acknowledgment (NACK) and notification messages cannot use per-packet authentication and integrity. Per-packet authentication and integrity protection works for the following (packet is encrypted unless otherwise noted): ■ ■ ■ ■ ■ TLS and IKE derive session key TLS ciphersuite negotiations (not encrypted) IKE ciphersuite negotiations Kerberos tickets Success and failure messages that use a derived session key (through Wireless Encryption Protocol (WEP)) PROTECTED EXTENSIBLE AUTHENTICATION PROTOCOL Protected Extensible Authentication Protocol (PEAP) uses TLS to create an encrypted channel between the client supplicant and the RADIUS server. Security and ease of deployment make PEAP a popular choice for authentication. The advantages of PEAP are as follows: ■ ■ Windows 2008, Windows Server 2003, Windows 2000, Windows XP, and Pocket PC 2002 offer support for PEAP (either natively or with a system update), so there is no need for you to install third-party client software. NPS in Windows 2008 and IAS in Windows 2003 are the Microsoft implementation of the RADIUS protocol. Windows 2000 Server and Windows
Network Access Security 139 ■ ■ ■ ■ ■ ■ ■ ■ Server 2003 support PEAP, so there is no need to install third-party RADIUS software. PEAP uses a TLS channel to protect the user credentials. Using the TLS channel from the client to the authentication server, PEAP offers end-to-end protection, not just over the wireless data link. PEAP supports any EAP compatible methods. PEAP offers strong protection against the deployment of unauthorized wireless application processes (APs) because the client verifies the RADIUS server’s identity before proceeding ahead with further authentication or connectivity. The wireless AP is unable to decrypt the authentication messages protected by PEAP. PEAP offers highly secure keys that are used to encrypt the data communications between the clients and wireless AP. New encryption keys are derived for each connection and are shared with authorized wireless APs accepting the connection. Unauthorized wireless APs are not provided with the encryption keys. PEAP does not require the deployment of certificates to wireless clients. Only the PEAP server (authentication server) needs to be assigned a certificate. PEAP is an open standard supported under the security framework of the IEEE 802.1X specification. PEAP provides support for EAP authentication methods, such as EAP–TLS and EAP-MS-CHAPV2, that can perform computer authentication. Summary of Exam Objectives In today’s networking world, networks no longer have to be designed in the same manner. There are many options available as to how to physically and logically design a network. All these above-mentioned options can be used to increase the security of the internal network by keeping the untrusted and the unauthorized users out. The usage of DMZs to segment traffic into a protected zone between external and internal firewalls helps prevent attacks against your Internet facing servers. VPNs are used to allow remote network users to securely connect back to the corporate network. To additionally reduce the risk in your environment, application and service hardening should be considered. Be familiar with the required ports for various services so that you can uninstall or disable unused services, which will reduce unnecessary exposure. Include evaluation of network services, such as DNS and Dynamic Host Configuration Protocol (DHCP), and specific types of application services, such as e-mail, databases, Network News Transfer Protocol (NNTP) servers, and others. IDSes are used to identify and respond to attacks on the network. Several types of IDSes exist, each with its own unique pros and cons. An IPS is a newer type of IDS that can quickly respond to perceived attacks. Honeypots and honeynets
Page 2 and 3:
Syngress is an imprint of Elsevier
Page 4 and 5:
xii About the Authors Technical Edi
Page 6 and 7:
2 CHAPTER 1 Network Fundamentals Ne
Page 8 and 9:
4 CHAPTER 1 Network Fundamentals re
Page 10 and 11:
6 CHAPTER 1 Network Fundamentals
Page 12 and 13:
8 CHAPTER 1 Network Fundamentals Wh
Page 14 and 15:
10 CHAPTER 1 Network Fundamentals d
Page 16 and 17:
12 CHAPTER 1 Network Fundamentals
Page 18 and 19:
14 CHAPTER 1 Network Fundamentals T
Page 20 and 21:
16 CHAPTER 1 Network Fundamentals T
Page 22 and 23:
18 CHAPTER 1 Network Fundamentals I
Page 24 and 25:
20 CHAPTER 2 Network Media DID YOU
Page 26 and 27:
22 CHAPTER 2 Network Media Table 2.
Page 28 and 29:
24 CHAPTER 2 Network Media ■ Perf
Page 30 and 31:
26 CHAPTER 2 Network Media Table 2.
Page 32 and 33:
28 CHAPTER 2 Network Media LAN TECH
Page 34 and 35:
30 CHAPTER 2 Network Media CONNECTO
Page 36 and 37:
32 CHAPTER 2 Network Media EXAM WAR
Page 38 and 39:
34 CHAPTER 2 Network Media problems
Page 40 and 41:
36 CHAPTER 2 Network Media electrom
Page 42 and 43:
38 CHAPTER 3 Network Devices Table
Page 44 and 45:
40 CHAPTER 3 Network Devices some o
Page 46 and 47:
42 CHAPTER 3 Network Devices ■
Page 48 and 49:
44 CHAPTER 3 Network Devices ■
Page 50 and 51:
46 CHAPTER 3 Network Devices EXAM W
Page 52 and 53:
48 CHAPTER 3 Network Devices ■ Du
Page 54 and 55:
50 CHAPTER 3 Network Devices Proxy
Page 56 and 57:
52 CHAPTER 3 Network Devices Top Fi
Page 58 and 59:
54 CHAPTER 3 Network Devices the co
Page 60 and 61:
56 CHAPTER 4 Wireless Networking
Page 62 and 63:
Page 64 and 65:
60 CHAPTER 4 Wireless Networking Ta
Page 66 and 67:
62 CHAPTER 4 Wireless Networking WE
Page 68 and 69:
64 CHAPTER 4 Wireless Networking Th
Page 70 and 71:
66 CHAPTER 4 Wireless Networking us
Page 72 and 73:
Page 74 and 75:
70 CHAPTER 4 Wireless Networking si
Page 76 and 77:
72 CHAPTER 4 Wireless Networking co
Page 78 and 79:
74 CHAPTER 5 The OSI Model and Netw
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91: 86 CHAPTER 5 The OSI Model and Netw
Page 92 and 93: 88 CHAPTER 5 The OSI Model and Netw
Page 94 and 95: 90 CHAPTER 6 TCP/IP and Routing ■
Page 96 and 97: 92 CHAPTER 6 TCP/IP and Routing For
Page 98 and 99: 94 CHAPTER 6 TCP/IP and Routing UND
Page 100 and 101: 96 CHAPTER 6 TCP/IP and Routing ■
Page 102 and 103: 98 CHAPTER 6 TCP/IP and Routing Sub
Page 104 and 105: 100 CHAPTER 6 TCP/IP and Routing co
Page 106 and 107: 102 CHAPTER 6 TCP/IP and Routing
Page 108 and 109: 104 CHAPTER 6 TCP/IP and Routing al
Page 110 and 111: CHAPTER 7 Wide Area Networking 107
Page 112 and 113: WAN Protocols and Properties 109 In
Page 114 and 115: WAN Protocols and Properties 111 Cr
Page 116 and 117: Internet Access Methods 113 EXAM WA
Page 118 and 119: Internet Access Methods 115 Wireles
Page 120 and 121: Internet Access Methods 117 Top Fiv
Page 122 and 123: Internet Access Methods 119 with th
Page 124 and 125: 122 CHAPTER 8 Security Standards an
Page 146 and 147: 144 CHAPTER 9 Network Management
Page 148 and 149: 146 CHAPTER 9 Network Management Wi
Page 150 and 151: 148 CHAPTER 9 Network Management Cr
Page 152 and 153: 150 CHAPTER 9 Network Management
Page 154 and 155: 152 CHAPTER 9 Network Management An
Page 156 and 157: 154 CHAPTER 9 Network Management Lo
Page 158 and 159: 156 CHAPTER 10 Network Troubleshoot
Page 178 and 179: Glossary 177 Access Determines who
Page 180 and 181: Glossary 179 Extensible Authenticat
Page 182 and 183: Glossary 181 Oscilloscope A cable t
Page 184 and 185: Glossary 183 Wireless Network A net
Page 186 and 187: 186 Index Data link layer, 74-75 fu
Page 188 and 189: 188 Index Network troubleshooting,
show all

Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?