• Choose a category
• All
• Classic-Fiction

Layer 2 Tunneling Protocol Relatively recently, Microsoft and Cisco agreed to combine their respective tunneling protocols into one protocol: Layer 2 Tunneling Protocol (L2TP). L2TP is a hybrid of PPTP and L2F. It’s primarily a point-to-point protocol. L2TP supports multiple network protocols and can be used in networks besides TCP/IP. L2TP works over IPX, SNA, and IP, so it can be used as a bridge across many types of systems. The major problem with L2TP is that it doesn’t provide data security: The information isn’t encrypted. Security can be provided by protocols such as IPSec. L2TP uses port 1701 and UDP for connections.

Federal Information Processing Standard

The Federal Information Processing Standard (FIPS) is a set of guidelines for the United States federal government information systems. FIPS is used when an existing commercial or government system doesn’t meet federal security requirements. FIPS is issued by NIST.

Common Criteria

Common Criteria (CC) is an internationally agreed-upon set of standards to evaluate IT security. The growing market and the need for standardized security-system ratings have created the need for a common set of definitions. CC is a combination of European, U.S., and Canadian standards compiled into a single document. Using CC, security evaluations can be consistently applied across technologies.

Wireless Transport Layer Security

Wireless Transport Layer Security (WTLS) provides an encrypted and authenticated connection between a wireless client and a server. WTLS is similar in function to TLS, but it uses a lower bandwidth and less processing power. It’s used to support wireless devices, which don’t yet have extremely powerful processors.

Wired Equivalent Privacy

Wired Equivalent Privacy (WEP) is a wireless protocol designed to provide privacy equivalent to that of a wired network. WEP is implemented in a number of wireless devices, including PDAs and cell phones. To make the encryption stronger, Temporal Key Integrity Protocol (TKIP) can also be employed. This places a 128-bit wrapper around the WEP encryption with a key that is based on such things as the MAC address of your machine and the serial number of the packet. Without the use of TKIP, WEP—as mentioned earlier in this chapter—is considered weak.

The Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) technologies were designed to address the core problems with WEP. These technologies implement the 802.11i standard. The difference between WPA and WPA2 is that the former implements most—but not all—of 802.11i in order to be able to communicate with older wireless cards (which may still need an update through their firmware in order to be compliant), while WPA2 implements the full standard and is not compatible with older cards.

Extensible Authentication Protocol (EAP) provides a framework for authentication that is often used with wireless networks. Among the five EAP types adopted by the WPA/WPA2 standard are EAP-TLS and EAP-MD5.

ISO 17799

ISO 17799 is a 10-part security audit designed to audit virtually all aspects of your IT department. It is a comprehensive and in-depth audit/review.

ISO 17799 was discussed in detail in Chapter 6, “Securing the Network and Environment.”

Understanding Key Management and the Key Life Cycle

Key management refers to the process of working with keys from the time they are created until the time they are retired or destroyed. Key management includes the following stages/areas:

■ Centralized versus decentralized key generation

■ Key storage and distribution

■ Key escrow

■ Key expiration

■ Key revocation

■ Key suspension

■ Key recovery and archival

■ Key renewal

■ Key destruction

■ Key usage

Throughout this discussion, the terms certificate and key will be used interchangeably. Certificates contain keys that provide security. The process used is the same in either situation.

The term key life cycle describes the stages a key goes through