• Choose a category
• All
• Classic-Fiction

■ Two-way (client and server) authentication, which requires both ends of the connection (client and server) to authenticate to confirm validity

Real World Scenario

Look for Ways to Harden Your Servers

Armed with a list of the different types of servers on your network (from Lab 3.1), look for ways in which they can be hardened:

1. Are there services running on them that aren’t needed?

2. Have the latest patches and fixes been applied?

3. Are there known issues with this operating system?

4. Are there known issues with the services or applications that are running?

One of the first tasks you should do is to go to a search engine and enter the word hardening along with the exact operating system you’re running.

WAP is covered in detail in Chapter 4.

Many new wireless devices are also capable of using certificates to verify authentication. Figure 3.12 shows a mobile systems network; this network uses both encryption and authentication to increase security.

FIGURE 3.12 A mobile environment using WAP security

The Wireless Session Protocol (WSP) manages the session information and connection between the devices. The Wireless Transaction Protocol (WTP) provides services similar to TCP and UDP for WAP. The Wireless Datagram Protocol (WDP) provides the common interface between devices. Wireless Transport Layer Security (WTLS) is the security layer of the Wireless Application Protocol and is discussed in detail in Chapter 4.

Understanding Remote Access

One of the primary purposes for having a network is the ability to connect systems. As networks have grown, many technologies have come on the scene to make this process easier and more secure. A key area of concern relates to the connection of systems and other networks that aren’t part of your network. The following sections discuss the more common protocols used to facilitate connectivity among remote systems.

Ancient History: the Serial Line Internet Protocol

Serial Line Internet Protocol (SLIP) is an older protocol that was used in early remote access environments. SLIP was originally designed to connect Unix systems in a dial-up environment, and it supports only serial communications.

A very simple protocol, SLIP could only be used to pass TCP/IP traffic and wasn’t secure or efficient. While some systems still support SLIP, it is strictly used for legacy systems.

Any authentication done for a remote user is known as remote authentication . This authentication is commonly done using TACACS or RADIUS.

Using Point-to-Point Protocol

Introduced in 1994, Point-to-Point Protocol (PPP) offers support for multiple protocols including AppleTalk, IPX, and DECnet. PPP works with POTS, Integrated Services Digital Network (ISDN), and other faster connections such as T1. PPP doesn’t provide data security, but it does provide authentication using Challenge Handshake Authentication Protocol (CHAP).

Figure 3.13 shows a PPP connection over an ISDN line. In the case of ISDN, PPP would normally use one 64Kbps B channel for transmission. PPP allows many channels in a network connection (such as ISDN) to be connected or bonded together to form a single virtual connection.

FIGURE 3.13 PPP using a single B channel on an ISDN connection

PPP works by encapsulating the network traffic in a protocol called Network Control Protocol (NCP). Authentication is handled by Link Control Protocol (LCP). A PPP connection allows remote users to log on to the network and have access as though they were local users on the network. PPP doesn’t provide for any encryption services for the channel.

As you might have guessed, the unsecure nature of PPP makes it largely unsuitable for WAN connections. To counter this issue, other protocols have been created that take advantage of PPP’s flexibility and build on it. A dial-up connection using PPP works well because it isn’t common for an attacker to tap a phone line. You should make sure all your PPP connections