Chapter 7: Telecommunications and Networking Security (Part C) - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

Chapter 7: Telecommunications and Networking Security (Part C)

Description:

have to be within a 2.5-mile radius of the DSL service provider's equipment. ... involves transmitting signals via radio waves through air and space ... – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 49
Provided by: matt293
Category:

less

Transcript and Presenter's Notes

Title: Chapter 7: Telecommunications and Networking Security (Part C)


1
Chapter 7 Telecommunications and Networking
Security (Part C)
  • Remote Access
  • Wireless Technologies

2
Remote Access
  • Remote access enables remote and home users to
    connect to networks that will grant them access
    to network resources
  • The most common types of remote connectivity
    methods
  • Dial-up connections
  • VPNs
  • ISDN
  • Cable modems
  • DSL

3
Dial-Up and RAS (1)
  • Users dial into a Remote Access Service (RAS)
    server, which performs authentication by
    comparing the provided credentials with the
    database of credentials it maintains.
  • Steps
  • a request for a username and password takes place
  • the RAS may hang up the call to call the user
    back at a predefined phone number.
  • To ensure that only authenticated users are given
    access to the network.
  • If a company has not implemented any (or strong)
    access control over the RAS, attackers can easily
    walk into its network without ever having to
    bother with the firewall.

4
Dial-Up and RAS (2)
  • War dialing is used by many attackers to identify
    remote access modems.
  • Program tools can be used to dial a large bank of
    phone numbers
  • The tools log valid data connections (modems used
    for data transmission) and attempt to identify
    the system on the other end of the phone line.
  • Some of these tools have the option of performing
    a dictionary attack
  • To support the security policy of no
    unauthorized devices are to be attached to the
    data and telephone network.
  • Companies perform war dialing on their own
    network
  • Some PBX phone systems have the capability to
    detect modem signals on analog phone lines and
    audit/record their usage.
  • Configuring the modem to answer on the fourth
    ring or higher
  • attackers may not be able to tell that the
    telephone line is actually being used for remote
    data access.

5
ISDN
  • Integrated Services Digital Network (ISDN) enable
    data, voice, and other types of traffic to travel
    over a medium in a digital manner that was
    previously used only for analog voice
    transmission.
  • Provides a digital point-to-point
    circuit-switched medium and establishes a circuit
    between the two communicating devices.
  • ISDN provides two basic home and business
    services Basic Rate Interface (BRI) and Primary
    Rate Interface (PRI)
  • BRI has two B channels that enable data to be
    transferred and one D channel that provides for
    call setup, connection management, error control,
    caller ID, etc. The bandwidth is 144 Kbps.
  • PRI has 23 B channels and one D channel, is more
    commonly used in corporations. The bandwidth is
    equivalent to a T1, which is 1.544 Mbps
  • ISDN is not usually the primary
    telecommunications connection for companies, but
    it can be used as a backup.

6
DSL
  • Digital Subscriber Line (DSL) is a high-speed
    connection technology used to connect a home or
    business to the service providers central
    office.
  • uses all of the available frequencies that are
    available on a voice-grade UTP line
  • Always connected
  • provide up to 52-Mbps transmission speed
  • have to be within a 2.5-mile radius of the DSL
    service providers equipment. As the distance
    between a residence and the central office
    increases, the transmission rates for DSL
    decrease.
  • DSL offers
  • Symmetric services (SDSL)
  • Asymmetric services (ADSL)
  • ISDN DSL (IDSL)
  • High-bit-rate DSL (HDSL)

7
Cable Modem
  • Cable modems provide high-speed access, up to 50
    Mbps, to the Internet through existing cable
    coaxial and fiber lines.
  • Coaxial and fiber cables are used to deliver
    hundreds of television stations to users, and one
    or more of the channels on these lines are
    dedicated to carrying data.
  • Always connected
  • The bandwidth is shared between users in a local
    area therefore, it will not always stay at a
    static rate.
  • Sharing the same media brings up security
    concerns, because users with network sniffers can
    easily view their neighbors traffic and data
  • Many cable companies are now encrypting the data

8
VPN (1)
  • A virtual private network (VPN) is a secure,
    private connection
  • through a public network

9
VPN (2)
  • Remote users can use VPNs to connect to their
    company network to
  • access their e-mail, network resources, and
    corporate assets.
  • A remote user must have VPN client installed to
    use a VPN.
  • The user first makes a PPP connection to an ISP,
    and the ISP makes a full connection for the user
    to the destination network. (VPN server)
  • PPP encapsulates datagrams to be properly
    transmitted over a telecommunication link.
  • Once this connection has been made, the users
    software initiates a VPN connection with the
    destination network.
  • the two entities go through a handshaking phase
    to agree upon the type of encryption that will be
    used and the key.

10
VPN (3) Tunneling
  • Tunneling is how the VPN creates its private
    connection
  • A tunnel is a virtual path across a network that
    delivers packets that are encapsulated and
    possibly encrypted.
  • E.g.1 When an Ethernet network is connected to an
    FDDI backbone, that FDDI network does not
    understand the Ethernet frame format thus, the
    packets must be encapsulated within the FDDI
    protocol when they are sent over the FDDI
    network.
  • E.g.2 If two networks use IPX and need to
    communicate across the Internet, these messages
    must also be encapsulated in a protocol that the
    Internet can understand, such as IP.

11
VPN (4) PPP
  • Point-to-Point Protocol (PPP) allows TCP/IP
    traffic to be transmitted over a medium that was
    developed for telephone voice data.
  • PPP needs to encapsulated the data traffic before
    it is put onto telephone link.
  • PPP can authenticate to a network authentication
    server
  • Password Authentication Protocol (PAP)
  • Challenge Handshake Authentication Protocol
    (CHAP)
  • Extensible Authentication Protocol (EAP)
  • Since PPP frames are not routable over Internet,
    another tunneling protocol ( PPTP, L2TP, and
    IPSec) must encapsulate the PPP data in IP
    packets and tunnel it through the Internet to the
    corporate network. (three tunneling protocols
    will be covered in a moment)

12
VPN (5) PPP authentication
  • Password Authentication Protocol (PAP)
  • The password / username credentials are sent over
    the network to the authentication server via PPP
  • The authentication server has a database of user
    credentials that are compared to the supplied
    credentials to authenticate users.
  • the credentials are sent in cleartext ? the least
    secure authentication methods

13
VPN (6) PPP authentication
  • Challenge Handshake Authentication Protocol
    (CHAP)
  • uses a challenge/response mechanism to
    authenticate the user instead of sending a
    password.

14
VPN (7) PPP authentication
  • Extensible Authentication Protocol (EAP)
  • provides a framework to enable many types of
    authentication techniques to be used during PPP
    connections.
  • extends the authentication possibilities from PAP
    and CHAP to other methods such as one-time
    passwords, token cards, biometrics, Kerberos.
  • When a user dials into an authentication server
    and both have EAP capabilities, they can
    negotiate between a list of possible
    authentication methods.

15
VPN (8) Three main tunneling protocols
  • Three main tunneling protocols are used in VPN
    connections
  • Point-to-Point Tunneling Protocol (PPTP)
  • L2TP
  • IPSec
  • These tunneling protocols reduce the cost of
    remote dial-up networking
  • the user can dial into a local ISP instead of
    dialing directly to the corporate network

16
(No Transcript)
17
VPN (9) Point-to-Point Tunneling Protocol
  • PPTP, a Microsoft protocol, allows remote users
    to set up a PPP connection to a local ISP and
    then create a secure VPN to their destination.
  • PPTP has been the de facto industry-standard
    tunneling protocol for years
  • The new de facto standard for VPNs is IPSec
  • The users data is encapsulated within PPP, and
    then this PPP frame is encapsulated by PPTP. This
    encapsulation allows the resulting frame to be
    routable over Internet.
  • When using PPTP, the PPP payload is encrypted.
    The keys are generated during the authentication
    process between the user and the authentication
    server.
  • Limitation PPTP can work only over IP networks

18
PPTP Frame
19
VPN (10) Layer 2 Tunneling Protocol (L2TP)
  • Cisco developed Layer 2 Tunneling Protocol (L2TP)
    would tunnel PPP traffic through other types of
    networks (frame relay, X.25, and ATM) other than
    just IP network)
  • provides a higher level of security when combined
    with IPSec.
  • supports TACACS and RADIUS

20
VPN (11) IPSec
  • In IPSec, more than one security protocol can be
    applied to a packet.
  • IPSec can also be configured to provide iterated
    tunneling, in which an IPSec tunnel is tunneled
    through another IPSec tunnel.
  • Why do we need iterated tunneling ?
  • if the traffic needed different levels of
    protection at different junctions of its path.

21
Index
  • Remote Access
  • Wireless Technologies

22
Wireless Technologies (1)
  • Wireless communication involves transmitting
    signals via radio waves through air and space
  • television transmissions, cellular phones,
    satellite transmissions, spying, surveillance,
    and garage door openers,
  • frequency and amplitudes
  • Signals are measured in frequency and amplitudes.
  • The frequency dictates how much data can be
    carried and how far.
  • The higher the frequency, the more data the
    signal can carry
  • The higher the frequency, the more susceptible
    the signal is to atmospheric interference. (more
    like light, which will be blocked by obstacles)
  • High frequency equipments are more expensive

23
Wireless Technologies (2)
  • In wireless technologies, each device must share
    the allotted radio frequency spectrum with all
    other wireless devices that need to communicate.
  • only one computer can send data at any given
    time, otherwise a collision can take place.
  • Ethernet LAN employs the CSMA/CD (collision
    detection) technology. Wireless technology is
    very similar to Ethernet but it uses CSMA/CA
    (collision avoidance).
  • Two different types of spread spectrum
    techniques
  • frequency hopping
  • Direct sequence

24
Wireless Technologies (3)
  • Frequency Hopping Spread Spectrum (FHSS) takes
    the total amount of bandwidth (spectrum) and
    splits it into smaller subchannels.
  • The sender and receiver work at one of these
    channels for a specific amount of time and then
    move to another channel.
  • Hop sequence the FHSS algorithm determines the
    individual frequencies that will be used and in
    what order
  • reduce the probability of interference
  • difficult for eavesdropping

25
Wireless Technologies (4)
  • Direct Sequence Spread Spectrum (DSSS)
  • the sender combines the data with the chipping
    sequence, the new form of the information is
    modulated with a radio carrier signal, and it is
    shifted to the necessary frequency and
    transmitted.
  • The receiver has to know the correct chipping
    sequence to change the received data into its
    original format.
  • the sender and receiver must be properly
    synchronized.
  • the sequence of how the chips are applied is
    referred to as the chipping code.

26
Wireless Technologies (5)
FHSS DSSS
uses only a portion of the total bandwidth available at any one time uses all of the available bandwidth continuously.
uses a narrow band carrier spreads the signals over a wider frequency band
higher data throughput and more security
27
WLAN (1)
  • Infrastructure WLAN
  • Wireless devices communicate with AP over the
    same channel.
  • The AP and wireless devices form a basic service
    set (BSS), which has a SSID.
  • Access point (AP) is a transceiver, usually
    connects to wired networks
  • Ad hoc WLAN
  • no AP
  • the wireless devices communicate with each other
    through their wireless NICs

28
WLAN (2)
  • IEEE created several task groups to work on
    specific areas within wireless communications.
  • IEEE 802.11 project
  • The first WLAN standard, 802.11 was developed in
    1997
  • Uses FHSS
  • works in the 2.4-GHz (unlicensed) frequency range
  • provides 12 Mbps transfer rate

29
WLAN (3)
  • 802.11b
  • Uses DSSS
  • works in the 2.4-GHz (unlicensed) frequency range
  • provides up to 11 Mbps transfer rate
  • The most common standard used today
  • 802.11a
  • Uses use the orthogonal frequency division
    multiplexing (OFDM) modulation scheme
  • works in the 5-GHz frequency range
  • provides up to 54 Mbps transfer rate, but covers
    smaller range

30
WLAN (4)
  • 802.11e
  • provided QoS and proper support of multimedia
    traffic.
  • QoS provides the capability to prioritize
    traffic, and it affords guaranteed delivery
  • 802.11f
  • Roaming as the user moves out of the range of the
    first AP, another AP needs to pick up and
    maintain her signal
  • 802.11f outlines how authentication and other
    necessary information can be properly shared
    among different APs during roaming

31
WLAN (5)
  • 802.11g
  • A speed extension for 802.11b, backward
    compatible with 802.11b
  • provides up to 54 Mbps transfer rate
  • works in the 2.4-GHz (unlicensed) frequency range
  • 802.11h
  • builds upon the 802.11a specification to meet the
    requirements of European wireless rules

32
Security in WLAN (1)
  • Security in WLAN
  • Open system authentication (OSA)
  • Wired Equivalent Privacy (WEP)
  • Extensible Authentication Protocol (EAP)
  • Open system authentication (OSA)
  • Does not require the wireless device to prove to
    the AP that it has a specific cryptographic key
    for authentication.
  • In many cases, the wireless device needs to
    provide only the correct SSID value.
  • Some APs are configured to broadcast their SSIDs
  • All transactions are in clear text

33
Security in WLAN (2)
  • Shared key authentication (SKA)
  • The wireless device is authenticated to the AP by
    proving that it has the necessary encryption key.
  • The AP sends a random value to the wireless
    device.
  • The device encrypts this value with its
    cryptographic key and returns it.
  • The AP decrypts and extracts the response, and if
    it is the same as the original value, the device
    is authenticated.
  • SKA Is based on the Wired Equivalent Privacy
    (WEP) protocol
  • Enables data transfers to be encrypted.
  • Note WEP is usually disabled by default on the
    commonly purchased wireless AP devices.

34
Security in WLAN (3)
  • Extensible Authentication Protocol (EAP)
  • The use of Extensible Authentication Protocol
    (EAP) and 802.1X to enforce user authentication
    and mutual authentication has been integrated
    into 802.11i.
  • Message Integrity Code (MIC) is integrated to
    detect modifications of bits during transmission
  • The Temporal Key Integrity Protocol (TKIP)
    generates random values that are used in the
    encryption process
  • Includes the new Advanced Encryption Standard
    (AES) algorithm

35
Security in WLAN (4) 802.11i
  • 802.11i documents a wide range of security flaws
    in old WLAN standards
  • No user authentication
  • no mutual authentication between the wireless
    device and AP
  • rogue APs can be erected
  • Wireless traffic can be easily sniffed, data can
    be modified during transmission without the
    receiver being notified
  • a flawed encryption protocol
  • encrypted wireless traffic to be easily broken
    with downloadable tools

36
Security in WLAN (5) 802.11i
  • The 802.11i standard employs two different
    approaches
  • Temporal Key Integrity Protocol (TKIP) works with
    WEP by feeding it keying material, which is data
    to be used for generating new dynamic keys.
  • More complexity is added to the key generation
    process
  • only need to obtain firmware or software updates
    instead of purchasing new equipment for this type
    of protection.
  • CCM Protocol (CCMP)
  • The use of AES algorithm in counter mode with
    CBC-MAC (CCM)
  • The AES is a much stronger algorithm than RC4

37
Security in WLAN (6) TKIP
  • TKIP addresses the deficiencies of WEP pertaining
    to static WEP
  • keys and inadequate use of IV values.
  • Provides the ability to rotate encryption keys to
    fight against attacks
  • increases the length of the IV value and ensures
    that each and every frame has a different IV
    value.
  • The changing IV values and resulting keys make
    the resulting key stream less predictable
  • Deals with the integrity issues by using a MIC
    instead of an ICV function.
  • A symmetric key is used with a hashing function,
    which is similar to a CRC function but stronger.
  • The use of MIC instead of ICV ensures that the
    receiver will be properly alerted if changes to
    the frame take place during transmission.

38
Security in WLAN (7) 802.1X
  • The 802.1X standard is a port-based network
    access control
  • ensures that a user cannot make a full network
    connection until he is properly authenticated.
  • 802.11i is the lower layer contains the improved
    encryption algorithms (TKIP and CCMP). 802.1X
    contains the layer that resides on top of it .
  • 802.1X provides an authentication framework and a
    method of dynamically distributing encryption
    keys
  • the supplicant (wireless device)
  • the authenticator (AP)
  • the authentication server (usually a RADIUS
    server).

39
Security in WLAN (8) 802.1X
  • 802.1X provides the framework that allows for the
    different EAP
  • modules to be added by a network administrator.
  • The two entities (supplicant and authenticator)
    agree upon one of these authentication methods
    (EAP modules) during their initial handshaking
    process.
  • Cisco uses a purely password-based authentication
    framework called Lightweight Extensible
    Authentication Protocol (LEAP).
  • Other vendors, including Microsoft, use EAP and
    Transport Layer Security (EAP-TLS), which carries
    out authentication through digital certificates.
  • Another choice is Protective EAP (PEAP), where
    only the server uses a digital certificate.

40
other wireless standards (1)
  • Some other wireless standards
  • The 802.11j task group has been working on
    bringing together many of the different standards
    and streamlining their development to allow for
    better interoperability across borders.
  • 802.11n is designed to be much faster
  • throughput gt 100 Mbps, uses multiple input,
    multiple output (MIMO) to increase the
    throughput.
  • two receive and two transmit antennas to
    broadcast in parallel using a 20-MHz channel.
  • works at the same frequency range of 802.11a (5
    GHz)

41
other wireless standards (2)
  • 802.16 is a metropolitan area network (MAN)
    wireless standard broadband wireless access
  • cover a much wider geographical area.
  • 802.15 is a wireless personal area network (WPAN)
    standard
  • allows for connectivity to take place among local
    devices
  • The Bluetooth wireless technology is a portion of
    the 802.15 standard.
  • has a 13 Mbps transfer rate
  • works in a range of approximately ten meters.
  • Security risks when transferring unprotected data
    via Bluetooth in a public area
  • In Bluejacking attack, someone sends an
    unsolicited message to a device that is Bluetooth
    enabled.

42
WAP (1)
  • Wireless Application Protocol (WAP) is a de facto
  • market and industry-driven protocol stack.
  • standardizes the way that wireless devices
    interface with each other and the Internet
  • Why do we need WAP?
  • performs similar functionalities to those
    performed by protocols in the TCP/IP stack.
  • E.g., Wireless Markup Language (WML), Wireless
    Transport Layer Security (WTLS)

43
WAP (2)
  • WTLS works similarly to SSL/TLS, by encrypting
    data and allowing for authentication to take
    place between the communicating devices.
  • WTLS has three classes that define how
    authentication takes place
  • Class 1 Anonymous authentication
  • Class 2 Server authentication
  • Class 3 Two-way client and server authentication

44
WAP (3)
  • A gateway is required to translate between WAP
    and the Internets protocols and application
    types
  • Gap in the WAP at the service providers
    gateway, WTLS encrypted data will be decrypted at
    the service providers site and then encrypted
    with SSL or TLS ? for a second or two, the data
    is not protected.

45
WAP (4)
  • The newer version of WAP is WAP2
  • WAP2 is used mainly in North America
  • Another wireless protocol stack i-Mode was
    developed by a company in Japan NTT DoCoMo
  • Used in Japan and is currently spreading
    throughout Asia and parts of Europe

46
Mobile Phone Security
  • Mobile Phone can connect to computers and
    networks, and thus are new entry points for
    malicious activities.
  • should include this new technology and source of
    security breaches into their policies and
    security program.
  • Cell phone cloning
  • A regular cell phone can be stolen and then
    reprogrammed with
  • Someone elses access credentials. This is a
    common activity used
  • by organized crime rings
  • Rouge base stations
  • When a cell phone sends authentication data to
    this rouge base station, the attacker captures it
    and can now use it to authenticate and gain
    unauthorized access to the cellular network.

47
War Driving for WLANs (1)
  • War driving attackers who drive around looking
    for wireless LANs to intercept

48
War Driving for WLANs (2)
  • Tools for war driving
  • Sniffer Kismet and NetStumbler
  • WEP craker Airsnarf, AirSnort, and WEPCrack
  • How to prevent war driving?
  • the best practices pertaining to WLAN
    implementations (P569) -- (You should be able to
    list a few of them)
Write a Comment
User Comments (0)
About PowerShow.com