Network Plus 2005 In Depth

642 Chapter 14 NETWORK SECURITY

2.17bank’s account access URL, your browser initiates an SSL connection with the handshake protocol. The handshake protocol sends a special message to the server, called a client_hello message, which contains information about what level of security your browser is capable of accepting and what type of encryption your browser can decipher (for example, RSA or DiffieHellman). The client_hello message also establishes a randomly generated number that uniquely identifies your client and another number that identifies your SSL session. The server responds with a server_hello message that confirms the information it received from your client and agrees to certain terms of encryption based on the options your client supplied. Depending on the Web server’s preferred encryption method, the server may choose to issue your browser a public key or a digital certificate at this time. After the client and server have agreed on the terms of encryption, they begin exchanging data.

SSL was originally developed by Netscape. Since that time, the IETF has attempted to standardize SSL in a protocol called TLS (Transport Layer Security). Besides standardizing SSL for use with software from multiple vendors, IETF also aims to create a version of SSL that encrypts UDP as well as TCP transmissions. TLS, which is supported by new Web browsers (such as Internet Explorer version 5.0 and higher and Netscape version 6.0 and higher), uses slightly different encryption algorithms than SSL, but otherwise is very similar to the most recent version of SSL.

SSH (Secure Shell)

NET+

2.10Earlier in this book, you learned about Telnet, the TCP/IP utility that provides remote connections to hosts. For example, if you were a network administrator working at one of your company’s satellite offices and had to modify the configuration on a router at the home office, you could telnet to the router (over a VPN, for example) and run commands to modify its configuration. However, Telnet provides little security for establishing a connection (authenticating) and no security for transmitting data (encryption). SSH (Secure Shell) is a collection of protocols that does both. With SSH, you can securely log on to a host, execute commands on that host, and copy files to or from that host. SSH encrypts data exchanged throughout the session. It guards against a number of security threats, including: unauthorized access to a host, IP spoofing, interception of data in transit (even if it must be transferred via intermediate hosts), and DNS spoofing, in which a hacker forges name server records to falsify his host’s identity. Depending on the version, SSH may use DES, Triple DES, RSA, Kerberos, or another, less common encryption algorithm or method.

SSH was developed by SSH Communications Security, and use of their SSH implementation requires paying for a license. However, open source versions of the protocol suite, such as OpenSSH, are available for most computer platforms. To form a secure connection, SSH must be running on both the client and server. Like Telnet, the SSH client is a utility that can be run at the shell prompt on a UNIX-type of system or at the command prompt on a Win- dows-based system. Other versions of the program come with a graphical interface. The SSH suite of protocols is included with all modern UNIX and Linux distributions and with Mac OS X Server and Mac OS X client operating systems. For Windows-based computers, you must download a freeware GUI SSH client, such as PuTTy or Tectia.

2.10private key on your client workstation by running the ssh keygen command (or by choosing the correct menu options in a graphical SSH program). The keys are saved in two different, encrypted files on your hard disk. Next, you must transfer the public key to an authorization file on the host to which you want to connect. Finally, you are ready to connect to the host via SSH. On a UNIX-type of computer, this is accomplished by running the slogin -l user-

name hostname command, where username is your client user name and hostname is the name of the host to which you are trying to connect. The client and host then exchange public keys, and if both can be authenticated, the connection is completed. On a Windows-based computer, follow the menu options in the SSH client application.

SSH is highly configurable. For example, it can be configured to use one of several types of encryption for data en route between the client and host. It can be configured to require that the client enter a password in addition to a key. It can also be configured to perform port forwarding, which means it can redirect traffic that would normally use an insecure port (such as FTP) to an SSH-secured port. This allows you to use SSH for more than simply logging on to a host and manipulating files. With port forwarding you could, for example, exchange HTTP traffic with a Web server via a secured SSH connection.

SCP (Secure CoPy) and SFTP (Secure

File Transfer Protocol)

An extension to OpenSSH is the SCP (Secure CoPy) utility, which allows you to copy files from one host to another securely. SCP replaces insecure file copy protocols such as FTP, which do not encrypt user names, passwords, or data while transferring them. Most modern OpenSSH packages, such as those supplied with the UNIX, Linux, and Macintosh OS X (client and server version) operating systems, include the SCP utility. Not all freeware SSH programs available for Windows include SCP, but separate, freeware SCP applications, such as WinSCP, exist.

SCP is simple to use. At the shell prompt of a UNIX-type of system, type scp filename1 filename2, where filename1 is the name of the file on the source host and filename2 is the name of the file on the target host. Suppose you are copying a file from a server to your client workstation. In that case, you also need to include your user name on the server and the server’s host name in the command, as follows:

scp userid@hostname:filename1 filename2

In this command, userid is your user name on the server, hostname is the server’s fully qualified host name, filename1 is the name of the file on the server, and filename2 is what you want to call the file on your client workstation. On a Windows-based system, follow the menu options in your SSH or SCP client for copying files with SCP.

If your system uses the proprietary version of SSH, available from SSH Communications Security, you need to use SFTP (Secure File Transfer Protocol) to copy files rather than SCP. SFTP is slightly different from SCP, in that it does more than copy files. Like FTP, SFTP

644 Chapter 14 NETWORK SECURITY

2.10list files, and copy files. To open an SFTP connection from a UNIX-type of system, type sftp hostname at a shell prompt, where hostname is the fully qualified host name of the computer to which you want to connect. To copy a file, type get filename1 filename2, where filename1 is the name of the file on the source computer and filename2 is what you want to call the file on the target computer. To close the SFTP connection, type quit and then press Enter. On a Win- dows-based system, follow the menu options in the SSH or SFTP client for copying files with SFTP.

The following section describes another technique for encrypting data in transit on a network.

NET+ IPSec (Internet Protocol Security)

2.17IPSec (Internet Protocol Security) protocol defines encryption, authentication, and key management for TCP/IP transmissions. It is an enhancement to IPv4 and is native to the newer IPv6 standard. IPSec is somewhat different from other methods of securing data in transit. Rather than apply encryption to a stream of data, IPSec actually encrypts data by adding security information to the header of all IP packets. In effect, IPSec transforms the data packets. To do so, IPSec operates at the Network layer (Layer 3) of the OSI Model.

IPSec accomplishes authentication in two phases. The first phase is key management, and the second phase is encryption. Key management refers to the way in which two nodes agree on common parameters for the keys they will use. IPSec relies on IKE (Internet Key Exchange) for its key management. IKE is a service that runs on UDP port 500. After IKE has established the rules for the type of keys two nodes will use, IPSec invokes its second phase, encryption. In this phase, two types of encryption may be used: AH (authentication header) and ESP (Encapsulating Security Payload). It is not important to know the inner workings of these services to qualify for Network+ certification, but you should be aware that both types of encryption provide authentication of the IP packet’s data payload through public key techniques. In addition, EPS encrypts the entire IP packet for added security.

IPSec can be used with any type of TCP/IP transmission. However, it most commonly runs on routers or other connectivity devices in the context of VPNs. As you learned in Chapter 7, VPNs are used to transmit private data over public networks. Therefore, they require strict encryption and authentication to ensure that data is not compromised.

Authentication Protocols

You have learned that authentication is the process of verifying a user’s credentials (typically a user name and password) to grant the user access to secured resources on a system or network. Authentication protocols are the rules that computers follow to accomplish authentication. Several types of authentication protocols exist. They vary according to which encryption schemes they rely on and the steps they take to verify credentials. The following sections describe some common authentication protocols in more detail.

NET+ RADIUS and TACACS

2.18In environments in which many simultaneous dial-up connections must be supported and their user IDs and passwords managed, a service called RADIUS (Remote Authentication Dial-In User Service) might be used to authenticate users. RADIUS is a service defined by the IETF that runs over UDP and provides centralized network authentication and accounting for multiple users. RADIUS can operate as a software application on a remote access server or on a computer dedicated to this type of authentication, called a RADIUS server. A RADIUS server does not replace functions performed by the remote access server, but communicates with the access server to manage user logons. RADIUS is frequently used with dialup networking connections.

RADIUS servers are highly scalable, as they can attach to pools containing hundreds of modems. Many Internet service providers use a RADIUS server to allow their subscribers to dial into their network and gain access to the Internet. Other organizations employ it as a central authentication point for mobile or remote users. RADIUS is also more secure than a simple remote access solution because its method of authentication prevents users’ IDs and passwords from traveling across the connection in clear text format.

Figure 14-8 illustrates these two methods for allowing remote users to connect using RADIUS authentication. RADIUS can run on UNIX, Linux, Windows, Macintosh, or NetWare networks. A similar, but earlier version of a centralized authentication system is TACACS (Terminal Access Controller Access Control System).

FIGURE 14-8 A RADIUS server providing centralized authentication

646 Chapter 14 NETWORK SECURITY

NET+ PAP (Password Authentication Protocol)

2.18In Chapter 7’s discussion of remote access protocols, you were introduced to PPP (Point-to- Point Protocol), which belongs to the Data Link layer of the OSI Model and provides the foundation for connections between remote clients and hosts. PPP alone, however, does not secure connections. For this it requires an authentication protocol.

In fact, several types of authentication protocols can work over PPP. One is PAP (Password Authentication Protocol). After establishing a link with a server through PPP, a client uses PAP to send an authentication request that includes its credentials—usually a user name and password. The server compares the credentials to those in its user database. If the credentials match, the server responds to the client with an acknowledgment of authentication and grants the client access to secured resources. If the credentials do not match, the server denies the request to authenticate. Figure 14-9 illustrates PAP’s two-step authentication process.

FIGURE 14-9 Two-step authentication used in PAP

Thus, PAP is a simple authentication protocol, but it is not very secure. It sends the client’s credentials in clear text, without encryption, and this opens the way for eavesdroppers to capture a user name and password. In addition, PAP does not protect against the possibility of a malicious intruder attempting to guess a user’s password through a brute force attack. For these reasons, PAP is rarely used on modern networks. Instead, more sophisticated protocols, such as those described in the following sections, are preferred.

CHAP and MS-CHAP

CHAP (Challenge Handshake Authentication Protocol) is another authentication protocol that operates over PPP. Unlike PAP, CHAP encrypts user names and passwords for transmission. It also differs from PAP in that it requires three steps to complete the authentication process. Together, these steps are known as a three-way handshake.

In CHAP, the authenticating device (for example, the remote access server in a dial-up scenario) takes the first step in authentication after PPP establishes a connection between it and the computer requesting authentication (for example, a dial-up client). The server sends the client a randomly generated string of characters called the challenge. In the second step, the client adds its password to the challenge and encrypts the new string of characters. It sends this new string of characters in a response to the server. Meanwhile, the server also concatenates the user’s password with the challenge and encrypts the new character string, using the

2.18server compares the encrypted string of characters it received from the client with the encrypted string of characters it has generated. If the two match, it authenticates the client. But if the two differ, it rejects the client’s request for authentication. Figure 14-10 illustrates the threeway handshake used in CHAP.

2.18XP, and Server 2003 operating systems. Only Windows 2000, XP, and Server 2003 support

3.4MS-CHAPv2 for dial-up connections. And by default, Windows XP clients are configured to support PAP, CHAP, MS-CHAP, and MS-CHAPv2 when making dial-up connections.

To modify the dial-up connection’s supported authentication protocols on a Windows XP client:

1.Click Start, and then click My Network Places. The My Network Places window opens.

2.Under Network Tasks, click View Network Connections. The Network Connections window opens.

3.Right-click the dial-up connection and choose Properties from the shortcut menu. The dial-up connection’s Properties dialog box opens.

4.Click the Security tab to view security options for this connection.

NET+ EAP (Extensible Authentication Protocol)

2.18EAP (Extensible Authentication Protocol) is another extension to the PPP protocol suite. It differs from the authentication protocols discussed previously in that it is only a mechanism for authenticating clients and servers; it does not perform encryption or authentication on its own. Instead, it works with other encryption and authentication schemes to verify the credentials of clients and servers.

Like CHAP, EAP requires the authenticator (for example, the server) initiate the authentication process by asking the connected computer (for example, the client) to verify itself. In EAP, the server usually sends more than one request. In its first request, it asks the client’s identity and indicates what type of authentication to use. In subsequent requests, it asks the client for authentication information to prove the client’s identity. The client responds to each of the servers’ requests in the required format. If the responses match what the server expects, the server authenticates the client.

One of EAP’s advantages is its flexibility. It is supported by nearly all modern operating systems and can be used with any authentication method. For example, although the typical network authentication involves a user ID and password, EAP also works with bio-recognition methods, such as retina or hand scanning. EAP is also adaptable to new technology. Therefore, no matter what future wireless encryption schemes are developed, EAP will support them.

In the case of wireless LANs, EAP is used with older encryption and authentication protocols to form a new, more secure method of connecting to networks from wireless stations. You will learn more about wireless security protocols—and how EAP is used with these—later in this chapter.

Kerberos

Kerberos is a cross-platform authentication protocol that uses key encryption to verify the identity of clients and to securely exchange information after a client logs on to a system. It is an example of a private key encryption service. Kerberos provides significant security advantages over simple network operating system authentication. Whereas an NOS client/server logon process assumes that clients are who they say they are and only verifies a user’s name against the password in the NOS database, Kerberos does not automatically trust clients. Instead, it requires a client to prove its identity through a third party. This is similar to what happens when you apply for a passport. The government does not simply believe that you are “Leah Torres,” but instead requires you to present proof, such as your birth certificate. In addition to checking the validity of a client, Kerberos communications are encrypted and unlikely to be deciphered by any device on the network other than the client. Contrast this type of transmission to the normally unencrypted and vulnerable communication between an NOS and a client.

650 Chapter 14 NETWORK SECURITY

2.18terms used when discussing this protocol. In Kerberos terminology, the server that issues keys to clients during initial client authentication is known as the KDC (Key Distribution Center). To authenticate a client, the KDC runs an AS (authentication service). An AS issues a ticket, which is a temporary set of credentials that a client uses to prove that its identity has been validated (note that a ticket is not the same as a key, which is used to initially validate its identity). A Kerberos client, or user, is known as a principal.

Now that you have learned the terms used by Kerberos, you can follow the process it requires for client/server communication. Bear in mind that the purpose of Kerberos is to connect a valid user with the service that user wants to access. To accomplish this, both the user and the service must register their keys with the authentication service. Suppose the principal is Jamal Sayad and the service is called “inventory.” Jamal first logs on to his network as usual. Next, he attempts to log on to the “inventory” service with his Kerberos principal name and password. (On a Windows 2000 Server or Windows Server 2003 network, the KDC is, by default, the user’s domain controller, and therefore, a user may not need to separately log on to a Kerberosauthenticated service.) The KDC confirms that Jamal Sayad is in its database and that he has provided the correct password. Then, the AS running on the KDC randomly generates two copies of a new key, called the session key. The AS issues one copy to Jamal’s computer and the other copy to the inventory service. Further, it creates a ticket that allows Jamal to use the inventory service. This ticket contains the inventory service key and can only be decrypted using Jamal Sayad’s key. The AS sends the ticket to Jamal Sayad. Jamal’s computer decrypts the session key with Jamal’s personal key. It then creates a time stamp associated with his request, and encrypts this time stamp with the session key. The encrypted time stamp is known as the authenticator. This time stamp helps the service verify that the ticket is indeed associated with Jamal Sayad’s request to use the inventory service. Next, Jamal’s computer sends his ticket and authenticator to the service. The service decrypts the ticket using its own key and decrypts the authenticator using its session key. Finally, the service verified that the principal requesting its use is truly Jamal Sayad as the KDC indicated.

The preceding events illustrate the original version of the Kerberos authentication process. The problem with the original version was that a user had to request a separate ticket each time he wanted to use a different service. To alleviate this inconvenience, Kerberos developers created the TGS (Ticket-granting service), an application separate from the AS that also runs on the KDC. So that the client does not need to request a new ticket from the TGS each time it wants to use a different service on the network, the TGS issues the client a TGT (ticket-granting ticket). After receiving the TGT, any time that the user wants to contact a service, he requests a ticket not from the AS, but from the TGS. Furthermore, the reply is encrypted not with the user’s personal key, but with the session key that the AS provided for use with the TGS. Inside that reply is the new session key for use with the regular service. The rest of the exchange continues as described previously.