How to Secure TCP/IP Networks


Securing TCP IP
This section of network operations and security will cover securing TCP/IP networks and connections. This involves discussing the standard methods used in securing TCP/IP networks, comparing the standards used securing TCP/IP, and finally learn how to securely implement a TCP/IP application.

Originally, TCP/IP did not have legitimate security and all IP enabled devices were targeted. The four primary areas involved in securing these networks are encryption, non-repudiation, authentication, and authorization. This means scrambling data, ensuring a message goes through, ensure it’s only seen by the right users, and defining what is done with the data, respectively. Ciphers and cryptography work together to encrypt data in stream ciphers and other encryption methods. Data Encryption Standard (DES), Advanced Encryption Standard (AES), asymmetric, public key, hash functions, and many other types of encryption are used to secure important data.

PKI is a networking system that guarantees non-repudiation for strangers using a system of certificates and third-party signatures. Similarly, authentication is a very important component of securing networks that guarantees only the right users see their intended messages. This is typically done with a username and password entered by the user. A network technician must understand the different types of TCP/IP network authentication. Authorized users on the Access Control List (ACL) may have Mandatory, Discretionary, or Role-Based Access Control: MAC, DAC, and RBAC respectively.

Creating a secure application for use in TCP/IP networks involves establishing Authentication, Authorization, and Accounting (AAA). RADIUS, or Remote Authentication Dial-in User Service, was created to support AAA standards at large ISPs with modem banks. Microsoft’s Internet Authentication Service (IAS) is the standard for Windows, while FreeRADIUS supports Linux. One RADIUS connection can support multiple NAS devices. Authentication is carried out from an Authentication Server (AS) at a Key Distribution Center (KDC) via the Kerberos process. This process is useful, but potentially inefficient if a downed connection disables the entire authentication process. Security protocols such as SCP and SNMP allow us to create complex connections and networks quickly and securely. LDAP allows us to replicate complex storage structures, and NTP, or Network Time Protocol, maintains a reliable timestamp for the server. This protocol does not pose any real security risk.

Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.


Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?