Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Securing TCP IP This section of network operations and security will cover securing TCP/IP networks and connections. This involves discussing the standard methods used in securing TCP/IP networks, comparing the standards used securing TCP/IP, and finally learn how to securely implement a TCP/IP application. Originally, TCP/IP did not have legitimate security and all IP enabled devices were targeted. The four primary areas involved in securing these networks are encryption, non-repudiation, authentication, and authorization. This means scrambling data, ensuring a message goes through, ensure it's only seen by the right users, and defining what is done with the data, respectively. Ciphers and cryptography work together to encrypt data in stream ciphers and other encryption methods. Data Encryption Standard (DES), Advanced Encryption Standard (AES), asymmetric, public key, hash functions, and many other types of encryption are used to secure important data. PKI is a networking system that guarantees non-repudiation for strangers using a system of certificates and third-party signatures. Similarly, authentication is a very important component of securing networks that guarantees only the right users see their intended messages. This is typically done with a username and password entered by the user. A network technician must understand the different types of TCP/IP network authentication. Authorized users on the Access Control List (ACL) may have Mandatory, Discretionary, or Role-Based Access Control: MAC, DAC, and RBAC respectively. Creating a secure application for use in TCP/IP networks involves establishing Authentication, Authorization, and Accounting (AAA). RADIUS, or Remote Authentication Dial-in User Service, was created to support AAA standards at large ISPs with modem banks. Microsoft's Internet Authentication Service (IAS) is the standard for Windows, while FreeRADIUS supports Linux. One RADIUS connection can support multiple NAS devices. Authentication is carried out from an Authentication Server (AS) at a Key Distribution Center (KDC) via the Kerberos process. This process is useful, but potentially inefficient if a downed connection disables the entire authentication process. Security protocols such as SCP and SNMP allow us to create complex connections and networks quickly and securely. LDAP allows us to replicate complex storage structures, and NTP, or Network Time Protocol, maintains a reliable timestamp for the server. This protocol does not pose any real security risk.