Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Dec 25, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Guide to Operating System Security
Chapter 9
Web, Remote Access, and VPN Security
2 Guide to Operating System Security
Objectives
Understand Internet security using protocols and services
Configure Web browsers for security Configure remote access services for security Configure virtual private network services for
security
3 Guide to Operating System Security
Internet Security
Protocols and services must be kept secure To ensure privacy of information To discourage the spread of malicious software
4 Guide to Operating System Security
Internet Protocols and Services
Hypertext Transfer Protocol (HTTP) Secure HTTP (S-HTTP) and Hypertext
Transfer Protocol Secure (HTTPS) File Transfer Protocol (FTP) Network File System (NFS) Samba and Server Message Block (SMB)
5 Guide to Operating System Security
HTTP
TCP/IP-compatible application protocol-transports information over the Web
Most recent version: HTTP/1.1 Increases reliability of communications Enables caching Can send message responses before full control
information from a request is received Permits multiple communications over a single
connection
6 Guide to Operating System Security
S-HTTP and HTTPS
Forms of HTTP used for more secure communications
S-HTTP Standards-based protocol that enables use of a variety of
security measures (including CMS and MOSS) HTTPS
Essentially proprietary, but more compatible with encryption for IP-level communications
Uses SSL as a subprotocol
7 Guide to Operating System Security
File Transfer Protocol (FTP)
TCP/IP protocol that transfers files in bulk data streams
Uses two TCP ports (20 and 21) Supports transmission of binary or ASCII
formatted files Commonly used on the Internet Downloading files can be risky
8 Guide to Operating System Security
File Transfer Protocol (FTP)
9 Guide to Operating System Security
Network File System (NFS)
Designed for UNIX/Linux systems for file sharing
Connection-oriented protocol that runs within TCP
Uses remote procedure calls via TCP port 111 Sends data in record streams For security, let only authorized computers use
NFS on host computer
10 Guide to Operating System Security
Samba and Server Message Block
Samba Available for UNIX and Linux computers Enables exchange of files and printer sharing with
Windows-based computers through SMB protocol Server Message Block
Used by Windows-based systems Enables sharing files and printers Employed by Samba
11 Guide to Operating System Security
Using Samba
12 Guide to Operating System Security
Configuring Web Browsers for Security
Applying security measures to popular Web browsers Internet Explorer Mozilla Netscape Navigator
13 Guide to Operating System Security
Configuring Internet Explorer Security
Used with Windows and Mac OS X Configure version of HTTP, use of HTTPS,
FTP, and download access Configure security by zones
Internet Local intranet Trusted sites Restricted sites
14 Guide to Operating System Security
Internet Explorer Security Settings
15 Guide to Operating System Security
Configuring Internet Explorer Security
Internet Explorer Enhanced Security Configuration (Windows Server 2003) Applies default security to protect server Uses security zones and security parameters
preconfigured for each zone
16 Guide to Operating System Security
Installing IE Enhanced Security Configuration
17 Guide to Operating System Security
Configuring Mozilla Security
Open-source Web browser Can run on
Linux (by default with GNOME desktop) UNIX Mac OS X OS/2 Windows-based systems
Security configuration is combined with privacy configuration options
18 Guide to Operating System Security
Mozilla Security Categories
19 Guide to Operating System Security
Privacy & Security Option in Mozilla
20 Guide to Operating System Security
Configuring Netscape Navigator Security
Nearly identical to Mozilla; GUI offers: A buddy list Link to Netscape channels Different sidebar presentation
21 Guide to Operating System Security
Netscape Navigator in Windows 2000 Server
22 Guide to Operating System Security
Privacy & Security Options in Netscape
23 Guide to Operating System Security
Configuring Remote Access Services for Security
Remote access Ability to access a workstation or server through a
remote connection (eg, dial-up telephone line and modem)
Commonly used by telecommuters
24 Guide to Operating System Security
Microsoft Remote Access Services
Enables off-site workstations to access a server through telecommunications lines, the Internet, or intranets
25 Guide to Operating System Security
Microsoft RAS
26 Guide to Operating System Security
Microsoft RAS - Supported Clients
MS-DOS Windows 3.1 and 3.11 Windows NT/95/98 Windows Millennium Windows 2000 Windows Server 2003 and XP Professional
27 Guide to Operating System Security
Microsoft RAS
Supports different types of modems and communications equipment
Compatible with many network transport and remote communications protocols
28 Guide to Operating System Security
Microsoft RAS – Supported Connections (Continued)
Asynchronous modems Synchronous modems Null modem communications Regular dial-up telephone lines Leased telecommunication lines (eg, T-carrier)
29 Guide to Operating System Security
Microsoft RAS – Supported Connections (Continued)
ISDN lines (and “digital modems”) X.25 lines DSL lines Cable modem lines Frame relay lines
30 Guide to Operating System Security
Microsoft RAS – Supported Protocols
NetBEUI TCP/IP NWLink PPP PPTP L2TP
31 Guide to Operating System Security
Understanding Remote Access Protocols
Transport protocols TCP/IP IPX NetBEUI
Remote access protocols Serial Line Internet Protocol (SLIP)
• CSLIP Point-to-Point Protocol (PPP)
• PPTP• L2TP
32 Guide to Operating System Security
Configuring a RAS Policy
Employ callback security options (No Callback, Set by Caller, Always Callback to)
Install Internet Authentication Service (IAS) Can be employed with Remote Authentication
Dial-In User Service (RADIUS) and RADIUS server
Add participating RAS and VPN servers
33 Guide to Operating System Security
Remote Access Policies Objects in the IAS Tree
34 Guide to Operating System Security
Granting Remote Access Permission to RAS
35 Guide to Operating System Security
Enabling Access for a User’s Account via Remote Access Policy
36 Guide to Operating System Security
Configuring a RAS Policy
Use Remote Access Policies to configure security types Authentication Encryption Dial-in constraints
37 Guide to Operating System Security
RAS Authentication Types (Continued)
Challenge Handshake Authentication Protocol (CHAP)
Extensible Authentication Protocol (EAP) MS-CHAP v1 (aka CHAP with Microsoft
extensions) MS-CHAP v2 (aka CHAP with Microsoft
extensions version 2)
38 Guide to Operating System Security
RAS Authentication Types (Continued)
Password Authentication Protocol (PAP) Shiva Password Authentication Protocol
(SPAP) Unauthenticated
39 Guide to Operating System Security
RAS Encryption Options
40 Guide to Operating System Security
RAS Dial-in Constraints Options
Idle and session timeouts Day and time restrictions Whether access is restricted to a single number Whether access is restricted based on media
used
41 Guide to Operating System Security
Security on a Virtual Private Network
VPN An intranet designed for restricted access by
specific clients based on subnets, IP addresses, user accounts, or a combination
Apply same remote access policies as to RAS servers
42 Guide to Operating System Security
Summary
Protocols and services that enable Internet security
Configuring Web browsers for security Internet Explorer Mozilla Netscape Navigator
How to configure a server’s remote access services to enforce security
Applying security options to a VPN
Related Documents
