A Journey Into the Emotions of Software Developers
Comp tia n+_session_09
1. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Objectives
In this session, you will learn to:
Identify network authentication methods.
Identify major data encryption methods and
technologies.
Identify the primary techniques used to secure Internet
connections.
Identify the major architectures in remote networking
implementations.
Identify common terminal services network
implementations.
Ver. 1.0 Session 9 Slide 1 of 38
2. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Network Authentication Methods
In a network environment, the security settings control how
users and computers authenticate to the network.
Authentication is the first line of defense against attack or
intrusion into network systems.
The various network authentication methods are:
Strong Passwords
Kerberos
Extensible Authentication Protocol (EAP)
Ver. 1.0 Session 9 Slide 2 of 38
3. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Strong Passwords
• A strong password is a password that meets complexity
requirements that are set by a system administrator and
documented in a password policy by specifying:
Minimum length
Special characters !Pass1234
Uppercase
letters Numbers
Lowercase letters
• Authentication based entirely on a user name/password
combination is sometimes called authentication by
assertion.
Ver. 1.0 Session 9 Slide 3 of 38
4. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Kerberos
• Kerberos is an Internet standard authentication protocol
that links a user name and password to an authority that
can certify that the user is valid and also verify the user’s
ability to access resources.
KAS
Authenticates
Trusts KAS
with KAS
Uses credentials
to access resources
Resource
User01 server
Ver. 1.0 Session 9 Slide 4 of 38
5. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
The Kerberos Process
A Kerberos client uses a Kerberos authentication process to
establish a secure connection with a service.
1
Credentials
2
KAS
User01 TGT
5 3
TGT
4
Session
Session
Resource server
Ver. 1.0 Session 9 Slide 5 of 38
6. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Extensible Authentication Protocol (EAP)
• Extensible Authentication Protocol (EAP) is an
authentication protocol that enables systems to use
hardware-based identifiers, such as fingerprint scanners or
smart card readers, for authentication.
EAP enables hardware-based authentication
Fingerprint scanner
Smart card reader
Ver. 1.0 Session 9 Slide 6 of 38
7. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 11-4
Activity Examining
Strong Passwords
Ver. 1.0 Session 9 Slide 7 of 38
8. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Data Encryption
• Data encryption is a way to secure client information.
• The various data encryption methods and technologies are:
Key-Based Encryption Systems
Data Encryption Standard (DES)
Digital Certificates
Public Key Infrastructure (PKI)
The Certificate Encryption Process
The Certificate Authentication Process
IP Security (IPSec)
IPSec Levels
IPSec Policies
Secure Sockets Layer (SSL)
The SSL Process
Ver. 1.0 Session 9 Slide 8 of 38
9. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Key-Based Encryption Systems
• Key-based encryption system uses a key to control how
information is encoded and decoded.
• Types of key-based encryption:
Shared-key or symmetric system
Key-pair or asymmetric system with two keys:
• A public key
• A private key
The following figure depicts the shared-key encryption system:
Encrypts data Decrypts
data
Same key on both sides
Ver. 1.0 Session 9 Slide 9 of 38
10. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Key-Based Encryption Systems (Contd.)
The following figure depicts the private-key encryption
system:
1 Exchange public keys
Public key A
Computer A Computer B
Public key B
2 Data encrypted using public key B 3 Data decrypted with private key B
Computer A Computer B Computer A Computer B
Ver. 1.0 Session 9 Slide 10 of 38
11. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 11-5
Encrypting Data with EFS
Ver. 1.0 Session 9 Slide 11 of 38
12. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Data Encryption Standard (DES)
• DES is a shared-key encryption standard that is based on a
56-bit encryption key that includes an additional 8 parity
bits.
56 bits 8 parity bits
Shared DES key
Triple encoding
Triple encoding
3 DES keys
Ver. 1.0 Session 9 Slide 12 of 38
13. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 11-6
Examining Default
IPSec Policies
Ver. 1.0 Session 9 Slide 13 of 38
14. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Digital Certificates
• A digital certificate is an electronic document that
associates credentials with a public key.
• A server called a Certificate Authority (CA) issues
certificates and the associated public/private key pairs.
• Both users and devices can hold certificates.
CA
Issues Trusts CA and
certificate accepts
certificate
Presents
certificate
Certificate holder Resource
Ver. 1.0 Session 9 Slide 14 of 38
15. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 11-7
Installing a Root Certificate
Authority (CA)
Ver. 1.0 Session 9 Slide 15 of 38
16. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Public Key Infrastructure (PKI)
• PKI is a hierarchical authentication and validation system
that is composed of CAs, certificates, software, services,
and other cryptographic components.
• PKI issues and maintains public/private key pairs and
certificates.
Server
certificate
Certificates
and key pair
User01
Root CA Issuing CA
Certificates
and key pair
User02
Ver. 1.0 Session 9 Slide 16 of 38
17. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
The Certificate Encryption Process
• Certificate Encryption Process :
CA
1 3
2
4
User01 User02
• The Encrypting File System (EFS) is a file-encryption tool
available on Windows systems that have partitions
formatted with NTFS.
Ver. 1.0 Session 9 Slide 17 of 38
18. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
The Certificate Authentication Process
• The Certificate Authentication Process:
User01 public
key decrypts
Private key
encrypts signature
User01 User02
• Digital signature is a small piece of encrypted data that is
attached to a message to verify the sender’s identify.
Ver. 1.0 Session 9 Slide 18 of 38
19. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
IP Security (IPSec)
• IPSec is a versatile, nonproprietary suite of security
standards that provides end-to-end authentication and
encryption for secure communications sessions on IP
networks. Negotiate Security
Association (SA)
Negotiate encryption
Communicate securely
Ver. 1.0 Session 9 Slide 19 of 38
20. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
IPSec Levels
There are three IPSec levels:
Client
Server
Secure Server
Require security
Secure Server
Request security
Server
Respond only
Client
Ver. 1.0 Session 9 Slide 20 of 38
21. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
IPSec Policies
IPSec policies are composed of rules, and each rule has
five component, as shown in the following figure:
Components of
Rules in the a rule
policy
Ver. 1.0 Session 9 Slide 21 of 38
22. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
The SSL Process
Secure Sockets Layer (SSL) is a security protocol that
combines digital certificates for authentication with RSA
public-key data encryption.
The SSL is a server driven process which works, as shown
in the following figure:
Request secure https: connection
Send certificate and public key
Negotiate encryption
Ver. 1.0 Session 9 Slide 22 of 38
23. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Network Address Translation (NAT)
• Network address translation (NAT) is a form of Internet
security that conceals internal addressing schemes from the
public Internet.
NAT Server
24.96.83.120
192.168.12.20 192.168.12.30
192.168.12.100
NAT is implemented as:
Software such as ICS in Windows systems.
Hardware such as cable modems and DSL routers.
Ver. 1.0 Session 9 Slide 23 of 38
24. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 11-8
Examining Proxy Settings
Ver. 1.0 Session 9 Slide 24 of 38
25. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
The NAT Process
The NAT process translates external and internal addresses
based on port numbers following the steps:
• Step-1: Client request
• Step-2: Source address conversion
• Step-3: Data return
• Step-4: Internal source identification
• Step-5: Data deliver
192.168.12.40:80 24.96.83.120:23,040
Client NAT server Web server
Port# Internal address
23,040 192.168.12.40:80
Address translation table
Ver. 1.0 Session 9 Slide 25 of 38
26. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Firewalls
• A firewall is a software program or hardware device that
protects networks from unauthorized data by blocking
unsolicited traffic.
Approved traffic
Firewall
Unapproved traffic
Ver. 1.0 Session 9 Slide 26 of 38
27. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Demilitarized Zones (DMZs)
• DMZ is a small section of a private network that is located
between two firewalls and made available for public access.
DMZ
Web server
Ver. 1.0 Session 9 Slide 27 of 38
28. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Internet Proxies
• An Internet proxy is a system that isolates internal
networks from the Internet by downloading and storing
Internet files on behalf of internal clients.
Ver. 1.0 Session 9 Slide 28 of 38
29. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Website Caching
The caching process enables Web proxies to cache web
data for clients by following the steps:
1 Client requests site Proxy forwards request
Proxy returns site to client Website responds to proxy
2 New request
Proxy responds from cache
Ver. 1.0 Session 9 Slide 29 of 38
30. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Web Proxy Features
Web proxies can incorporate a number of enhanced
features, such as:
User security
Gateway services
Auditing
Remote access services
Content filtering
Ver. 1.0 Session 9 Slide 30 of 38
31. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Remote Network Architectures
The various components of a remote network
implementation :
Remote Networking
Remote Access Networking
Remote Access Services (RAS) Servers
Remote Control Networking
Terminal Services
Ver. 1.0 Session 9 Slide 31 of 38
32. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Remote Networking
• Remote networking is a type of network communication
that enables users to access resources that are not at their
physical locations.
PSTN
Modem Modem
Remote Remote
computer access server
Established connectcion mechanism Network resources
• The biggest limitation to remote networks is the connection
bandwidth.
Ver. 1.0 Session 9 Slide 32 of 38
33. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 12-1
Configuring Windows RRAS
as a Dial-Up Server
Ver. 1.0 Session 9 Slide 33 of 38
34. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Remote Access Networking
In remote access networking, a remote node uses a remote
connection to attach to a network.
Most remote access connections are made to:
Dial-in server
Remote access server:
• Provides security
• Provides log users
Ver. 1.0 Session 9 Slide 34 of 38
35. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 12-2
Enabling and Creating
Remote Desktop Connections
Ver. 1.0 Session 9 Slide 35 of 38
36. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Remote Control Networking
Remote control uses a special software package that
enables a remote client to take over a host computer on the
network.
Host client should be a
dedicated machine
Remote Host client
Client
Ver. 1.0 Session 9 Slide 36 of 38
37. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Terminal Services Implementations
• Terminal services enable companies to deploy
applications thus providing flexible functionality to remote
users.
• The common terminal services components and network
implementations are:
Thin Clients
Thin Client Components
Microsoft Terminal Services
Windows Terminal Services Features
Citrix MetaFrame
Web-Based Remote Access
Ver. 1.0 Session 9 Slide 37 of 38
38. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Thin Clients
• A thin client is any machine that uses a thin client protocol
to connect to a server in order to access and run
applications.
• Thin client is configured as to various operating systems,
such as:
UNIX PC running thin client
software has more
Session 2
Windows hardware
and an OS installed
Dedicated thin client has
minimal hardware and no
OS installed
Emulates a
Application complete
Client 1 Client 2 server Session 1 computing
environment
Ver. 1.0 Session 9 Slide 38 of 38
39. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Activity 12-4
Installing Microsoft
Terminal Server
Ver. 1.0 Session 9 Slide 39 of 38
40. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Thin Client Components
The thin client consists of four basic parts, as shown in the
following figure:
Connects to server
Input device
Output device Downloads OS
Network connection
Client software
Launches a session
Thin client
Application
server
Ver. 1.0 Session 9 Slide 40 of 38
41. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Microsoft Terminal Services
Terminal services provides client access to all Windows-
compatible applications by opening a user session on the
server.
Windows 2000
Professional and Remote
Desktop for Session 2
Administration
Windows XP Professional and Provides Client 2 access
Remote Desktop Connection to administrative tools and
functionality
Terminal
Client 1 Client 2 Session 1
Server
Provides Client 1 access
to a shared application
Ver. 1.0 Session 9 Slide 41 of 38
42. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Citrix MetaFrame
• Citrix MetaFrame is a terminal services application that
provides client connectivity for Windows, Linux, Macintosh,
and UNIX desktops.
Server with Server with
32 connections 32 connections
Server farm supports Can add servers without
64 connections changing existing farm
Ver. 1.0 Session 9 Slide 42 of 38
43. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Web-Based Remote Access
Web-based remote access means providing access to
services and data through web browsers.
Remote user accesses applications
via a web browser Terminal Server enables
remote administration
Remote administrator manages
application servers via a web browser Web server hosts
applications
Ver. 1.0 Session 9 Slide 43 of 38
44. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Summary
In this session, you learned that:
• Network authentication methods such as Strong Passwords,
Kerberos, and Extensible Authentication Protocol (EAP) are the
first line of defense against attack or intrusion into network
systems.
• The major data encryption methods and technologies are:
Key-Based Encryption Systems
Data Encryption Standard (DES)
Digital Certificates
Public Key Infrastructure (PKI)
The Certificate Encryption Process
The Certificate Authentication Process
IP Security (IPSec)
IPSec Policies
Secure Sockets Layer (SSL)
The SSL Process
Ver. 1.0 Session 9 Slide 44 of 38
45. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Summary
The primary techniques used to secure Internet connections
are:
Network Address Translation (NAT)
The NAT Process
Firewalls
Demilitarized Zones (DMZs)
Internet Proxies
Website Caching
Web Proxy Features
Ver. 1.0 Session 9 Slide 45 of 38
46. CompTIA N+ Certification: Network Security and Remote Networking
Installing Windows XP Professional Using Attended Installation
Summary (Contd.)
The major architectures in remote networking
implementations:
• Remote Networking
• Remote Access Networking
• Remote Access Services (RAS) Servers
• Remote Control Networking
• Terminal Services
The common terminal services network implementations:
Thin Clients
Thin Client Components
Microsoft Terminal Services
Windows Terminal Services Features
Citrix MetaFrame
Web-Based Remote Access
Ver. 1.0 Session 9 Slide 46 of 38
Hinweis der Redaktion
You need to tell the password complexity requirements as given in page no. 377 of CG.
A proxy server combines NAT, firewall, and caching functionality.
You have to tell about: Remote control solutions Network access through remote control As given in the page no 416 of CG.
You need to tell about the advantages of thin clients as given in page no 425 of CG.
You need to tell about the advantages of thin clients as given in page no 425 of CG.
You need to tell about the advantages of thin clients as given in page no 425 of CG.
You need to tell about the advantages of thin clients as given in page no 425 of CG.