Wednesday, October 28, 2009

Lab 6 : Security in Network

1. Discuss the potential perpetrators that can threaten Network security and it goal for attacking network services.

In general network security can been said as a prevention from nosy people from getting data they are not authorized or worse yet, modify messages intended for other recipients. It is concerned with people trying to access remote services that are not authorized to use. Most problems are intentionally caused by malicious people trying to gain some benefit or bring harm to someone else.

2. Network security problems can be divided roughly into FOUR (4) intertwined areas, List and explain in details each area.

Secrecy - also called confidentiality, has to do with keeping information out of the hands of unauthorized users. It protects against disclosure of information to entities not authorized to have that information. Entities might be people or organization.

Authentication - deals with determining whom you are talking to before revealing sensitive information or entering into a business deal.

Non-Repudiation - deals with signatures. It protects user against the threat that the value or existence of the data might be changed in a way inconsistent with the recognized security policy.

Integrity control how - can you be sure that a message you received was really the one sent and not something that a malicious adversary modified in transit.

3. What is the significance difference between the wireshark output in Task 1 and Task 2; explain in detail the function of IPSec in Task 2?

During Task 1, wireshark successful captured both username and password in File Transfer Protocol (FTP). Username = ‘administrator’ and Password = ‘abc123’. But all these things not happen in Task 2, this is because both username and password are already encrypted even the data are captured. This is because in the Task 2, we using IPSec to secure FTP Transaction. IPSec is one of the solutions to safeguard the transmission of data over FTP from being seen by an unauthorized user. It will protect the information from being manipulated.

4. What is the benefit of using IPSec?

IPSec is typically used to attain confidentiality, integrity, and authentication in the transport of data across insecure channels. Though it's original purpose was to secure traffic across public networks, it's implementations are often used to increase the security of private networks as well, since organizations cannot always be sure if weaknesses in their own private networks are susceptible to exploitation. If implemented properly, IPSec provides a private channel for sending and exchanging vulnerable data whether the data is email, ftp traffic, news feeds, partner and supply chain data, medical records, or any other type of TCP/IP based data.

5. Explain what are AH and ESP in IPSec protocol suite?

Authentication Header (AH): ties data in each packet to a verifiable signature (similar to PGP email signatures) that allows you to verify both the identity of the person sending the data and that the data has not been altered. · Encapsulation Payload (ESP): scrambles the data (and even certain sensitive IP addresses) in each packet using hard core encryption. So a sniffer somewhere on the network doesn’t get anything usable.

6. Explain in detail how to enable IPSec option in a linux environment.

Enable-dpd: enables dead peer detection (DPD). DPD is a method for detecting wether any of the hosts for which security associations are set up is unreachable. When this is the case the security associations to that host can be removed. enable-natt: enables NAT traversal (NAT-T). Since NAT alters the IP headers, this causes problems for guaranteeing authenticity of a packet. NAT-T is a method that helps overcoming this problem.

7. Are there any other methods to secure FTP connection other than using IPSec? (list at least 3 methods).

i. SQL Server Integration Services)
ii. SFTP (secure FTP with SSH2 protocol)
iii. FTPS (FTP over SSL) site