Directory and File Transfer Services. Chapter 7



Similar documents
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

How to setup FTP and Secure FTP for XD Series

Web Application Report

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Internet Security [1] VU Engin Kirda

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Web App Security Audit Services

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

CTS2134 Introduction to Networking. Module Network Security

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Network Security: A Practical Approach. Jan L. Harrington

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

1. Cyber Security. White Paper Data Communication in Substation Automation System (SAS) Cyber security in substation communication network

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Thick Client Application Security

TELE 301 Network Management. Lecture 16: Remote Terminal Services

Ranch Networks for Hosted Data Centers

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

Preliminary Course Syllabus

S E C U R I T Y A S S E S S M E N T : B o m g a r B o x T M. Bomgar. Product Penetration Test. September 2010

Firewalls. CEN 448 Security and Internet Protocols Chapter 20 Firewalls

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Cisco ASA. Administrators

Shipping Services Files (SSF) Secure File Transmission Account Setup

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

Goals. Understanding security testing

My FreeScan Vulnerabilities Report

CEH Version8 Course Outline

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

SANS Security 528 CASP Practice Exam

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Exam Questions SY0-401

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

SNI Vulnerability Assessment Report

Pre Sales Communications

Chapter 17. Transport-Level Security

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Setting Up Scan to SMB on TaskALFA series MFP s.

File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

VoIP Resilience and Security Jim Credland

Introduction to Cyber Security / Information Security

Own your LAN with Arp Poison Routing

8 Steps for Network Security Protection

locuz.com Professional Services Security Audit Services

Network Security and Firewall 1

8 Steps For Network Security Protection

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

How To Secure An Rsa Authentication Agent

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

NAS 224 Remote Access Manual Configuration

CS5008: Internet Computing

Discovering passwords in the memory

Network Virtualization Network Admission Control Deployment Guide

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

13 Ways Through A Firewall

Using Ranch Networks for Internal LAN Security

How do I load balance FTP on NetScaler?

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

Sitefinity Security and Best Practices

Threat Modelling for Web Application Deployment. Ivan Ristic (Thinking Stone)

Secure Software Programming and Vulnerability Analysis

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

CISCO IOS NETWORK SECURITY (IINS)

Evaluation of different Open Source Identity management Systems

information security and its Describe what drives the need for information security.

Tera Term Telnet. Introduction

Black Box Penetration Testing For GPEN.KM V1.0 Month dd "#$!%&'(#)*)&'+!,!-./0!.-12!1.03!0045!.567!5895!.467!:;83!-/;0!383;!

Introduction to Computer Security

Proxies. Chapter 4. Network & Security Gildas Avoine

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Codes of Connection for Devices Connected to Newcastle University ICT Network

CompTIA Network+ (Exam N10-005)

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak Capture Link Server V1.00

Simple Steps to Securing Your SSL VPN

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

PAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ

Hervey Allen. Network Startup Resource Center. PacNOG 6: Nadi, Fiji. Security Overview

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Configuring Sponsor Authentication

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Achieving PCI Compliance Using F5 Products

Achieving PCI-Compliance through Cyberoam

Web Security School Entrance Exam

SCP - Strategic Infrastructure Security

Transcription:

Directory and File Transfer Services Chapter 7

Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major vulnerabilities of the FTP method of exchanging data Describe S/FTP, the major alternative to using FTP, in order to better secure your network infrastructure Illustrate the threat posed to your network by unmonitored file shares

Directory Services Network services that uniquely identify users and can be used to authenticate and authorize them to use network resources Allow users to look up username or resource information, just as DNS does

Lightweight Directory Access Protocol (LDAP) Accesses directory data based on ISO s X.500 standard, but includes TCP/IP support and simplified client design Exchanges directory information with clients (is not a database that stores the information) Allows users to search using a broad set of criteria (name, type of service, location) continued

LDAP Provides additional features including authentication and authorization Each person uses only one username and password regardless of client software and OS Key feature and benefit Versatile directory system that is standards based and platform independent

Major LDAP Products

Common Applications of LDAP Single sign-on (SSO) User administration Public key infrastructure (PKI)

LDAP Operations

LDAP Framework Directory Information Tree (DIT) Data structure that actually contains directory information about network users and services Hierarchical structure

Directory Information Tree

LDAP Framework DN example cn=jonathan Q Public ou=information Security Department o=xyz Corp. c=united States

LDAP Security Benefits Authentication Ensures users identities Three levels No authentication Simple authentication Simple Authentication and Security Layer (SASL) Authorization Determines network resources the user may access Determined by access control lists (ACLs) Encryption Utilizes other protocols through (SASL)

LDAP Security Vulnerabilities Denial of service Man in the middle Attacks against data confidentiality

File Transfer Services Ability to share programs and data around the world is an essential aspect of the Internet Critical to today s networked organizations

File Transfer Protocol (FTP) Commonly used but very insecure Two standard data transmission methods active FTP and passive FTP In both, client initiates a TCP session using destination port 21 (command connection) Differences are in the data connection that is set up when user wants to transfer data between two machines

Setup of FTP Control Connection

Active FTP FTP s default connection FTP server creates data connection by opening a TCP session using source port of 20 and destination port greater than 1023 (contrary to TCP s normal operation)

Setup of the Active FTP Data Connection

Passive FTP Not supported by all FTP implementations Client initiates data connection to the server with a source and destination port that are both random high ports

Setup of the Passive FTP Data Connection

FTP Security Issues Bounce attack Clear text authentication and data transmission Glob vulnerability Software exploits and buffer overflow vulnerabilities Anonymous FTP and blind FTP access

FTP Countermeasures Do not allow anonymous access unless a clear business requirement exists Employ a state-of-the-art firewall Ensure that server has latest security patches and has been properly configured to limit user access Encrypt data before placing it on FTP server continued

FTP Countermeasures Encrypt FTP data flow using a VPN connection Switch to a secure alternative

Secure File Transfers Secure File Transfer Protocol (S/FTP) Replacement for FTP that uses SSH version 2 as a secure framework for encrypting data transfers

Benefits of S/FTP over FTP Offers strong authentication using a variety of methods including X.509 certificates Encrypts authentication, commands, and all data transferred between client and server using secure encryption algorithms Easy to configure a firewall to permit S/FTP communications (uses a single, wellbehaved TCP connection) Requires no negotiation to open a second connection

SecureFTP Implementation Programs

File Sharing Originally intended to share files on a LAN Easy to set up Uses Windows graphical interface Can be configured as peer-to-peer or as client/server shares

File Sharing Risks Confidentiality of data Some viruses spread via network shares Other types of critical information beside user documentation could become compromised if files shares are misconfigured

Protecting Your File Shares Define and communicate a policy Conduct audits of file shares using commercial scanning and audit tools

Chapter Summary Key resources used to support mission-critical business applications Directory services LDAP File transfer mechanisms FTP S/FTP

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information