Question

During an onsite visit with the Chief Information Security Officer (CISO), he tells you how upset he is that they found Telnet in use by their network administrators. The reason was that the version of the router and switch operating system currently in use does not support security protocols. You assure the CISO that the upgrade will resolve that problem among other weaknesses he might be unaware of.

you will act as the network administrator. Suggest some other network security protocols that will be used to protect data on the network and explain why they would work better.

Answer 1

Network security protocols are primarily designed to prevent any unauthorized user, application, service or device from accessing network data. This applies to virtually all data types regardless of the network medium used.

Network security protocols generally implement cryptography and encryption techniques to secure the data so that it can only be decrypted with a special algorithm, logical key, mathematical formula and/or a combination of all of them. Some of the popular network security protocols include Internet Security Protocol, Secure Hypertext Transfer Protocol (HTTPS) and Secure Socket Layer (SSL).

Secure Socket Layer:

• SSL is a widely used general purpose cryptographic system used in the two major Internet browsers: Netscape and Explorer.
• It provides an encrypted end-to-end data path between a client and a server regardless of platform or OS.
• Secure and authenticated services are provided through data encryption, server authentication, message integrity, and client authentication for a TCP connection through HTTP, LDAP or POP3 application layers.
• It rivals S-HTTP

HTTPS:

• Hypertext Transfer Protocol over Secure Socket Layer (HTTPS)
• HTTPS is the use of Secure Sockets Layer (SSL) as a sub-layer under the regular HTTP in the application layer. It is also referred to as Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) or HTTP over SSL, in short.
• HTTPS is a Web protocol developed by Netscape, and it is built into its browser to encrypt and decrypt user page requests as well as the pages that are returned by the Web server. HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP

Internet Security Protocol:

• IPSec is a suite of authentication and encryption protocols developed by the Internet Engineering Task Force (IETF) and designed to address the inherent lack of security for IP-based networks.
• IPSec, has a very complex set of protocols described in a number of RFCs including RFC 2401 and 2411.
• Although it was designed to run in the new version of the Internet Protocol, IP Version 6 (IPv6), it has also successfully run in the older IPv4 as well.
• IPSec sets out to offer protection by providing the following services at the network layer:
• Access Control – to prevent an unauthorized access to the resource.
• Connectionless Integrity – to give an assurance that the traffic received has not been modified in any way.
• Confidentiality – to ensure that Internet traffic is not examined by non-authorized parties. This requires all IP datagrams to have their data field, TCP, UDP, ICMP or any other datagram data field segment, encrypted.
• Authentication – particularly source authentication so that when a destination host receives an IP datagram, with a particular IP source address, it is possible to be sure that the IP datagram was indeed generated by the host with the source IP address. This prevents spoofed IP addresses.
• Replay protection – to guarantee that each packet exchanged between two parties is different.
• IPSec protocol achieves these objectives by dividing the protocol suite into two main protocols: Authentication Header (AH) protocol and the Encapsulation Security Payload (ESP) protocol.
• The AH protocol provides source authentication and data integrity but no confidentiality.
• The ESP protocol provides authentication, data integrity, and confidentiality.
• Any datagram from a source must be secured with either AH or ESP ( See diagrams of these).