Network security is a very important but complicated subject. in this chapter we will learn defferent types of security protocols. It is a prime concern for every company that uses computers. Compromised network security means a hacker or competitor may gain access to critical or sensitive data, possibly resulting in data loss, or even complete destruction of the system.
Types of security protocols
- Point-to-point Tunneling protocol (PPTP)
- Secure Sockets Layer (SSL)
- Password Authentication Protocol (PAP)
- Challenge Handshake Authentication protocol (CHAP)
- Extensible authentication protocol (EAP)
Point-to-point Tunneling protocol (PPTP)
PPTP is ones types of Security protocol the first encapsulation protocol on the market. it was designed by Microsoft and was hugely accepted by the security-concerned people. as it is developed by Microsoft so it is supported in all windows operating systems. PPTP establishes Point-to-point connections between two computers by encapsulating the PPP packets being sent. Although PPTP has helped to improve communication security.
Secure Sockets Layer (SSL)
SSL is types of security protocol that is used on the internet, which was developed by Netscape and is supported by all popular web browsers. SSL uses public key encryption to establish secure connections over the internet. it is widely used on the internet for web transactions such as sending credit card data. it can be utilized for other protocols as well, such as Telnet, FTP, LDAP, IMAP,SMTP, but these are not commonly used.
SSL provides three key services:
- Server authentication SSL: It allows a user to confirm a server’s identity. For example, you can use this ablity when you are purchasing something online with a credit card but first want to verify the server’s identity.
- Client authentication SSL: It allows a server to confirm a user’s identity. This functionality is often used when a server is sending sensitive information such as banking information or sensitive documents a client system and wants to verify the client’s identity.
- Encrypted connections: It is possible to configure SSL to require all information sent between a client and a server to be encrypted by the sending software and encrypted by the receiving Software. Doing this establishes private and secure communication between two devices. IN addition, SSL has a mechanism to determine whether the data sent has been tampered with or altered in transit.
Password Authentication Protocol (PAP)
Challenge Handshake Authentication protocol (CHAP)
CHAP (Challenge-Handshake Authentication Protocol) is types of security protocols a more secure procedure for connecting to a system than the Password Authentication Procedure (PAP). CHAP is a remote access authentication protocol used with PPP to provide security and authentication to users of remote resources. Point-to Point protocol or PPP is a popular protocol, which replaced the Serial Line Internet Protocol (SLIP). PPP is more secure than SLIP, and it can work if static addressing is not defined for communication. PPP allows users to use dynamic addressing and multiple protocols during communication with a remote host. RFC describes a process of authentication that works in the following manner:
CHAP is Types of security protocols used to periodically verify the identity of the peer using a three-way handshake. This is done upon initial link establishment, and may be repeated anytime after the link has been established.
MS-CHAP is types of security protocols the extension of CHAP, which is created and used by Microsoft. Although this protocol is not standardized, but is widely used in Microsoft Windows deployments. Its current version, (MS- CHAPV2) is an enhancement that allows a client to change his or her account password if it has expired on the RADIUS server. MS-CHAPV2 also uses stronger encryption keys than CHAP and MS-CHAP. MS-CHAP is only as secure as the passwords that users choose, and this is basically why it’s still not entirely a secure protocol to use in the enterprise.
it also ones types of security protocols introduces enhancements over its predecessor. A key improvement includes support for two-way authentication or mutual authentication. Two-way authentication confirms the identity of both sides of the connection. The remote access client authenticates against the remote access server, and the remote access server authenticates against the remote access client. Mutual authentication provides protection against remote server impersonation. MS-CHAP2 also includes a few changes in which the cryptographic key is analyzed. As far as authentication methods are concerned, MS-CHAP v2 is the most secure. MS-CHAP v2 also supports PPP, PPTP, and L2TP network connections. for more
Extensible authentication protocol (EAP)
EAP is types of security protocols an extension made to standard PPP. EAP has additional support for a variety of authentication schemes including smart cards, logon, certificates, Kerberos, and public key authentication. It is often used with VPNS to add security against brute-force or dictionary attacks. EAP is also frequently used with RADIUS. It runs directly over the Data Link Layer and đoes not require the use of IP.
EAP comes in several different forms:
- EAP over IP (EAPOIP)
- Message Digest Algorithm/Challenge-Handshake Authentication Protocol (EAP-MD5-CHAP)
- Transport Layer Security (EAP-TLS)
- Tunneled Transport Layer Security (EAP-TTLS)
- Light Extensible Authentication Protocol (LEAP) Cisco
According to the Greek mythology Kerberos (or Cerberus) was the hound of Hades, a monstrous three- headed dog with a snake for a tail and snakes down his back like a mane, whose analogs in other cultures are hellhounds. If the guard hound believed the stranger is trace passer then he’ll be killed without any hesitation. It is types of security an appropriate name for the enormously strong security protocol developed by the Athena project at the Massachusetts Institute of Technology (MIT).
Currently its version is 5. It is used to authenticate users and services requesting access to resources. Kerberos is a Types of security network protocol designed to centralize the authentication information for the user or service requesting the resource. This allows authentication of the entity requesting access (user, machine, service, or process) by the host of the resource being accessed through the use of secure and encrypted keys and tickets (authentication tokens) from the authenticating Key Distribution Center (KDC). It allows for cross-platform authentication, and will be available in upcoming implementations of various network operating systems. Kerberos is very useful in the distributed computing environments currently used because it centralizes the processing of credentials for authentication. Kerberos utilizes time stamping of its tickets to help ensure they are not compromised by other entities, and uses an overall structure of control that is called a realm. Some platforms use the defined terminology, while others such as Windows 2000 use their domain structure to implement the Kerberos concepts.