Methods of network access security
It is hard to believe that the peoples network computers to increase the security. Mostly, network computers are used to share resources and to address the myriad of security threats and issues. It is possible to address the security issue with the help of software and hardware configuration. Effective network security targets different threats and also stops them from spreading or entering on the network. The software must be constantly managed and updated to protect the network from emerging threats. In that way, following are some of the methods of network access security.
The ACL means access control lists. It is the rule which is typically applied to the router interface, that specifies denied and permitted traffic. It is the method of determining traffic and making decisions depends on the attributes of traffic. Then the attributes might be considered the destination IP address, specific port information, protocol, destination MAC address, source Mac address and source IP address in a header of the packets. What is filtered and identified can largely depend on the kind of device on which lists are configured. The device which filter traffic based on the ACL like rules is the packet filtering firewall. The term ACL is used with a firewall and router systems to refer the list of permitted users or computers. In case, ACL on the switches are really different from the ACL on the routers. Listed below are some of the types of ACL and filtering it provides.
Each and every host on the network have 48 bits of hexadecimal MAC address and also each Ethernet packet comprises a destination MAC addresses and a source Mac addresses. The MAC filtering is applied on the switches working on a layer 2 of an OSI model, focus on those addresses in a packet and will be configured to allow particular MAC addresses via interface on a switch.
On the other hand, the traffic will come in the interface only, if it has the destination address for the group of hosts or specific hosts. The MAC filtering is normally applied as an access layer of the computer network, in that where a host computer is connected to the switch. Whether the network is wireless or wired, then the MAC address filtering usually not used only for security, because this MAC addresses will easily spoofed with the correct software.
This media access control is perhaps the most less used packet filtering method, but can configure the firewall to use the hardware configured Mac addresses as a determining factor in access to a network is granted. It is not a flexible method and it is only suitable in environments in that can closely control who else uses which MAC address. An internet is never such an environment.
The destination IP address and a source IP address of the packets are contained in an IP header of the packet, it is referred as a layer 3 addresses. The IP filtering, normally associated with the routers is the processes of configuring a device to pass only through the desired IP traffic and its block everything else. It is the very effective method to filter, so that anything which is forgotten can not be passed through it.
With the help of the IP address as the parameter, the ACL (firewall) will deny or allow traffic depends on the destination or source IP address.
The ports are the numbers contained in the packet that implies the purpose of the packet and hence allows the computer to perform so many things at once through the wire. While checking and browsing the email and getting files over an internet all at once, then it will provide the advantages of ports. The TCP/IP has the 65,536 available ports. Some of the ports are used more than other ports. This port is divided into 3 main designations or groups such registered ports, well known ports and private or dynamic ports.
Tunneling and encryption:
For most of the companies with multi location, then the prospect of installing the leased lines like T3s or T1s, to each of the locations is unnecessary and cost prohibitive. Now, it becomes unnecessary with today network due to the use of the internet as the secure connections between the locations. The tunneling is the process of an encapsulating 1 protocol in another so as to offer a secure communication via an unsecure medium which is typically the internet. Listed below are the protocols used for the tunneling as well as security.
A secure socket layer protocol will use cryptography to offer secure communication and authentication privacy through an internet. It was typically used for an e-commerce. When used in the conjunction with the VPN on the website that is permitting e-commerce, an advantage SSL provides is that most of the filters are configured already.
The virtual private network is the network which is not truly private, it just runs via an unsecure network. The VPN is made private virtually with the help of an encapsulation protocol is known as tunneling protocol. It is possible to establish this with the help of cryptography and SSL.
The layer 2 tunneling protocol is one among the most commonly using tunneling protocol. Only Microsoft clients that supports L2TP are newer and windows 200 professional. The windows 200 server and the newer servers can also support L2TP. It uses IP/Sec to authenticate a client in the 2 phase process. At first, it authenticates the computer and then the user. The authenticating the computers helps to prevent the man in the middle attack, thereby where the data is intercepted first by the other computer and forwarded to an intended receiver.
It is a point to point tunneling protocol, which is used to create the secure tunnel in between 2 points on the network through which the other protocol such as point to point protocol will be used. The tunneling functionality offers the basis for most of the VPN. Since PPTP is the widely used protocol, other tunneling protocol such as L2TP, offer even greater security.
The internet protocol security is the framework of the protocols proposed to authenticate connection and also encrypt data during communication in between 2 computers. It operates at a network layer of an OSI model and offer security of the protocols which operate at a higher layer of an OSI model. Due to this, use IPSec to practically secure all the TCP/IP related communications like tunnels. To be more particular, this IPSec has 3 main security, such as protection from data tampering, data verification and privacy of transactions.
Most of the protocols are used to establish tunnels and secure communication requires exchange of keys. To maintain the communication regarding the key secure and prevent attacks such as denial of service attack or replay attack, use a protocol that offers secure management and creation of the keys. The protocol that used is referred as the internet security association and key management protocol (ISAKMP). It is used in the conjunction with an internet key exchange and also sometimes with the kerberized internet negotiation of keys.
The TLS allows network devices to communicate across the network when avoiding tampering, message forgery and eavesdropping. It is proposed to allow the end user to be sure the communication person. Clients can also negotiate keys which will be used to secure the transferred data. The TLS is set to supersede and its predecessor secures socket layers.
It was introduced in the 2008 and it is the latest version of the TLS, which offers many security enhancements through that of an original protocol. It includes the use of the longer key and much more hashing algorithm and stronger encryption algorithms for an authentication phase. Due to this enhancement, the previous versions of the TLS have been obsolete rendered.
Site- to- site and client- to- site
Tunneling protocols as well as a combination of them will be used to accomplish 2 main kinds of tunneling. It is commonly referred as a site to site and client to site. The site to site type of tunneling is usually used to send and get encrypted data in the same company or network. An organization can also use particular software and hardware to build the tunnel so that they can use. However, client to site tunneling is hardly used to accomplish secure communication between organizations, individuals and networks.
The remote access means the user is not on the device which is connected in the LAN of the organizations, but it is connected outside the LAN instead. With remote access the goals are twofold. The first goal is to offer the user with experience as close to what they have if it were connected within the LAN. The second goal is to keep the security of the system within the limit. It implies that it requires some methods by which a user will authenticate to a network to transmit sensitive data more securely.
The remote access service is the remote access solution which is included with the Microsoft windows server product. The main function is to provide user the similar access to a network from the remote location while sitting at their own place and sometime this access is too slow. RAS servers will offer dial up connections using VPN connections as well as modems using WAN miniport.
The RDP is the remote desktop protocol, which is used by the Microsoft to accomplish remote control and remote access capabilities between clients and servers on the Microsoft network. It is a protocol in which the windows terminal service operates.
It is a point to point protocol over Ethernet which is more popular due to its increasing number of users who use DSL connections and cable modems to access an internet. The main function is to encapsulate the PPP frames within the Ethernet frames.
The point to point protocol is the protocol which is used by most of the users as a standard remote access protocol. It offers for authentication mechanisms, multiple protocol support and error checking. Select the one among the several authentication options such as PAP, CHAP and EAP.
The independent computing architecture is the proprietary protocol proposed by the Citrix for the application server system. It defines the specification for passing data in between clients and servers, but it is not bound with any platform. It can also be used for Mac, windows, Unix and Linux clients as a terminals which are referred as thin clients. The communication will be secured with the help of an application independent tunneling protocol like L2TP with the IPSec.
It was first developed by the SSh communication security Ltd. The secure shell (ssh) is the program which allows to log in to the another computer through a execute command, network and also moves files from 1 computer to another computer. This SSH offers secure communications and strong authentication through unsecure channel. It protects a network from attacks, including IP source routing, IP spoofing and DNS spoofing. The SSh is available for Macintosh, Linux and Unix and also works with the RSA authentication. It operates at the session layer and the application layers of an OSI model.
It becomes more essential to learn the methods of network access security for the network security. For that understand the IP filtering and MAC filtering to make filtering decision on packets. Grasp various forms of tunneling such as VPN, SSl VPN, PPTP and L2TP for secure data transfer over an unsecure network. L2TP is considered as more secure than the PPTP, but it just needs latest servers and clients. Additionally, understand the IPsec to provide secure data transfer and secure authentication between 2 computers and remote access types of protocols such as PPoE, RDP, ICA, SSh and PPP. By attaining this knowledge, one perform the related tasks as soon as possible with limited assistance.