Guide to Operating System Security Chapter 9 Web Remote Access and VPN Security Objectives Understand Internet security using protocols and services Configure Web browsers for security Configure remote access services for security Configure virtual private network services for security Guide to Operating System Security 2 Internet Security Protocols and services must be kept secure To ensure privacy of information To discourage the spread of malicious software Guide to Operating System Security 3 Internet Protocols and Services Hypertext Transfer Protocol HTTP Secure HTTP S HTTP and Hypertext Transfer Protocol Secure HTTPS File Transfer Protocol FTP Network File System NFS Samba and Server Message Block SMB Guide to Operating System Security 4 HTTP TCP IP compatible application protocoltransports information over the Web Most recent version HTTP 1 1 Increases reliability of communications Enables caching Can send message responses before full control information from a request is received Permits multiple communications over a single connection Guide to Operating System Security 5 S HTTP and HTTPS Forms of HTTP used for more secure communications S HTTP Standards based protocol that enables use of a variety of security measures including CMS and MOSS HTTPS Essentially proprietary but more compatible with encryption for IP level communications Uses SSL as a subprotocol Guide to Operating System Security 6 File Transfer Protocol FTP TCP IP protocol that transfers files in bulk data streams Uses two TCP ports 20 and 21 Supports transmission of binary or ASCII formatted files Commonly used on the Internet Downloading files can be risky Guide to Operating System Security 7 File Transfer Protocol FTP Guide to Operating System Security 8 Network File System NFS Designed for UNIX Linux systems for file sharing Connection oriented protocol that runs within TCP Uses remote procedure calls via TCP port 111 Sends data in record streams For security let only authorized computers use NFS on host computer Guide to Operating System Security 9 Samba and Server Message Block Samba Available for UNIX and Linux computers Enables exchange of files and printer sharing with Windows based computers through SMB protocol Server Message Block Used by Windows based systems Enables sharing files and printers Employed by Samba Guide to Operating System Security 10 Using Samba Guide to Operating System Security 11 Configuring Web Browsers for Security Applying security measures to popular Web browsers Internet Explorer Mozilla Netscape Navigator Guide to Operating System Security 12 Configuring Internet Explorer Security Used with Windows and Mac OS X Configure version of HTTP use of HTTPS FTP and download access Configure security by zones Internet Local intranet Trusted sites Restricted sites Guide to Operating System Security 13 Internet Explorer Security Settings Guide to Operating System Security 14 Configuring Internet Explorer Security Internet Explorer Enhanced Security Configuration Windows Server 2003 Applies default security to protect server Uses security zones and security parameters preconfigured for each zone Guide to Operating System Security 15 Installing IE Enhanced Security Configuration Guide to Operating System Security 16 Configuring Mozilla Security Open source Web browser Can run on Linux by default with GNOME desktop UNIX Mac OS X OS 2 Windows based systems Security configuration is combined with privacy configuration options Guide to Operating System Security 17 Mozilla Security Categories Guide to Operating System Security 18 Privacy Security Option in Mozilla Guide to Operating System Security 19 Configuring Netscape Navigator Security Nearly identical to Mozilla GUI offers A buddy list Link to Netscape channels Different sidebar presentation Guide to Operating System Security 20 Netscape Navigator in Windows 2000 Server Guide to Operating System Security 21 Privacy Security Options in Netscape Guide to Operating System Security 22 Configuring Remote Access Services for Security Remote access Ability to access a workstation or server through a remote connection eg dial up telephone line and modem Commonly used by telecommuters Guide to Operating System Security 23 Microsoft Remote Access Services Enables off site workstations to access a server through telecommunications lines the Internet or intranets Guide to Operating System Security 24 Microsoft RAS Guide to Operating System Security 25 Microsoft RAS Supported Clients MS DOS Windows 3 1 and 3 11 Windows NT 95 98 Windows Millennium Windows 2000 Windows Server 2003 and XP Professional Guide to Operating System Security 26 Microsoft RAS Supports different types of modems and communications equipment Compatible with many network transport and remote communications protocols Guide to Operating System Security 27 Microsoft RAS Supported Connections Continued Asynchronous modems Synchronous modems Null modem communications Regular dial up telephone lines Leased telecommunication lines eg T carrier Guide to Operating System Security 28 Microsoft RAS Supported Connections Continued ISDN lines and digital modems X 25 lines DSL lines Cable modem lines Frame relay lines Guide to Operating System Security 29 Microsoft RAS Supported Protocols NetBEUI TCP IP NWLink PPP PPTP L2TP Guide to Operating System Security 30 Understanding Remote Access Protocols Transport protocols TCP IP IPX NetBEUI Remote access protocols Serial Line Internet Protocol SLIP CSLIP Point to Point Protocol PPP PPTP L2TP Guide to Operating System Security 31 Configuring a RAS Policy Employ callback security options No Callback Set by Caller Always Callback to Install Internet Authentication Service IAS Can be employed with Remote Authentication Dial In User Service RADIUS and RADIUS server Add participating RAS and VPN servers Guide to Operating System Security 32 Remote Access Policies Objects in the IAS Tree Guide to Operating System Security 33 Granting Remote Access Permission to RAS Guide to Operating System Security 34 Enabling Access for a User s Account via Remote Access Policy Guide to Operating System Security 35 Configuring a RAS Policy Use Remote Access Policies to configure security types Authentication Encryption Dial in constraints Guide to Operating System Security 36 RAS Authentication Types Continued Challenge Handshake Authentication Protocol CHAP Extensible Authentication Protocol EAP MS CHAP v1 aka CHAP with Microsoft extensions MS CHAP v2 aka CHAP