Introduction
The following paper will review the Extensible Authentication Protocol (EAP) as a widely accepted standard. A brief description will be provided with visual aids to help with understanding. A current implementation of EAP with the Transport Layer Security (TLS) will be described. Common implemented security measures will also be disused. Following the security measures I will provide research on common attack vectors and ways to mitigate these attacks to protect secure data transmissions. A full discussion of EAP and TLS falls out of the scope of this paper. The research contained herein is provided as a high level understanding of the EAP protocol and one possible implementation with the known risks.
Protocol Description
EAP was built upon the Point to Point Protocol (PPP) due to the need for a way of establishing a connection before a client (peer/supplicant) had the ability to negotiate the authentication method. PPP originally would negotiate the way it would provide Authentication between two entities before the two were actually connected, called the Link Establishment Phase (RFC 1661, 1994). Technology today must have peers connect to the authenticator first and then establish the authentication, authorization, and accounting (AAA) method that will be used. The authentication had to move from the Link Establishment Phase into a new standard. Thus EAP was developed as a new method of authentication negotiation (Sotillo, 2007). A very common example of EAP is wireless communications, the peer must connect to the authenticator to establish a connection, and then the EAP negotiation is initiated.
The main components of EAP are the peer/client, authenticator, and authentication server which ar...
... middle of paper ...
...eering Task Force: http://tools.ietf.org/html/rfc5216
RFC 5246. (2008, August 2008). The Transport Layer Security (TLS) Protocol. Retrieved November 15, 2013, from The Internet Engineering Task Force : http://tools.ietf.org/html/rfc5246
RFC 5247. (2008, August). Extensible Authentication Protocol (EAP) Key Management Framework. Retrieved November 14, 2013, from The Internet Engineering Task Force: http://tools.ietf.org/html/rfc5247
Sotillo, S. (2007, November 27). Extensible Authentication Protocol (EAP). Retrieved November 16, 2013, from Infosec Writers: http://www.infosecwriters.com/text_resources/pdf/SSotillo_EAP.pdf
Turner, B. (2008, December 3). Securing a wireless network with EAP-TLS: perception and realities of its implementation. Retrieved November 15, 2013, from Edith Cowan University: http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1055&context=ism
Authentication Header (AH) and Encapsulating Security Payload (ESP) are a part of the IPSec components, they are network layer protocols allowing secured communications through a VPN tunnel. Within a firewall to enable communication for AH one will use protocol 50 and for ESP protocol 51 (Frankel, Hoffman, Orebaugh & Park, 2008), both protocols 50 and 51 can be enable within the same end-to-end IPSec connection which is the Tunnel Mode connected by two gateways. Nonetheless, for Transport Mode, there are some restrictions in the order in which they appear. While AH supports connectionless integrity and authentication of the packets, ESP provides data origin authentication and confidentiality through the use of encryption, both AH and ESP provide
Kerberos: The Kerberos is a protocol which defines how clients interact with a network authentication service. It uses tickets as a proof of identity. This a assumption of Kerberos protocol that transactions is taking place in open network between clients and servers, where most of the clients and servers
Giammarco, Erica. "U of S Central Authentication Service (CAS)." U of S Central Authentication Service (CAS). N.p., Jan. 2013. Web. 20 Nov. 2013. http://www.sciencedirect.com.cyber.usask.ca/science/article/pii/S0191886912003650?np=y
The deployed wireless network automatically disables rogue access points when required. In order to connect to the wireless network, all wireless laptops are required to be the current domain members. A group policy is enforced to all domain members so as to lock their system to SSID access point. For network layer protection, firewalls must be installed throughout the network. Wireless connections should always be WPA2 secured. All systems must have anti-virus software which provides protection from viruses. To ensure that only valid users access the network system, server certificates are installed in the
In view of emergence in cloud computing and cloud based identity management providers, the need for implementing SAML protocol is imperative. In addition, with the proliferation of SaaS (Software as a Service), and other web based applications, identity management has become challenging for various enterprises. Handling so many usernames and passwords for your intranet, cloud, webmail, HR system, and other resources is nothing but bothersome especially when your workforce is huge. This is where SAML is desperately needed. Many hosted services providers support SAML for authentication including Google Apps, Salesforce.com, Zendesk and Zoho. Thousands of large enterprises have adopted it as their standard protocol for their communicating identities across their network environments.
Describe how and why authentication credentials are used to identify and control access to files, screens, and systems. Include a discussion of the principles of authentication such as passwords, multifactor authentication, biometrics, and single-sign-on.
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
Ultimately the end users turn out to be the weak link in the security chain as they ignore the latest security trends and install outdated devices that do not support the latest security features. An example would be that of an outdated wireless router that does not support WPA encryption. By proposing a simple solution that lets the users configure their wireless access points for best possible security, the problem can be nipped in the bud.
The ERP system allows a strategic flow of information between all areas within an enterprise in a consistently productive manner.
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
United States Executive Office of the President. (2009). Cyber space policy review: Assuring a Trusted and Resilient Information and Communications Infrastructure. (pp. 1-38). Retrieved from http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
This paper is going to discuss wireless security from a broad view where I will go into why exactly wireless security is so important especially today as the ways in which we are communicating is changing dramatically. From there I will discuss the multiple wireless securities that are available to give a better understanding of the options given. Then I will go into why exactly not protecting your wireless can be so dangerous with some descriptions on the most dangerous wireless attacks out there today. Finally I will then discuss how we can better prepare for these types of attacks with a synopsis on several effective security methods that will help to ensure data is securely passed and kept hidden.
Melford, RJ 1993, 'Network security ', The Internal Auditor, vol. 50, no. 1, p. 18.
Due to the demand for the internet to be fast, networks are designed for maximum speed, rather than to be secure or track users (“Interpol” par. 1). The adage of the adage.... ... middle of paper ... ...