QUESTION NUMBER 50-54
50. State IEEE 802.11 Network Components and explain its Architectural Models.
IEEE 802.11 has two fundamental architectural components, as follows:
• ¬ Station (STA). A STA is a wireless endpoint device. Typical examples of STAs are laptop
computers, personal digital assistants (PDA), mobile phones, and other consumer electronic devices with IEEE 802.11 capabilities.
• ¬ Access Point (AP). An AP logically connects STAs with a distribution system (DS), which is typically an organization’s wired infrastructure. APs can also logically connect wireless STAs with each other without accessing a distribution system.
The IEEE 802.11 standard also defines the following two WLAN design structures or configurations,
• ¬ Ad Hoc Mode. The ad hoc mode does not use APs. Ad hoc mode is sometimes referred to as infrastructureless because only peer-to-peer STAs are involved in the communications.
• ¬ Infrastructure Mode. In infrastructure mode, an AP connects wireless STAs to each other or to a distribution system, typically a wired network. Infrastructure mode is the most commonly used mode for WLANs.
Ad Hoc Mode
The ad hoc mode (or topology) is depicted conceptually in Figure 2-1. This mode of operation, also known as peer-to-peer mode, is possible when two or more STAs are able to communicate directly to one another. Figure 2-1 shows three devices communicating with each other in a peer-to-peer fashion without any infrastructure. A set of STAs configured in this ad hoc manner is known as an independent basic service set (IBSS).
Today, a STA is most often thought of as a simple laptop with an inexpensive network interface card (NIC) that provides wireless connectivity; however, many other types of devices could also be STAs. In Figure 2-1, the STAs in the IBSS are a mobile phone, a laptop, and a PDA. IEEE 802.11 and its variants continue to increase in popularity; scanners, printers, digital cameras and other portable devices can also be STAs. The circular shape in Figure 2-1 depicts the IBSS. It is helpful to consider this as the radio frequency coverage area within which the stations can remain in communication. A fundamental property of IBSS is that it defines no routing or forwarding, so, based on the bare IEEE 802.11i spec, all the devices must be within radio range of one another.
One of the key advantages of ad hoc WLANs is that theoretically they can be formed any time and anywhere, allowing multiple users to create wireless connections cheaply, quickly, and easily with minimal hardware and user maintenance. In practice, many different types of ad hoc networks are possible, and the IEEE 802.11 specification allows all of them. Since it does not give the details of how to form a network, but rather only how to establish the links in a network, ad hoc mode as specified by 802.11 is incomplete for any particular use. This means that different products built on it typically are not interoperable, because there has not yet been standardization on any of these possible networks.
An ad hoc network can be created for many reasons, such as allowing the sharing of files or the rapid exchange of e-mail. However, an ad hoc WLAN cannot communicate with external networks. A further complication is that an ad hoc network can interfere with the operation of an AP-based infrastructure mode network (see next section) that exists within the same wireless space.
Infrastructure Mode
In infrastructure mode, an IEEE 802.11 WLAN comprises one or more Basic Service Sets (BSS), the basic building blocks of a WLAN. A BSS includes an AP and one or more STAs. The AP in a BSS connects the STAs to the DS. The DS is the means by which STAs can communicate with the organization’s wired LANs and external networks such as the Internet. The IEEE 802.11 infrastructure mode is depicted in Figure 2-2.
51. What are the various types of authentic methods implemented in IEEE 802.11 security?
In the legacy IEEE 802.11 specification, authentication between clients and APs is only one way: authenticating the client to the AP. The client must trust that it is communicating to a legitimate, benign AP. The legacy specification defines two authentication methods: open-system and shared-key. Open-system authentication is the only authentication method that the legacy IEEE 802.11 specification requires products to support. However, open-system authentication is not truly authentication; the AP accepts the client without verifying its identity, simply by the client providing a MAC address to the AP. There is no validation that this MAC address is not spoofed or that the client is authorized to have access, so open-system authentication is highly vulnerable to attack and practically invites unauthorized access.
The other authentication method in the legacy specification, shared-key authentication, is a cryptographic technique for authentication. It is a simple “challenge-response” scheme based on whether a client has knowledge of a shared secret—the WEP key. In this scheme, as depicted in Figure 4-2, a random challenge is generated by the AP and sent to the client in plaintext. The client then generates a pseudorandom series of bytes known as the key stream that is XORed8 with the AP’s plaintext challenge and sent back to the AP as an encrypted response. The AP decrypts the result computed by the client and allows access only if the decrypted value is the same as the random challenge transmitted. The algorithm used in the cryptographic computation and for the generation of the 128-bit challenge text is the RC4 stream cipher, which is not FIPS-approved.
In shared-key authentication, the initial exchange of the plaintext challenge from the AP and the encrypted response from the client is a major security design flaw. An eavesdropping attack would capture both the AP’s plaintext challenge and the client’s encrypted response, thereby providing an attacker with two of the three components required to determine the random key stream. An attacker can XOR the encrypted response and the plaintext challenge to determine the random key stream, thus enabling the attacker to authenticate to the AP.
If a legacy WLAN is limited to WEP authentication methods and employing WEP data encryption, open-system authentication is technically more secure than shared-key authentication because shared-key authentication can actually help facilitate an attack on the WEP encryption keys. However, neither authentication method provides any true assurance of authentication, so organizations that want to authenticate their legacy WLAN clients should consider separate authentication solutions and plan migration to WLANs using IEEE 802.11i, which support multiple strong authentication options.
52. Write short note on IEEE 802.11i security.
The IEEE 802.11i standard is the sixth amendment to the baseline IEEE 802.11 standards. It includes many security enhancements that leverage mature and proven security technologies. For example, IEEE 802.11i references the Extensible Authentication Protocol (EAP) standard, which is a means for providing mutual authentication between STAs and the WLAN infrastructure, as well as performing automatic cryptographic key distribution. EAP is a standard developed by the Internet Engineering Task Force (IETF).IEEE 802.11i employs accepted cryptographic practices, such as generating cryptographic checksums through hash message authentication codes (HMAC)
The IEEE 802.11i specification introduces the concept of a Robust Security Network (RSN). An RSN is defined as a wireless security network that only allows the creation of Robust Security Network Associations (RSNA). An RSNA is a logical connection between communicating IEEE 802.11 entities established through the IEEE 802.11i key management scheme, called the 4-Way Handshake, which is a protocol that validates that both entities share a pairwise master key (PMK), synchronizes the installation of temporal keys, and confirms the selection and configuration of data confidentiality and integrity protocols. The entities obtain the PMK in one of two ways—either the PMK is already configured on each device, in which case it is called a pre-shared key (PSK), or it is distributed as a side effect of a successful EAP authentication instance, which is a component of IEEE 802.1X port-based access control. The PMK serves as the basis for the IEEE 802.11i data confidentiality and integrity protocols that provide enhanced security over the flawed WEP. Most large enterprise deployments of RSN technology will use IEEE 802.1X and EAP rather than PSKs because of the difficulty of managing PSKs on numerous devices. WLAN connections employing ad hoc mode, which typically involve only a few STAs, are more likely to use PSKs.
The IEEE 802.1X standard defines several terms related to authentication. The authenticator is an entity at one end of a point-to-point LAN segment that facilitates authentication of the entity attached to the other end of that link. For example, the AP in Figure 3-2 serves as an authenticator. The supplicant is the entity being authenticated. The STA may be viewed as a supplicant.The authentication server (AS) is an entity that provides an authentication service to an authenticator. This service determines from the credentials provided by the supplicant whether the supplicant is authorized to access the services provided by the authenticator. The AS provides these authentication services and delivers session keys to each AP in the wireless network; each STA either receives session keys from the AS or derives the session keys itself. The AS either authenticates the STA and AP itself, or provides information to the STA and AP so that they may authenticate each other. The AS typically lies inside the DS, as depicted in Figure 3-2. When employing a solution based on the IEEE 802.11i standard, the AS most often used for authentication is an Authentication, Authorization, and Accounting (AAA) server that uses the Remote Authentication Dial In User Service (RADIUS) or Diameter protocol to transport authentication-related traffic. This is discussed further in Section 4. The supplicant/authenticator model is intrinsically a unilateral rather than mutual authentication model: the supplicant authenticates to the network. IEEE 802.11i combats this bias by requiring that the EAP method used provides mutual authentication.
54. Server Backup Procedures
Server Backup Procedures
One of the most important functions of a server administrator is to maintain the integrity of the data on the server. This is important because servers are often some of the most exposed and vital hosts on an organization’s network. The server administrator needs to perform backups of the server on a regular basis for several reasons. A server could fail as a result of a malicious or unintentional act or a hardware or software failure. In addition, Federal agencies and many other organizations are governed by regulations on the backup and archiving of server data. Server data should also be backed up regularly for legal and financial reasons.
Server Data Backup Policies
All organizations need to create a server data backup policy. Three main factors influence the contents of this policy:
• Legal requirements
– Applicable laws and regulations (Federal, state, and international)
– Litigation requirements
• Mission requirements
– Contractual
– Accepted practices
– Criticality of data to organization
• Organizational guidelines and policies.
Although each organization’s server backup policy will be different to reflect its particular environment, it should address the following issues:
• Purpose of the policy
• Parties affected by the policy
• Servers covered by the policy
• Definitions of key terms, especially legal and technical
• Detailed requirements from the legal, business, and organization’s perspective
• Required frequency of backups
• Procedures for ensuring data is properly retained and protected
• Procedures for ensuring data is properly destroyed or archived when no longer required
• Procedures for preserving information for Freedom of Information Act (FOIA) requests, legal investigations, and other such requests
• Responsibilities of those involved in data retention, protection, and destruction activities
• Retention period for each type of information logged
• Specific duties of a central/organizational data backup team, if one exists.
Server Backup Types
Three primary types of backups exist: full, incremental, and differential. Full backups include the OS, applications, and data stored on the server (i.e., an image of every piece of data stored on the server hard drives). The advantage of a full backup is that it is easy to restore the entire server to the state (e.g., configuration, patch level, data) it was in when the backup was performed. The disadvantage of full backups is that they take considerable time and resources to perform. Incremental backups reduce the impact of backups by backing up only data that has changed since the previous backup (either full or incremental).
Differential backups reduce the number of backup sets that must be accessed to restore a configuration by backing up all changed data since the last full backup. However, each differential backup increases as time lapses from the last full backup, requiring more processing time and storage than would an incremental backup. Generally, full backups are performed less frequently (weekly to monthly or when a significant change occurs), and incremental or differential backups are performed more frequently (daily to weekly). The frequency of backups will be determined by several factors:
• Volatility of information on the site
– Static content (less frequent backups)
– Dynamic content (more frequent backups)
– E-commerce/e-government (very frequent backups)
• Volatility of configuring the server
• Type of data to be backed up (e.g., system, application, log, or user data)
• Amount of data to be backed up
• Backup device and media available
• Time available for dumping backup data
• Criticality of data
• Threat level faced by the server
• Effort required for data reconstruction without data backup
• Other data backup or redundancy features of the server (e.g., Redundant Array of Inexpensive Disks [RAID]).
For servers with highly dynamic data, standard backups may be insufficient to ensure the availability of the server data. Some services have data modified on a continuous basis, and a server failure necessitating restoration from a backup would cause the loss of all data changes made since the previous backup. Some servers offer replication services that allow data changes from one server to be duplicated on another server, either for individual changes or small batches of changes. Replication does place additional load on servers and networks, so organizations need to weigh the costs of replication against the costs of lost availability should a server failure occur. Replication is not intended to take the place of standard backups, only to provide a capability to duplicate recent changes to data.
Maintain a Test Server
Most organizations will probably wish to maintain a test or development server for their most important servers, at a minimum.39 Ideally, this server should have hardware and software identical to the production or live server and be located on an internal network segment (intranet) where it can be fully protected by the organization’s perimeter network defenses. Although the cost of maintaining an additional server is not inconsequential, having a test server offers numerous advantages:
• It provides a platform to test new patches and service packs before application on the production server.
• It provides a development platform for the server administrator to develop and test new content and applications.
• It provides a platform to test configuration settings before applying them to production servers.
• Software critical for development and testing but that might represent an unacceptable security risk on the production server can be installed on the development server (e.g., software compliers, administrative tool kits, remote access software).
No comments:
Post a Comment