Designing Secure Communications Between Networks

By Author: Shirley Green
Total Articles: 129
Comment this article

This chapter presents the skills and concepts related to creating a CompTIA security design framework. This training kit assumes that you have a minimum of 1 year of experience implementing and administering desktop operating systems and network operating systems in environments that have the following characteristics:

At least 250 supported users
Three or more physical locations
Typical network services such as messaging, database, file and print, proxy server or firewall, Internet and intranet, remote access, and client computer management
Three or more domain controllers Connectivity needs, including connecting branch offices and individual users in remote locations to the corporate network and connecting corporate networks to the Internet
In addition, you should have experience designing a network infrastructure.
Many design exercises are paper-based; however, to understand the technical capabilities that a design can incorporate, you should have some hands-on experience with products. Where specific hands on instruction is givenCompTIA A+ certification ...
... you must have at least two computers configured as specified in the "Getting Started" section at the beginning of this book.

Data traveling between trusted networks is subject to capture, diversion, and cor?ruption. And the computers between which data travels might themselves be compromised. The people who manage the networks might be uninformed, overworked, or lack the necessary skills to protect data as it moves from place to place. For these reasons, you must understand how to secure communications between networks.
User authentication is via PPP authentication protocols. Password authentication
protocol (PAP), which sends a plain-text password across the network, is very
rarely used.
Challenge Handshake Authentication Protocol (CHAP) uses the MD5 hashing protocol to encrypt challenge strings. Only the user name crosses the network in plain text. The server must store a plain-text copy of the password, or store the password using a reversible encryption algorithm, as is the case in Windows Server 2003. CHAP is generally used only when UNIX clients are present.
Microsoft CHAP (MS-CHAP) uses an MD4 hash, and the server can store a hashed password. The protocol provides more sophisticated error messages—including a
password-expired error code, which then provides the ability to change a password during the authentication phase. The client and server independently create
the encryption key MS CHAP requires for MPPE encryption based on the free Cisco questions user's password. MS-CHAP should be used only if you have Windows 95 clients.