CompTIA Network+ Module 4: Comprehensive Guide to Protocols and Remote Access

Foundations of Encryption Protocols

  • Encryption protocols employ a mathematical code known as a cipher to scramble data into a format that is unreadable without reversing the cipher.
  • The fundamental purpose of encryption is to maintain information privacy.
  • Encryption methods are evaluated based on three primary benchmarks known as the CIA triad:
    • Confidentiality: Ensuring that information is not disclosed to unauthorized individuals, entities, or processes.
    • Integrity: Maintaining and assuring the accuracy and completeness of data over its entire life cycle.
    • Availability: Ensuring that systems and data are accessible and usable upon demand by an authorized entity.

Key Encryption Mechanics

  • A key is defined as a random string of characters that is woven into the bits of the original data.
  • The application of a key generates a unique block of data known as ciphertext.
    • Keys are created following specific sets of rules or mathematical algorithms.
  • Key encryption is categorized into two main types:
    • Private Key Encryption: Utilizes a single key that must be securely communicated and shared between the sender and the receiver.
    • Public Key Encryption: Relies on a second, public key that is safely accessible to anyone, used in conjunction with a private key.

IPsec (Internet Protocol Security)

  • IPsec is an encryption protocol suite that establishes rules for encryption, authentication, and key management specific to TCP/IP transmissions.
  • IPsec creates secure connections through a five-step process:
    • 1. IPsec initiation.
    • 2. Key management.
    • 3. Security negotiations.
    • 4. Data transfer.
    • 5. Termination.
  • IPsec operates in two distinct modes:
    • Transport mode: Only the payload of the IP packet is encrypted.
    • Tunnel mode: The entire IP packet is encrypted and then encapsulated into a new IP packet.

SSL (Secure Sockets Layer) and TLS (Transport Layer Security)

  • SSL and TLS are methods used for encrypting TCP/IP transmissions.
  • While distinct, the protocols often work side-by-side and are commonly referred to as SSL/TLS or TLS/SSL.
  • When a client and server connect via SSL/TLS, they establish a unique session, which is a specific association between the two parties.
  • The parameters of a session are defined by an agreement on specific encryption techniques.
  • SSL Handshake Protocol:
    • The session is initialized by an SSL handshake.
    • The handshake allows the client and server to authenticate each other.
    • This process is conceptually similar to the TCP three-way handshake.

Remote Access Services and Protocols

  • Remote access is a service providing a client the ability to connect and log on to a server, Local Area Network (LAN), or Wide Area Network (WAN) from a different geographical location.
  • Remote access requires a RAS (Remote Access Server), which can be one of two types:
    • Dedicated hardware devices.
    • Software running on a standard server.
  • Primary categories of remote access include:
    • Remote file access.
    • Terminal emulation (also referred to as remote virtual computing).
    • VPN (Virtual Private Network).

Remote File Access Technologies

  • FTP (File Transfer Protocol): The standard protocol for providing remote file access.
  • FTPS (FTP Secure or FTP over SSL): Enhances FTP by adding a layer of protection using SSL/TLS encryption.
  • SFTP (Secure FTP): A file-transfer version of SSH (Secure Shell) that incorporates encryption and authentication for the transfer process.
  • TFTP (Trivial FTP): A simplified protocol similar to FTP that lacks authentication or security mechanisms for data transfer.

Terminal Emulation and Remote Control

  • Terminal emulator software allows a user on a client computer to control a host or server computer.
  • Command-line based software examples:
    • Telnet: A utility used for remote control; it is considered insecure as it provides poor authentication and no encryption for data transmission.
    • SSH (Secure Shell): A collection of protocols offering secure authentication and encryption. It protects against threats including unauthorized host access, IP spoofing, interception of data in transit, and DNS spoofing. SSH must be running on both the client and the server and supports password authentication via public and private key generation.
  • GUI-based software examples:
    • Remote Desktop for Windows.
    • join.me.
    • VNC (Virtual Network Computing).
    • Team Viewer.
  • RDP (Remote Desktop Protocol): A proprietary protocol developed by Microsoft for connecting to and controlling remote computers.
  • VNC (Virtual Network Computing):
    • Uses the cross-platform RFB (Remote Frame Buffer) protocol.
    • As an open-source technology, it is used to run Operating Systems on client computers, access mobile devices (tablets/smartphones), and control media or surveillance systems.
  • Out-of-band management:
    • Relies on a dedicated connection between the administrator's computer and network devices.
    • Uses a remote management card attached to a device's console port.
    • Centralized management is often achieved through a console server or console router.

Virtual Private Networks (VPNs)

  • A VPN is a network connection encrypted from end-to-end, creating a private link to a remote network, often called a tunnel.
  • VPN Classification Models:
    • Site-to-site VPN.
    • Client-to-site VPN (also known as host-to-site or remote-access VPN).
    • Host-to-host VPN.
  • Tunneling Mechanics:
    • VPN protocols encapsulate higher-layer protocols in a process called tunneling.
    • Many tunneling protocols operate at the Data Link Layer (Layer 2) to encapsulate frames into Network Layer packets.
    • Some operate at Layer 3 to provide additional features.
    • Most tunneling protocols require an additional encryption protocol for security.
  • Common Tunneling Protocols:
    • L2TP (Layer 2 Tunneling Protocol).
    • GRE (Generic Routing Encapsulation).
    • Open VPN.
    • IKEv2.
  • Cisco-Specific VPN Technologies:
    • mGRE (Multipoint GRE): A proprietary protocol allowing multiple tunnel destinations on one interface.
    • DMVPN (Dynamic Multipoint VPN): An enterprise solution that dynamically creates tunnels between branch locations as needed, rather than using static, constant tunnels.

Remote Access Policies

  • A robust remote access policy typically includes the following requirements:
    • Devices must be updated with current patches, anti-malware software, and active firewalls.
    • Access must be controlled via strong passwords or biometric measures.
    • Passwords must be complex and changed periodically.
    • Internal and external storage on the device must be encrypted.
    • Company and customer data must remain secure at all times.
    • Immediate reporting of lost or stolen remote access devices is required.
    • Encrypted VPN software must be used for all remote resource access.
    • While connected to the company network, the device must not connect to the open Internet or any network not controlled by the employee.
    • Remote sessions must be terminated immediately when no longer in use.

TCP/IP Troubleshooting Utilities

  • netstat:
    • Displays TCP/IP statistics and details regarding active connections on a host.
    • Identifies ports where TCP/IP services are running.
    • Shows currently established network connections.
    • Reports message counts handled by an interface since activation.
    • Identifies the number of data errors occurred on a specific interface.
  • tracert and traceroute:
    • Used to trace the path between nodes and identify intermediate hops.
    • Windows tracert: Uses ICMP (Internet Control Message Protocol) echo requests.
    • Linux/UNIX/OS X traceroute: Sends UDP messages to random ports on the destination (conceptually identical to tracert).
    • These utilities use error messages from routers to map the route.
  • tcpdump:
    • A free, command-line packet sniffer for Linux and Unix systems.
    • Captures traffic crossing the network interface.
    • Output can be saved to a file for filtering or playback.
    • Requires sudo privileges or root login access.

Common Network Problems and Solutions

  • Duplicate MAC Addresses:
    • Occurs when two devices on the same network share a MAC address.
    • Risks include spoofing (impersonation), which is a significant security threat.
    • Common in environments managing many virtual devices.
    • Resolution: Use switch error messages to identify the virtual devices and update their configurations.
  • Hardware Failure:
    • Involves routers, switches, or NICs going down.
    • Strategy: Use tracert or traceroute to locate malfunctioning devices. For more accuracy, target a node on the far side of a suspect router rather than the router itself.
    • Use the ping utility to verify basic network connectivity.

Questions & Discussion

  • Question: What protocol must be allowed through a firewall for tracert to work correctly?
  • Answer: ICMP. The Windows tracert utility sends an ICMP (Internet Control Message Protocol) echo request to the destination node and listens for an ICMP echo reply from that node.