5.0 Network Security

5.2 Explain the methods of network access security.

  • ACL:

    An Access Control List (ACL) is a security measure for identifying and controlling specific network traffic. Access to particular resources can permitted or denied depending upon the individual permissions established within the control list. There are different types of ACLs, among the most commonly used are "named" or "numbered" and are applied with either standard or extended filtering. Access control lists must first be configured, then applied to the proper interfaces. Filtering may be applied to both inbound and outbound traffic.

    • MAC filtering

    • IP filtering

    • Port filtering

  • Tunneling and encryption:

    • SSL VPN

    • VPN

    • L2TP

    • PPTP

    • IPSec

    • ISAKMP

    • TLS

      Transport Layer Security (TLS) is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.

    • TLS2.0

    • Site-to-site and client-to-site

  • Remote access:

    • RAS

    • RDP

    • PPPoE

    • PPP

    • ICA

    • SSH

      Secure Shell (SSH) is a cryptographic remote login protocol for secure data communication over an unsecured network. Designed as a replacement for telnet and rlogin, which send information in plaintext, SSH client and server programs provide strong host-to-host and user authentication as well as a number of securely encrypted methods of communication to provide confidentiality and integrity of data. SSH supports data stream compression between the client and the server.

      There are two major versions of the SSH protocol in widespread use, SSH v1 and SSH v2. SSH v2 is more secure, and includes SFTP, which is similar to FTP, but is SSH v2 encrypted.