The FTP, part of the TCP/IP suite, is used to transmit files from one device to another, FTP servers can be configured so that users do not need to authenticate themselves. The FTP protocol has several security vulnerabilities - it does not natiely use encryption and is vulnerable to man-in-the-middle attacks. FTP can be hardened by using secure FTP(which encrypts using SSL). Protectiong remote access transmissions is particularly important in today's eviroment as more users turn to the Internet as the infrastructure for accessing protected information. One of the primary defenses is tunneling, or encasing packets within other packers to ceate a secure link between devices. PPTP is the most widely deployed tunneling protocol while L2TP supports protocols other than TCP/IP. Authernticating a transmission to ensure that is came from the sender can provide an increased level of security for remote access users. The IEEE 802.1x standard is based on EAP, which is available in several variation. RADIUS forwards requests to a single server that contains authication records. The requesiong device does not directly access the server, but must go through an intermediary. TACACS+ is similar to RADIUS inthat it uses a remote server that contains authication records, however, TACACS+ transmissions are not encrypted. SSH is a UNIX-based command interface and protocol for securely accessing a remote computer. In addition to encryption, SSH can also be used to authenticate users. IPSec operates at the Network layer of the OSI model and provides enhanced protection to a variety of applications. IPSec supports two modes of encryption. VPNs allow users to use the public Internet to send private data transmissions. VPNs can be either user-to-LAN or site-to-site. A directory service is a database stored on the network intself and contains all the information about users and network devices. The standard for directory services is X.500, although the client protocol is difficult to use. It has been replaces with the LDAP, which transmits in cleartext and should be encrypted with SSL/TLS. Digital cellular telephony provides various featurel, such as Internet surfing or videoconway to transmit, format and display Internet data for devices such as cell phones. WAP transmissions can be protected by the WTLS protocol. WLANs are having a dramatic impact upon user access to data. However, several unique security vulnerabilities are associated with WLANs. Basic protection of a WLAN involves desabling broadvast SSIDs, enabling MAC address filtering, and turining on WEP encryption. However, each of these has its own set of vulnerabilities. Enhanced enterprise-based protection requires the use of the WPA and 800.11i, or treating the wireless network as an unprotected network. Thanks, more to come. © VITAL
