Unit 5 Wireless Security Report

MADS6638 Unit 5 Wireless Security

Objectives

By the end of this unit, the participant will be able to:

* Understand the need for wireless security * Check wireless connectivity from a public area * Understand war chalking and evil-twin intercept * Recognize the setting up of a wireless network in the workplace * Describe packets and how they work * Change the IP address and password for the router/switch * Enhance wireless security by encoding WEP and changing the key size * Enable the MAC filter and limit transactions * Decide when to turn off wireless capability * Turn off the service set identifier name * Disable remote configuration * Use a wireless network range extender * Create
a hybrid network * Assess vulnerability with a white-hat hacker to check defenses

The Need for Wireless Security

A wireless computer should have sufficient safeguards in place to prevent unauthorized access from the wireless access point by those who may attempt to perform criminal activity. It is necessary to ensure that only authorized users performing permitted activities access the network.

Checking Wireless Connectivity From a Public Area

To check if there is wireless connectivity from a residence or office, stand 150 away and use a hand-held wireless network detector to see if a wireless network signal is present. Press the button to see if the signal is detectable; if there is, a light-emitting diode brightens and an accompanying beep may occur. Once it is determined that a signal is present, the next step is to decipher whose signal it is.

Go to where the signal was detected with a laptop with a wireless network card. A Windows operating system with plug-and-play capability may show a pop-up window or notification showing the detection of a network. There should also be single service identifier (SSID) naming the network detected. A name like Tsunami indicates a Cisco network; a name like Linksys indicates a linksys network.

Note that the newer networks have an extended service set identifier (ESID), but most of the older and smaller networks will have a SSID. Every network that does not have an ESID has a default SSID that identifies the equipment and suggests the type of network it is (Cobb, 2003, chap. 17). The generic name of wireless indicates Netgear equipment.

War Chalking and Evil-Twin Intercept

War chalking is the secret marking of a building or facility to denote an open wireless connection.

The example indicates wireless connectivity by the concave and convex parabolas, and the W1.5 confirms the wireless access point to be at a rate of 1.5 megabits per second (see Figure 5.1). There is a community of people throughout the United States and around the world that feels Internet access should be free. They place these markings to alert others that free access is available. However, criminals also look for these markings and will contact other criminals in another state or country. This person may go to a similar wireless access point nearby and, for example, use the access to exchange child pornography or spied documents. The Internet protocol (IP) address of the authorized users of the wireless access points will be traceable if a criminal investigation ensues. In such cases, it is important to enable logging, because the media access control (MAC) address, a 48-bit unique signature of every network device, will be saved and thus exonerate the legitimate owners of the wireless access points. To obtain the machine 's MAC address, go the DOS Prompt, and type IPCONFIG/ALL. The physical address will indicate the MAC address.

Figure 5.1. Wireless Internet connectivity at 1.5 megabits per second

Evil-Twin Intercept

The following example best illustrates an evil-twin intercept (Cobb, 2003, chap. 17). Network security professionals often describe how hackers put a battery-powered laptop and wireless router/switch into a briefcase and then go to a cyber cafe like Starbucks. While most patrons think they are connecting to the café’s local Internet with their laptop, the wireless access point in the briefcase is sniffing all the traffic for the legitimate cyber cafe router and logging it onto the hidden laptop. The hacker then leaves with the usernames and passwords for various accounts.

Unauthorized Wireless Network in the Workplace

Sometimes individuals may disconnect with RJ 45 Ethernet jack on their computer at work and then connect a Linksys wireless router/switch. This allows them to walk around the office with their wireless PDAs, laptop, and other wireless devices. Many find it promotes connectivity and allows the easy sharing of files among equipment without getting tangled in wires. However, doing this creates an unauthorized network. If they have left all default settings, it offers the potential for criminal activity by other unauthorized users in the area who may connect from a significant distance with a cantenna. This unauthorized wireless network may soon be discovered unless the SSID, which is frequently broadcast in the beacon packet, is removed.

Understanding Packets

Every picture, document, program, and video that travels on the Internet is a stream of 1s and 0s contained in a file. One (1) is a bit of power; a zero (0) is a power level below a certain threshold. The streams of 1s and 0s could be called data and are located within a file. The file that is transmitted across the Internet is chopped in pieces called packets. The packets are numbered and then sent all over the Internet and passed along by routers to the destination. Some may reach the destination before others. When all the packets are sent, the packets at the destination are assembled in proper order. The sender may resent a packet that was not acknowledged by the receiver. There are four types of packets on the network.

Beacon Packet

The beacon packet has the SSID with the name of the network and the MAC address of the router/switch. These are sent so clients can see the network and join it. Even when encryption is enabled, the beacon packet is clear text.

Probe Packet

When a laptop is turned on and the wireless card enabled, it sends out requests for a probe packet. If a client’s request is received by the access point and there is a possibility of joining the network, a probe packet is sent. The probe packet is not encrypted if one enables it. It is sent as clear text.

Data Packet

The data packet only gets encrypted if the encryption feature is enabled on the router/switch. The data is what makes up the document or whatever is being sent. This is what the hackers are interested in because the information that is being transmitted is unique, such as a bank account number.

Ad-hoc Packet

The ad-hoc packet allows laptops with wireless cards to talk directly to one another. There is no access point involved. This type of packet can be also used in swarm technology, in which groups of single units come together to form a group.

The Router/Switch IP Address and Password

A broadband connection with a cable modem or digital subscriber line (DSL) is an open connection to the Internet. The IP address may be the same for a week, providing sufficient time for a hacker to access the machine. A simple, yet effective control is to use a router/switch, like the wireless Linksys router/switch, that allows up to 254 devices to connect to the broadband connection. The number 254 denotes a class C device. (A class B device would allow approximately 16,000 devices.) The default IP address on the class C router switch is 192.168.1.1, so it should be changed. Hackers use programs called port scanners to scan networks such as Optimum Online and EarthLink. Changing the default IP address from 192.168.1.1 to something like 192.168.254.1 means it will take longer for a hacker to find the computer, and he or she may just move one to an easier target on the network. To change the default IP address, first make sure an Ethernet cable is plugged into the network card of the computer. Second, make sure the Ethernet cable is plugged into the router switch. Start Internet Explorer. Change the http address to 192.168.1.1; if it is a Linksys product, the default username and password is admin. Lastly, change the default IP address (see Figure 5.2).

The Router/Switch IP Address and Password

Figure 5.2. Changing the IP address from 192.168.1.1 to 192.168.254.1

Once the default username and password are changed, then change the IP number. This will provide much more protection than just having the computer connected to the broadband modem.

A link on the set-up screen brings you to the sign-in page where the username and password are entered (see Figure 5.2). Scroll down to the username and password is on the main page when you first sign in. It is best to use passwords that contain at least eight characters of upper- and lower-case letters and numbers. It should not be a word or proper noun in a foreign or domestic dictionary. This also includes adding a three number prefix or suffix.

Encoding Wep, Changing The Key Size

Using Wired Equivalent Privacy (WEP) can enhance wireless security. At one time there were 40-bit keys, but the newer Linksys router/switches have 64-bit and 128-bit

Keys

Use the pull-down menu arrow next to the box 64-bit and select 128-bit instead. 128-bit encryption is best because it will take much longer for hackers with decryption software to guess the keys. Some hackers use AirSnort, a network tool that figures out the keys used in encryption after five million packets have been collected.

To create a new WEP key, type in a phrase in the Passphrase field and click Generate. This creates four new keys (see Figure 5.3). The default keys are generally known by hackers and provide little security when scrambling data. The number generated in Key 1 is 357BEB82F9. This is in hexadecimal notation. Hexadecimal is a base 16 number system that counts from 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F and then to 10.

Encoding Wep, Changing The Key Size

Figure 5.3. WEP setting key

Enabling the MAC Filter

To obtain the MAC address on a Windows-based computer, go to the DOS Prompt and type IPCONFIG /ALL. A hexadecimal number like 1D-54-22-45-BB-A2 will appear. This is a six-byte number representing a unique MAC address that is burned in the network card. No two MAC addresses are manufactured alike, just as no two people have the same fingerprints. However, those with specialized knowledge can use some operating system software to change the MAC address. Eight bits make a byte. A bit is made up of a 1 or a 0. Six bytes equal 48 bits. (Refer to a book on elementary computing for a refresher on the binary and hexadecimal systems.)

Figure 5.4 shows a button that allows the user to edit the MAC filter setting. Once clicked, this button takes you to another screen that allows you to enter the MAC address of your network card. This is absolutely fantastic security because it means the router/switch will now accept transactions only from your computer. Hackers cannot perform a transaction unless they first change the MAC address on their computer to match yours. This is difficult information to obtain and to change. Once the button is clicked, the MAC addresses of up to can be entered into the
MAC filter (see Figure 5.5).

Enabling the MAC Filter

Figure 5.4. Enabling the MAC filter setting

Figure 5.5. The MAC address filter

Turning Off Wireless Capability

Determine whether wireless capability truly necessary in the current office setup. For example, when using a desktop machine and a laptop, if the broadband connections and router/switch are nearby, it may be advantageous to turn off the setting on the router that allows wireless capability. RJ 45 Ethernet cables can connect the laptop and desktop, and the router/switch can be connected to the DSL modem and phone line for extra security.

Turning Off SSID

To disable the SSID, click Disable (Figure 5.2. shows the SSID as Linksys). Had wireless broadcasting been enabled, the MAC address of this router/switch and the name Linksys would have been broadcast in the beacon packet. To use wireless broadcasting, change the name in the SSID field from Linksys to something else, preferably something cryptic like RXV-Network, and do not broadcast. Authorized users in the area would have to know to type the specific name of RXV-Network when in proximity of this network to connect, thus adding security.

Not Allowing Remote Configuration

Remote configuration means someone on the other side of the world on an Internet connection could possibly configure a machine to allow them access and actually shut the legitimate user out completely. The only recourse would be to disconnect the equipment and follow the sequence in the manual to reset the router/switch to default configuration. This is usually done by holding the reset button for 10 seconds when plugging in the power jack on the Linksys router/switch. The start-up screen will then have an option for Remote Configuration. Pull down the scroll box and choose Do Not Allow. This means that only someone in the same physical proximity of the router/switch can make changes.

Using a Wireless Network Range Extender

A range extender is especially useful for buildings on large piece of property or a multi-floor house. The Linksys equipment is placed near the end of the range of the wireless network. The signal will then be amplified and retransmitted, thus extending the range of the wireless network.

Once the range of the wireless network is extended, then the security features--changing the SSID, using the MAC filter, turning off remote access, changing the default IP address, and changing the username and password--become critical. If these changes are not made, then it becomes very easy for a hacker or any other unauthorized user to turn your wireless network into an unauthorized access point.

Hybrid Networks

A bridge is usually needed to connect to more than one type of network. A hybrid network sometimes provides the advantage of wireless and the extra security of using wiring. For example, in a multi-level building, there could be a DSL connection in the basement that goes to a DSL modem and on to a router/switch. The router switch has an Ethernet cable that goes to an Ethernet power line adapter that plugs in the electrical outlets. On the top floor, there might be various laptops with network cards that have an Ethernet cable plugged into the adapter in the wall electrical outlet. With this setup, the house’s electrical wiring becomes a data network. The basement has wireless connectivity for all the laptops. Tall metal file cabinets could be used to absorb the signals that would normally go through the windows. If one of the top-floor laptops has only a wireless card, it can be connected wirelessly to another laptop that also has a wireless card as well as a network card and Ethernet cable that plugs into the power line. Those two laptops communicate to each other using ad hoc packets and will not use the router/switch as an intermediary.

Hybrid Networks

The above example show a wireless network in the basement and a power-line Ethernet adapter that uses the house’s electrical wiring throughout as a conduit for transmitting data from the router/switch. The first floor uses computers connected through power line Ethernet adapters. One laptop connects through its wireless card to another laptop by using ad hoc packets. These two laptops could be configured to have the same Microsoft workgroup and share files in certain shared directories.

Vulnerability Assessment

Check with a network security agency on the Internet or with your local chapter of the American Society of Industrial Security (ASIS) to find a security professional with a certification such as the Certified Protection Professional (CPP). There may also be a professional organization that has an auditing team that performs vulnerability assessments.

Some of the members may be reformed hackers, or white-hat hackers, because they are knowledgeable about hacking. They use their skills to protect systems from malicious hackers. However, it is critical to get numerous references from such individuals. A white-hat hacker identifies a security weakness in a computer system or network and exposes the breach in a way that allows the system 's administrators to fix it before it can be taken advantage by others with more malicious intents. A white-hat hacker may simply call or e-mail the system webmaster or administrator or leave an electronic "calling card" in the system, or an alert that security has been breached. Although white-hat hacking may be viewed as a challenge for some, others provide their services for a fee. They may offer their services either as a consultant or on staff.

Many of these white-hat hackers or security professionals will tell you that the technical aspects of network security are just as important as the non-technical aspects like locking doors, using alarms, and controlling access to the network to trusted employees. Security is a mindset and a way of operating, not just installing a firewall or changing some settings on a piece of computer equipment.

MADS6638 Unit 7 Limiting Access to Networks

Objectives

By the end of this unit, the participant will be able to:

* Define the four levels of a network as defined by the DoD * Describe the seven-layer OSI network model * Define what is meant by a firewall * Understand packet-filtering firewalls * Understand the proxy server * Describe circuit gateway firewalls * Understand MAC layer firewalls * Outline the clean desk policy * Outline a 10-step vulnerability assessment * Understand security clearances

The Four-Layer DoD Network Model

In 1973, the U.S. Department of Defense (DoD) had a project called the DARPA Internet Project Interwork (www.freesoft.org/CIE/Topics/16.htm). The purpose of this project was to enable various data packets sent over various wire networks to communicate with each other using a set of new protocols. The research resulted in the development of two protocols. The first was the transmission control protocol (TCP); the second was the Internet protocol (IP) (www.isoc.org/internet/history/cerf.shtml). The TCP/IP protocol allowed different types of networks, which could not previously communicate, to share data when physically connected to each other. In the civilian world, the abstract model of this type of network became generally well known as the TCP/IP model. This same abstract model for allowing disparate networks with various protocols is known in the military as the Four-Layer DoD Model. To understand how networks and firewalls work, the DoD Four-Layer Model has to be understood first.

The four layers, from bottom to top, are the (a) network access layer, (b) Internet layer, (c) transport layer, and (d) application layer.

The network access layer is lowest level of this network, and contains protocols like Ethernet. It defines voltage levels for signaling ones and zeros and cabling standards and distances for various cable types. The second lowest level, the Internet layer, manages sending the data not on the local network to other networks on the Internet. If packets arrive from networks with protocols handling much larger packet sizes, then this layer makes them smaller. It also deals with address resolution and routing packets to the proper network.

This next layer passes the information through a buffer known as a TCP/IP stack from the outside world through the network access layer to the two upper layers. The host-to-host layer, also known as the transport layer, checks if the packets from the TCP/IP stack are received and sent without error. This TCP protocol will ensure the data packets are resent if errors occur. If the data does not have to be checked, if it was received and resent, then the user datagram protocol is used. This level also deals with flow control, which regulates the flow of data and its packetization. The highest level is the application layer. This is for applications such as Telnet that allow log on to remote computers.

The Four-Layer DoD Network Model

There are other applications, such as simple mail transfer protocol (SMTP), that make e-mail possible. The file transfer protocol (FTP), another frequently used application, is used to send and receive files to servers for purposes such as webpage creation and document management.

The OSI Network Model and Its Seven Layers

A competing abstract model for describing networks is the open systems interconnection (OSI) networking suite, the seven-layer model as defined by the International Standards Organization (ISO).

The seven layers, from bottom to top, are the (a) physical layer, (b) data link layer, (c) network layer, (d) transport layer, (e) session layer, (f) presentation layer, and (g) application layer.

The lowest level is the physical layer. This layer defines connector size, voltage levels, and wiring types. The next to lowest level is the data link layer, which is made up of the logical link control layer and the media access control sub-layer. This layer deals with organizing the bits in packets and puts in the media access control (MAC) from the network card. The next layer is network layer, which defines how data is routed to distant networks and determines the setting up of virtual circuits as well as how the packets are numbered. The packets are numbered and sent over the Internet and reassembled at the other end in ascending order.

The transport layer uses the TCP, and the UDP protocols defined uses the TCP/IP stack to transport data. The last three layers, from third to first, are the session layer, presentation layer, and application layer. The session layer controls the creation and destruction of the session. The presentation layer provides security, such as encryption. The application layer supports applications, such as e-mail and Telnet.

Firewalls

For those in the information technology field the simplest definition of a firewall is that it regulates the flow of information from the trusted world to the untrusted world. The untrusted world is all the connected networks of cyberspace, also known as the Internet. The trusted world is the Intranet—or all the organization 's connected computers—which is behind the firewall. Beyond the firewall is the untrusted world.

Packet-Filtering Firewalls

Level two in the DoD four-layer model was the Internet Layer, where data was sent to other networks and managed connections with other networks A user can set rules that do not allow packets from a certain IP address or packets being sent to certain networks. If there is a connection with a certain remote IP address, the firewall can act like a policeman and enforce the rules set in place by not allowing data to flow from or to that connection. A firewall can also regulate inbound or outbound traffic (Whitman and Mattord, 2005). The packet-filtering firewall can also block certain services like FTP from certain IP addresses. The stateful inspection firewall is a more powerful packet-inspecting firewall. This can block traffic from websites that was not requested. The firewall has a state table that shows which users requested which pages. Therefore, if the incoming webpage was not requested, it can be rejected.

The Proxy Server

A proxy server—also referred to as the application gateway or application firewall—acts as an intermediary between a workstation user and the Internet. It ensures security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the network from the outside network and a firewall server that protects the network from intrusion from the untrusted world.

The proxy server does not allow its clients to have direct contact with websites or servers. If a client requests a page, the requested page is copied into cache and then given to the user. If the user requests simple websites, then the cache does not have to be too large and the system works well. The situation becomes difficult when the user requests a lot of pages and there is too much paging in and paging out of cache and pages must be inspected.

The proxy server can be configured to support a single application, such as http for reading webpages. However, it may not be feasible if there is a large group of users working with a variety of applications (e.g., telnet, FTP, and SMTP) that need to have packets copied and scanned.

Circuit Gateway Firewalls

According to Whitman and Mattord, the circuit gateway firewall works at the transport layer of the OSI model above. The circuit gateway firewall allows users to receive data only from a place they requested. For example, the user requests a webpage and the circuit gateway firewall records the transaction, but the firewall is configured to block that particular IP address. The request for the webpage goes to a distant computer, which then sends the page back to the user. The webpage is passed on if it was from an IP address that is allowed and requested. The only disadvantage would be potentially harmful data could be let in along with what was initially requested unless another set of filters is used as well.

This setup would work well, for example, for a student with a dedicated computer in the United States who only needs to log on to his or her computer (also with a fixed IP address) at a university overseas. The circuit that allows the student to Telnet only to that location can be configured. The student would probably only be able to collect and send e-mail, and retrieve some documents, and log off. The tunnel would be open for a brief time, and the activities would be limited and of a low security nature.

Mac Layer Firewalls

The network access layer plays a large part in routing traffic between computers using the MAC address. A MAC layer firewall can be configured so only transactions from certain computers are allowed. To do this, go to all the computers involved and type IPCONFIG /ALL at the DOS PROMPT and hit Enter. The 48-bit MAC address, made up of hexadecimal numbers, will appear. An example of a MAC address is 3E-44-12-1A-2B-34. Enter the computer MAC address into the filter to restrict computer transactions based on this new access control list.

The Clean Desk Policy

The previous discussion covered the various technical methods of limiting access to computers on a network and restricting processes as well as the flow of data. However, there are some low-tech ways to restrict access to sensitive data in the office that can be used to breach a network. This is known as the clean desk policy (Whitman and Mattord, chap. 4). This policy exists in many government offices and health-care facilities. Because it requires that employees remove all sensitive work-related documents from their desk and lock them up at the end of the day, it is often difficult to enforce.

The policy makes sense because custodial staff or employees who come in after hours could copy information or take originals without anyone else’s knowledge. A stolen sheet of paper could be missing for a long period of time before the owner is aware that it was missing or for how long security has been compromised.

Vulnerability Assessment Cycle

A network should have sufficient safeguards in place to prevent unauthorized access by those who may attempt to perform criminal activity. It is necessary to ensure that only authorized users performing permitted activities access the network. A vulnerability assessment can determine how and where a system is vulnerable and outlines a plan to minimize intrusion and damage.

There are varying regulations regarding a vulnerability assessment. Financial and health-care related industries, for example, must comply with more detailed regulations than the videotape industry. These 10 steps are for a small, non-regulated industry and are used only to illustrate the main concepts of what constitutes a vulnerability assessment.

1. Get approval. High-level administrators need to know that you are auditing the network’s vulnerability. Failure to get approval could be considered a criminal act if the network were successfully broken into without proper authorization. Each employee should have read, understood, signed, and dated a policy for acceptable Internet, e-mail, and computer usage. It is best if the signature is witnessed or stamped by a notary public so there is no question as to its authenticity. 2. Perform tests on the network. Determine if the system can be broken into from the outside using a penetration test. Conduct a leak test to find out if the browser or word-processing applications send out data while the computer is connected to the Internet. 3. Check the physical environment. Check if passwords are left out in the open on the desk or written on paper near the computer. Try to physically access an employee’s computer. Lastly, the auditor should attempt social engineering by phone to trick the administrator into revealing usernames and passwords that access e-mail, websites, computers, or any other area company information is stored. The auditor should also check that the computers are located in locked rooms with cameras and alarms. Computers should be cabled or fastened so they cannot be taken out of the room. 4. Test backups. Determine whether the system is backed up and that crucial data is stored offsite in a place where it cannot be tampered with and is safe from temperature and climate changes. The auditor should also test and verify that a data restoration can be performed. Many backups that are done using utilities have never actually been restored, so there may be a level of false confidence in them.

Vulnerability Assessment Cycle

5. Check software. Make sure each software package or operating system installed on the system has the application software safeguarded in a case; numbers, license keys, or other information may be needed for reinstallation. There should also be a backup of key system files, such as the registry, in case the restored operating system and hardware must be reinstalled. The system should also be configured so employees cannot save to floppy drives or USB drives to transport sensitive material. An authorized user who logs on with administrative rights may use such drives. 6. Verify logs. Verify that someone other than the system administrator checks the logs and security practices. The logs should also be surveyed periodically for unauthorized access and equipment failure. This can also be done with an automated tool because of the volume of things to check. 7. Educate and train staff. Make sure everyone is trained in the system security procedures and that there is awareness. These procedures should be agreed to by all and posted in a public place or printed in a manual issued to everyone who has access to the system. Education would include best practices for network security, like the use of password-protected screen savers. 8. Examine access rights. Make sure users have access only to what they are supposed to and that they cannot access information to which they are not privy. 9. Check for antivirus software. Make sure that antivirus software is in place to prevent malicious code from being introduced into the system through e-mail or downloads. 10. Use a network mapping tool. A network mapping tool can find out all entry points to the system. Also verify that each station identified on the map contains only current, authorized accounts.

Once the process is completed, it can then start again because security is an ongoing process.

Restricting Access

The following are technical and non-technical methods of restricting access to data:

1. Use firewalls to restrict the flow of access from the untrusted network to the trusted network 2. Use badges, security guards, closed circuit television cameras, smart cards, and other access methods to deny physical access to the network 3. Cross-cut shred and burn documents and CDs before disposing to stop dumpster divers from retrieving and reassembling discarded documents 4. Authenticate users with biometrics to identify who has access to computers and the network. Each user’s biometrics are unique, such as fingerprints, retinas, body temperature, and voice prints 5. Institute policies, such as the clean desk policy 6. Create templates for each user on the network based on their security clearance

Security Clearances

Internal Use Only

This classification may be used for documents on the network that exist only inside the company intranet and that may be accessed only by contractors or authorized users associated with the company. For liability purposes, perhaps the document should have this classification on the header.

External or Public Domain or Unclassified

External, Public Domain, or Unclassified may be used for documents placed on the webserver for the untrusted network, namely the Internet. This classification would allow users without any clearance who wish to access some information about the company to obtain it and use it for unrestricted purposes.

Secret

The FBI grants Secret classification (www.fbi.gov/clearance/securityclearance.htm). Clearance can be obtained by filling out forms SF-86 and FD-258. The FBI will investigate an individual’s credit history and police record. Secret classification allows access to a certain level of documents and allows the individual access to an FBI facility with proper escort. Some jobs in law enforcement, the military, or with third-party contractors may require this security level (Whitman and Mattord, chap. 4). According to Whitman and Mattord, Secret classification is for material whose disclosure could cause serious harm to national security.

Top Secret

According to Whitman and Mattord (2005), Top Secret clearance classifies material whose disclosure could cause exceptionally grave harm to national security.

Need to Know

Need to Know is a classification often heard about. This classification means that even though an individual may have a Secret clearance, he or she needs to have a reason to access that data. Logically, having a Secret clearance should not mean that an individual can peruse files without a specific reason.

There are other clearance levels: Confidential, Sensitive But Unclassified, and so forth. The FBI site (www.fbi.gov) has more information about them. These classifications could be used for paper files, computer networks, and physical security. They may be also combined with other access controls, like Need to Know. Access needs to be restricted in a logical manner by using a variety of firewalls, security clearances, physical security devices, and background checks. While increased levels of control seem to increase complexity, it also increases the level of security.

Web Resources

DARPA Internet Project Interwork www.freesoft.org/CIE/Topics/16.htm The Internet protocol (IP) www.isoc.org/internet/history/cerf.shtml FBI www.fbi.gov/clearance/securityclearance.htm References

Whitman, M., & Mattord, H. (2005). Principles of Information Security. Boston: Thompson Course Technology.

Assignment

1. Look up the term firewall on Webopedia (www.webopedia.com) for the most basic explanation.

2. Read the chapter on firewalls in the text. Also recommend is Firewalls for Dummies, by Brian Komar, Ronald Beekelar, and Joern Wettern (ISBN: 0-764504048-3).

3. Principles of Information Security, by M. Whitman and H. Mattord is another good source for understanding all aspects of information security (ISBN: 0-619-21625-5). Chapter 6 is on firewalls. Both authors have a CISSP certification, which many feel is the premier certification in network security.

MADS6638 Unit 8 Virtual Private Networks

Objectives

By the end of this unit, the participant will be able to:

* Define a virtual private network or VPN * Outline the disadvantages of VPNs * Outline the three types of VPNs * Describe what five services a VPN needs * Decide between dial-up VPN or broadband VPN * Understand where to locate a VPN * Understand when to use a VPN * Describe what happens during a VPN session * Set up a VPN in Windows * Find out more about VPNs

Defining Virtual Private Network

A virtual private network (VPN) is basically a low-cost technology to secure point-to-point lines between a computer and a server. It was created as a way to lower costs in information technology department, but maintaining the security of a point-to-point leased line. Employees who telecommute from home or connect to the server at the office use VPNs.

There are basically two kinds of VPNs. The first is a compulsory tunneling: The carrier network requires a tunnel to be created from the client to the server as soon as a connection to the network occurs (compnetworking.about.com/od/vpn/l/aa010701d.htm).

The second kind of VPN is voluntary tunneling: The computer connects to the Internet and then creates a connection to the VPN server. The tunnel is an encrypted point-to-point temporary virtual channel over public networks. Even if someone eavesdrops on the tunnel, what is seen will look like nonsense because it is encrypted with an algorithm like advanced encryption standard (AES) or triple data encryption standard (3DES). There are many encryption protocols that are found on older VPNs, but this protocol is not used much because it has been deciphered by hackers. However, most hackers are not going to have the time, tools, and processing power to hack a DES-encrypted tunnel. The National Security Administration (NSA) website has latest information on security algorithms (www.nsa.gov).

Disadvantages of a VPN

Because VPNs work over the Internet, which is often busy with traffic, they are not real-time because the packets arrive with some delay. The VPNs are not all standard and use different protocols; many hardware and software VPNs are not compatible and cannot connect easily, if at all. It is necessary to plan the client and server connections, hardware, software, and protocols used so that it is a simple, smooth process.

Three Types of VPNs

The three types of VPNs are based on (a) hardware, (b) software, and (c) firewall.

Hardware-based VPN

Hardware-based VPNs use encrypting routers. For example, a Linksys VPN router/switch connected to a broadband connection can provide a secure connection to a corporate network using a tunnel and encryption.

Software-based VPN

Software-based VPNs are installed on the server and allow remote connections to safely connect.

Firewall-based VPN

As its name suggested, the firewall handles all the connections and tunneling.

The Five Services a VPN Needs

Cobb (2003, p. 253) provides an easy-to-understand discussion of the five services needed for a VPN. They are

1. Data protection. Data from point to point over the Internet is encrypted using a protocol like 3DES or AES. 2. User authentication. All users must be verified. Logging must occur verified so that the two points can be sure each is who they are supposed to be and unauthorized users cannot fool the system and connect. 3. Key management. There must be a shared secret so that encryption and decryption can occur between the two parties. 4. Multiprotocol support. This allows website browsing, Telnet, e-mail, and other services. 5. Address management. This keeps IP addresses on the internal network secret from unauthorized entities.

Dial-up VPN or Broadband VPN

Cobb (2003, p. 255) writes that the old dial-up connections use a protocol called L2TP. It is important to have the correct protocol and equipment when setting up a VPN or it will not work properly. According to Cobb, the L2TP protocol, which is not part of the TCP/IP protocols, emerged from the old point-to-point protocols that were popular on dial-up accounts in the early 1990s. Some feel that the L2TP is much simpler to work with than a packet. L2TP uses the old, highly structured frames that work well on circuit-switched networks (e.g., the phone line) instead of the more complex packets with error-control mechanisms. Cobb says that the frames work at the data link layer.

A broadband Linksys VPN router/switch connected to a DSL uses the IPSec protocol. Cobb states that this protocol works at the network layer, which means that it uses packets with source and destination IP addresses. The packet system also allows error correction capability. The IPSec protocol works well with the Internet, Intranet, and in connections between local area networks as well as any other place where packet switched networks exist. There is also the option of using VPNs in wireless networks. For security purposes, it may be best to use VPNs in a wireless environment with least a 128-bit encryption.

Using VPNs

VPN technology should not be employed simply because it is available.
A VPN works well for industries in which the interception of data could give a competitor an unfair advantage. For example, a VPN would be necessary for telecommuting employees who send proprietary data from their home computer to the network at the office,. Perhaps a good place for a VPN would be in a health-care environment, where it is essential that small amounts of data gets point to point without being intercepted and understood by a hacker. There could be many uses where data needs to get point to point with its integrity intact and viewed only by authorized personnel. Law-enforcement agencies, credit card companies, and the military may have numerous applications for VPNs.

VPNs may also be appropriate in an academic setting. Although most dorms are networked, universities employ stringent firewall rules to restrict students from using their computers as a server to the outside world. The Internet control message protocol (ICMP) packets and other types of control packets are disabled on student-used networks. It appears the only way to do gaming is through a website or through VPNs to avoid affecting the servers/configuration/ports and data flow. A VPN can go in front of a firewall or behind it. For example, a VPN router/switch can go in front of the firewall on a
laptop.

When people use the Ping command to see if another computer or network is active, they are using the ICMP to get information about the distant computer (see Figure 8.1). Webopedia.com, an online encyclopedia, describes the ICMP as an extension of the Internet Protocol and is defined by request for comments (RFC) 792.

Figure 8.1. Ping command

What Happens During a VPN Session

Here is a simplification of what happens in a VPN session. The user at a remote location may first ask for a connection by means of a broadband connection or through a dial-up account. The destination point must then be set up for a VPN connection. Each party uses an electronic envelope or wrapper to send the keys to each other. This will allow an encryption schema. The destination point asks for identification from the user. The user must authenticate with username, password, smart card, and then a temporary IP is set up. A temporary tunnel with encryption is established. Cobb (2003, p. 254) provides a more detailed description of a session.

Setting up a VPN in Windows

If only a few simultaneous tunnels are needed for a few employees sharing data, it seems logical to use the Windows VPN Client Server that is issued with Windows XP. This VPN uses the point-to-point protocol (PPTP) that is issued standard with Windows.

The PPTP protocol uses authentication and encryption (www.homenethelp.com/vpn). Port 1723 is used for the tunneling. A VPN can be set up with the following steps using Windows XP:

1. Go to Control Panel, Network Connection, and Create a New Connection (see Figure 8.2). 2. Chose Advanced Connections, Accept Incoming Connections (see Figure 8.3). 3. When the configuration window comes up, specify the IP address allowed to connect. 4. Go into the Linksys router/switch and turn off the DHCP that provides a new dynamic IP address; use a static IP address instead so that others can connect to it. 5. Connect, and give the IP Address to those who will be connecting to the VPN.

Figure 8.2. Creating a New Connection Wizard

Setting up a VPN in Windows

Figure 8.3. Accepting incoming connections

VPN Support

One place to learn more about VPNs is www.vpnlabs.org. There is a general forum and a very technical forum where you can post questions or answer them. The forum has more than 500 complete indexed questions and answers. There are also free tutorials for both the beginner and advanced security professional and a newsletter that covers all the latest protocols and new VPN developments. There are also links to other sites for software downloads. Whitepapers of the same type found at IEEE conferences, with references, can be downloaded from the site.

Web Resources

The National Security Administration (NSA) website has latest information on security algorithms www.nsa.gov

Virtual Networks www.homenethelp.com/vpn VPN Labs www.vpnlabs.org Discussion

Discuss with your classmates how you could benefit from a VPN for your own use with your home business, family, or with friends. You should be prepared to discuss what hardware or software you would use and the protocol.

MADS6638 Unit 9 Security Certifications and Administration Practices

Objectives

By the end of this unit, the participant will be able to:

* Understand the value of regulations and policy * Describe what is meant by separation of duties * Understand outsourcing * Describe why system accountability is a key feature * Outline system certifications * Understand agreements for networks

Introduction

This unit discusses some system certifications and processes of security that are beyond the scope of the textbook and particular to students who are U.S. federal government employees or National Guard Bureau personnel. These terms can all be found in the SSCP preparation book (Jacobs, Clemmer, Dalton, Rogers, and Posluns, 2003).

Policy, Regulations, and Staying Current

Network security is not as glamorous as many students have been led to believe. Television shows often portray an IT specialist as matching wits with a hacker and engaging in some kind of counter attack. Instead, the reality is that policy is the key to good network security, and it defines for everyone what can and cannot be done.

Educating users and having them sign agreements for acceptable use of computers, the Internet, and e-mail is of utmost importance. The acceptable-use policies of the computer and network as well as Internet policies must be fair, enforceable, and legal if they are to stand up in court or used by the human resources department when terminating or disciplining an employee.

The network security administrator must be an individual who is actively monitoring the network.
He or she must read magazines and journals to learn about commonly available technologies that can be used on a network or work in parallel to it. For example, security personnel must be aware of how electrical power-line network adapters work. By understand how this technology works, the security administrator can can prevent an employee from setting up a second Ethernet adapter in his or her computer, creating a workgroup of covert network of employees communicating and running a private business over the electrical wires in the building.

The network administrator and the network security administrator need to be aware of these types of products and how they can be used to create low-cost covert networks in the workplace. The administrators need to be aware of the push-to-talk feature on cell phones and understand, for example, that sensitive documents can be leaked by the use of cell phone cameras. The administrators not only need to be aware of these technologies, but they need to update their policies and procedures so they can take legal action against employees who leak information.

Separation of
Duties

One way of maintaining security on a large project of any kind may be to expose workers to only a very small part of a project and provide very limited information. The workers on small elements of the project will not be fully aware of the greater picture. The concept of compartmentalization can be applied to maintain security on small networks. This, in turn, will limit opportunities for crime and corruption for those who administer the network. An individual who performs both operations and security tasks could, hypothetically, break into any part of the system, take confidential data, sell it, and cover up his or her tracks without a trace.

Separation of duties on a small network could mean that a network administrator does not authorize changes and review logs because the operation and security functions of the network are opposed to each other. When security is added, confidentiality, integrity, and availability are increased as well. However, maintaining a secure environment takes resources and slows the daily operations of the network (Jacobs, et al., 2003, p. 144).

Periodic Audits

Like regular inspections of army barracks, periodic audits of the network force everyone involved to maintain high standards and to be accountable for security measures and good operating procedures.

For example, universities must pass periodic reviews from external and internal auditors. Fairleigh Dickinson University is currently preparing for a Middle States Review in 2005. While this review prepares the University for accreditation, network security policies, procedures, practices, and disaster recovery plans are examined along side educational standards. This policy keeps the university and its networks operating at a higher level than if there were no review or inspection.

Outsourcing Security

The outsourcing of security has become big business: Many companies neither have the expertise nor the desire to learn all the regulations of network security for their industry. Instead, the preference is to hire those with more expertise. This concept is called transference. The company that outsources its network security not only has the peace of mind of knowing it is no longer responsible for it, but it allows them to budget a fixed cost for security. An external security outfit will perform the certification process for computer networks. Because the vendor uses its own audit teams, certification can be done faster.

System Accountability Is Key

According to Jacobs et al. (2003), system accountability must be extensive; a log parser should be used. A log parser helps determine whether the occurrence was due to malicious behavior by an internal employee or an external intruder gaining network access. Logs may also show if deletion of data happened accidentally because of hardware or software failure or incompetence of a new employee. The logs and logging parsers play an important role in allowing network forensic investigators to do a thorough and fair job of determining identity and/or motivations of a person performing a malicious act. The logs may also become exculpatory data, clearing any users accused of creating problems that were a result of system failure.

System Certifications

The security system process can be categorized through the following terms: acceptance, accreditation, assurance, and certification.

Acceptance

Acceptance means that a system has met all the performance benchmark regulations specified at the beginning of the system testing process. These benchmarks may be commonly known metrics (e.g., process speed, CPU utilization, etc.) Acceptance also means the system has met all the criteria for security. These criteria may have been set by government regulation or by a company’s security plan standards. Acceptance also means that these security and performance standards can be integrated into the daily operations of the computer network.

Accreditation

Accreditation means that certain security processes and procedures used on the system that have met some guidelines. In general, a system is considered accredited when (a) all the proper entities of the network sign off that it has met the security requirements and (b) all risks associated with the system have been accepted. It is important to know that a system cannot be 100% safe; it is not foolproof unless a prohibitive amount of money is spent on equipment, software, and security personnel.

Assurance

Assurance is often heard with regard to information networks. This term basically designates a level of confidence conferred upon a system so that those using the network know how much trust they can put in the confidentiality, integrity, and availability of data.

For example, a low-level assurance designation might mean that employees could store low-level public documents or other items that have little importance or consequence if altered by unauthorized parties.

Certification

The term certification is a complex one. Certification is a process that examines the evaluation for compliance of a system to security standards. The process for network certification is very extensive and has a number of criteria that need to be evaluated in this process. The certification team may be a combination of internal and external auditors as well as internal employees and external consultants. The certification process of a bank network, for example, is more rigorous than the certification process of other low consequence systems.

The process for a bank network could start with looking at how customers get money and deposit it. The certification team would examine the policies, procedures, and mechanisms for how paper and online checking, including in person and ATM deposits, are handled.

System Certifications

Next, the team may do a vulnerability assessment by having a member of the team attempt to get funds they are not entitled by social engineering on the phone, in person, or by e-mail. A social engineer is someone who finds a piece of information (e.g., a username) and contacts the network administrator pretending to be the authorized user. The social engineer may try to convince the administrator that he or she has forgotten the password and ask for it in order to gain access to a system.

The vulnerability assessment could also include mapping the network and examining all access points through the computer network, phone, ATM cards, and in person. The team may also examine how money transfers are done and examine protocols to determine the confidentiality, integrity, and availability of data within transit.

Certification may also include examining the disaster recovery process from regular scheduled computer backups and paper transaction backups, as well as examining the disaster recovery plan for both thoroughness and implementation. The certification team may visit the offsite backup facility and try to restore a backup to determine the value of the disaster recovery process.

Certification may also include testing the robustness of the system from attack from the inside and outside the network by using various penetration tests. White-hat hackers may be hired for this part of the certification process. Assessment teams have to run through numerous checklists of processes, so each item is scored. Certain scores may cause the bank to stay closed until the problem is corrected and a certain level of assurance can be guaranteed.

Quality assurance professionals may also be brought in for certain cases to examine if a buffer overflow attack can be used to gain access (searchsecurity.techtarget.com/sDefinition/0,,sid14_gci549024,00.html). Hackers create a buffer overflow attack by filling in a data field with extraneous data containing malicious code that executes on the user’s machine. For example, in 2000, vulnerability in the message header for Microsoft Express and Outlook express allowed hackers to overflow the field and execute code. The recipient did not even have to open the e-mail for it to happen. (Microsoft quickly issued a patch to correct the problem.) The quality assurance professionals may also thoroughly test banking applications and key combinations to determine system stability and if there are side effects.

The certification process may also include small details that network security professionals may overlook. The certification team may ask to see if the bank has a change control board that approves all software and hardware changes, patches, updates, and replacements. This is necessary because many hardware and software patches, upgrades, and fixes may have vulnerabilities that can be exploited by unauthorized users to gain access to the system. Some of these exploits can be malicious, while others may be accidental.

Service Agreements

An organization that hires an outside vendor to install a network may have the vendor sign a quality of service agreement to insure a certain level of quality of both the materials used in wiring as well as the initial performance of the network when it goes online. The outside vendor may be used to control costs and insure quality. A service level agreement may also give the company’s network administrators some peace of mind because a certain level of support may be guaranteed.

Many savvy chief information officers will also ask vendors who install and maintain a network for a sunset agreement. A sunset agreement is a provision that the vendor will, for example, replace a system after a certain number of years so that the customer is not stuck with a system that is no longer supported and for which they can no longer get parts. There have been cases where vendors have had to replace a network with newer components because the vendor no longer supported the old network, which was still on contract with the service level agreement.

References

Jacobs, J., Clemmer, L., Dalton, M., Rogers, R., & Posluns, J. (2003). SSCP: Systems security certification practitioner, study guide and DVD training. Rockland, MA: Syngress.

Assignment

Your family hears about computer crime including problems with network intrusion. Your family members ask you for some level of assurance. How do you ensure that the computer doesn 't put everyone at risk? How would you create a high level of assurance for a family computer that is connected to the network?

Discussion

Go to the discussion board and discuss what network security is. Discuss the roles policy, procedure, incident response, software, hardware, updates, and employee education play in maintaining network security.

MADS6638 Unit 10 Careers in Network Security and Cryptography

Objectives

By the end of this unit, the participant will understand:

* Educational opportunities in network security * The skills and requirements for professionals * The importance of staying current * How to find more information on careers in network security * What is meant by cryptology

Educational Opportunities

Some law-enforcement officers suggest that students interested in network security as a career should take related courses to learn the basics and meet other professionals in the field. Security professionals already working network security can provide a more realistic view of what the field is really like. FDU’s master of administrative science (MAS) program has a four-course concentration in computer forensics and network administration.

Federal agency officials recommend obtaining a master of science in computer science with a concentration in information assurance. There are scholarships available for college through the National Science Foundation with the National Science Foundation Federal Cyber Service Scholarship. Brooklyn Polytechnic Institute is considered a center of excellence in information assurance and has opportunities to apply for federal scholarships.

Thompson Education’s Private Investigation course is also a highly recommended. Also an internship with a private investigation firm that does computer fraud investigation would offer students the opportunity to work on simple assignments under the firm’s license, eventually working up to computer fraud investigations. With this experience, it may be possible to apply for a private investigator’s license and then go on to a school that specializes in computer fraud investigation.

From an academic standpoint, it is important to read as much as possible about private investigation and network security, as well as network protocols, topologies, and technologies. It is advisable to learn how to use these security tools on a small, private network not connected to the Internet. Starting out small will ensure that you do not break any policies at work. Also, it is suggested that interested students receive certifications in CompTIA, SSCP, and some other beginner certifications, which can be a first step in gaining elementary work experience in network security.

Three years of experience are needed before applying for the CISSP certification. Joining the ASIS International and getting active in local meetings can be a way to meet other security professionals and see what areas are hiring as well as what parts of the field are of interest to you (www.asis.org).

Abilities and Requirements

Students should ask themselves a number of questions to determine if their skills and life goals are right for this type of work. For example, really think about whether you are willing to relocate to another part of the United States or travel to a remote country where your company has a corporate office. Do you pay attention to details? Can you learn new things easily? Do you work well in a group? Can you write comprehensive and easy-to-follow reports?

Applying for a security-related position in some government agencies may require that you answer personal questions under polygraph. It also means submitting to a background search that examines credit history, driving record, court records, and school files. Friends, acquaintances, colleagues, and, possibly, family will be asked questions about you.

Staying Current with Technology

It is necessary to stay current with new developments. New operating systems are always being released, along with new network protocols, hardware, and security applications constantly coming to the marketplace. While it may be difficult, it is nevertheless essential to your organization’s network security that you absorb and interpret the new information as quickly and thoroughly as possible.

This means learning it in detail and being highly proficient. A criminal investigation resulting from a breach of the network may mean going to court, so being knowledgeable is an absolute must. Subscribing to newsletters through places like www.networkworld.com and trade journals like Laptop is an easy way to keep up on the latest technologies. Therefore, you will have to learn for as long as you are working. You must make this commitment to learning if you are to be successful in network security.

Beginning the Search

The Network World is a comprehensive source for career information about networking and security. The site offers numerous article and whitepapers on networking, including the subtopic of network security. There are also several free newsletters that are offered on topics like VPNs, wireless management, and security. There are links to forums that discuss current topics like, for example, outsourcing. The Careers area has a multitude of articles for someone just starting out in the field as well as for longtime professionals.

Position Categories

The following are examples of position descriptions in Network Security Administration

Engineer Specialist

Depending on the industry, engineer specialists may require a security clearance as well as specialized knowledge in maintaining network identity integrity and verifying identities for customers and employees. This would be especially important, for example, in a financial brokerage. An engineer specialist would have been the first line of defense in the case of the 2004 national alert for a financial company New Jersey. The alert warned of the possibility of a cyber attack, which meant that an intruder might try to gain access by masquerading as an authorized user and then cause havoc on the network.

Job Categories

Network Security Administrator

This position would involve overseeing backups, e-mail, ftp, website effectiveness, and proper usage, as well as account maintenance. Again referring to the cyber attack warning above, a second alert for the financial institution mentioned the possibility of a physical bombing. A network security administrator would be responsible for ensuring that proper backups are created so that if there were a tragedy, namely a bombing, any network equipment could be replaced and previous transactions and accounts could be restored using the offsite backups.

Cyber Intelligence Analyst

This position would probably require a clearance. It involves examining links, motives, malicious behavior, and trends to protect U.S. assets that use computer-based networks. This type of position is good for someone knowledgeable about world politics, computer networks, network security, and about how to conduct both vulnerability assessments and penetration tests on the network.

Information Security Specialist

Jobs advertised for this type of position would involve creating, implementing, maintaining, and testing the security plan for the network. A bachelor’s degree would be required along with perhaps five to seven years of network security experience.

Researcher in Network Security

This type of position may be related to the field of cryptology and involve creating ciphers so that various clients could encrypt information for company staff. Cryptology keeps proprietary trade secrets safe and keeps information secure while in transit to, for example, patent lawyers and other entities.

Cryptology

Cryptology is defined as performing an operation on a file so it appears unintelligible to everyone except the authorized user. An authorized user could then perform another operation on the same file to make it become intelligible again. One algorithm that does this is the Diffie-Helman algorithm, which enables parties at both ends to use a shared, secret key without having to send it to each other (computing-dictionary.thefreedictionary.com/Diffie-Hellman). Such algorithms are often developed for government or private company use.

Diffie-Helman Algorithm

The Diffie-Helman algorithm was developed in 1976 to allow secure communication in environments where approximately 30 or more users may be collecting packets. It is considered an ingenious method of creating and sharing a key. The Diffie-Helman algorithm is used in the IPSec protocol, which is used in VPN tunnels (Cobb, 2003, p. 258).

There is what is known as a session key, and each side uses this in encryption as well as decryption. The Diffie-Helman algorithm was used to create the session key for more powerful encryption schema such as DES and Triple DES. There are reports that say DES encryption has been broken, so therefore Triple DES is used extensively now. Both encryption schemas also use logic gates, bit shifting, and feedback. The following is an explanation of how an exclusive or (XOR) gate works below. A shortcut to remembering this may be that if the input bits are different the result is a one.

Input bit 1 XOR Input bit 1 = output bit 0. Input bit 1 XOR Input bit 0 = output bit 1.
Input bit 0 XOR Input bit 0 = output bit 0. Input bit 0 XOR Input bit 1 = output bit 1.

The following is an example of the Diffie-Helman algorithm with really small numbers, which are too small to be practical but illustrate the concept of how this works. In this example, a health-care consultant in England is working with a health-care scientist in the U.S.

American Health Care Scientist

P= a prime number > 2 so I chose 7 ----------- P=7.
G= an integer < P-1 so I choose 10-------------G=10
American Scientist Secret Key X = 5 --------- X=5
American Public Key (APK) = 10^5 MOD 7 = APK= 5

English Health Care Scientist

English Scientist Secret Key = 8
English Public Key (EPK) = 10^8 MOD 7 = 2

Cryptology

Shared secret z = English public key ^ American Secret Key mod (P=7) z = 2^5 mod 7 = 4

Shared secret z = American public key ^ English Secret Key mod (P=7) z = 5^8 mod 7 = 4

The shared secret is also known as a session key and this is equal to 4.

To do this in Windows, go to Start, Programs, Accessories, Calculator, and use the Scientific View (see Figure 10.1). There is a Mod key as well as x to the y power.

Figure 10.1. The Scientific Calculator and Mod Function

Assignment

Go to networkworld.com and click through the various articles and forums to learn more about starting a career in network security. Do a Google search to find other similar sites.