Page 861 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 861
Network and Protocol Security Mechanisms
Transmission Control Protocol/Internet Protocol (TCP/IP) is the
primary protocol suite used on most networks and on the internet. It is
a robust protocol suite, but it has numerous security deficiencies. In an
effort to improve the security of TCP/IP, many subprotocols,
mechanisms, or applications have been developed to protect the
confidentiality, integrity, and availability of transmitted data. It is
important to remember that even with the foundational protocol suite
of TCP/IP, there are literally hundreds, if not thousands, of individual
protocols, mechanisms, and applications in use across the internet.
Some of them are designed to provide security services. Some protect
integrity, others protect confidentiality, and others provide
authentication and access control. In the next sections, we’ll discuss
some of the more common network and protocol security
mechanisms.
Secure Communications Protocols
Protocols that provide security services for application-specific
communication channels are called secure communication protocols.
The following list includes a small sampling of some of the options
available:
IPsec Internet Protocol security (IPsec) uses public key cryptography
to provide encryption, access control, nonrepudiation, and message
authentication, all using IP-based protocols. The primary use of IPsec
is for virtual private networks (VPNs), so IPsec can operate in either
transport or tunnel mode. IPsec is discussed further in Chapter 7, “PKI
and Cryptographic Applications.”
Kerberos Kerberos offers a single sign-on solution for users and
provides protection for logon credentials. Modern implementations of
Kerberos use hybrid encryption to provide reliable authentication
protection. Kerberos is discussed further in Chapter 13, “Cryptography
and Symmetric Key Algorithms.”
SSH Secure Shell (SSH) is a good example of an end-to-end
