In this lab, we are taught on how to
• Identify the vulnerabilities of FTP.
• Using Wireshark to capture FTP username and password.
• Explain what is IPSec.
• Enabling IPSec for securing FTP session
Short for IP Security, a set of protocols developed by the IETF to support secure exchange of packets at the IPlayer. IPsec has been deployed widely to implement Virtual Private Networks (VPNs).
IPsec protocol suites contain various protocols for performing functions:
• Internet key exchange (IKE and IKEv2)
• Authentication Header (AH)
• Encapsulating Security Payload (ESP)
We are also demo’ed on how to capture FTP username and password using Wireshark. In this demonstration we need 2 Windows 2003 VMs with one of them installing Wireshark and FTP, as well as an administrator account. One VM will act as a server and one acting as client.
To learn more on how to sniff passwords on FTP using Wireshark, please visit
http://www.securitytube.net/Password-Sniffing-with-Wireshark-(Laura-Chappell)-video.aspx
To ensure security in FTP transactions, IPsec is used. IPSec will encrypt the data sent using normal FTP connection, thus only the authorized party can see the content. There are actually a lot of ways of using IPsec. One of it is using a built-in IPsec setting in Windows 2003. Basically authentication methods and security policies can be set. Besides that, a secure server can also be set.
For more information on how to implement IPsec in Windows 2003, please visit
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
0 comments:
Post a Comment