whats a good protocol to study?

[lockmac]

Hi guys. I have to do an assignment for my subject "network standards and specifications". I am just wanting some input before I start it. Some of the protocols that i can choose are below, but i can choose some that arent listed- basically i want some help in choosing the protocol. I need one that has plenty of information out their to talk about, such as vulnerabilities, and perhaps any input on ways that i can show these vulnerabilities in action. Any input appreciated. Thanks guys

IEEE 802.11g
BlueTooth
WiMax
SCTP
SIP
H.323
IS-IS
OSPF
EIGRP
WPA
WEP
802.1x
RADIUS
TACACS+
Kerberos

 

[spidey07]

What is the context of the assignment? I see a lot of security in there. Most all of those are my specialty so let us know a little detail and we can point you in the right direction.

Are you looking for vulnerabilities or are you looking for tons of information on the protocol? RFCs are going to be your best resource and citing/reading them is THE source for reference. If you want an easy target security wise, choose WEP...tons of info. But IMHO, that's the easy way out.

If you want even easier, choose HTTP.

 

[lockmac]

Well the context- yeh i spose security is what we are really looking for. We had to do a preliminary report before this assignment and I chose WEP, so i think thats the one i will choose for the main report.

I would also be able to demonstrate WEP cracking fairly easily as well hey? I cant remember the name, but I was reading about a program that cracks WEP, and perhaps this can be my demonstration on how the technology is seriously flawed. I dont know how I could show the Man-in-middle attack with this.

Im not going for ease of protocol here, as I also want to learn something as I go and actually be stimulated, and wireless security is something that I am interested in, so I think i might choose WEP......

 

[spidey07]

Well WEP is too easy and the context of the class probably doesn't require you to understand the math behind why it is so vulnerable nor will you be able to present or speak on that.

I personally will recommend you do HTTP, it will enforce an understanding of the OSI model and the application layer. Radius would be a good one as well, along with Kerberos. RFCs are your friend. I will tell you something about wireless security - WEP is dead, if you want to do wireless security look into 802.11i.

 

[Goosemaster]

I've been reading the TLS RFC lately...kind of neat I guess.

 

[RadiclDreamer]

TKIP
CKIP
PEAP
LEAP

Dont forget those, they may pique your interest also.

 

[Tarrant64]

OSPF is interesting, however not much to explain on that one as its pretty simple.

There's a bit that can talked about when it comes to RADIUS. (how, why, benefits, and drawbacks). The purpose of a RAID server, how it works with a NAS server. You can go into how it serves as authentication/authorization/ and even auditing. I'd go for this one as it's pretty easy too. Another protocol similar to this is TACACS+.

I've been through a few protocols lately (finishing up last exam for Network Security today).

 

[jlazzaro]

Originally posted by: Tarrant64
OSPF is interesting, however not much to explain on that one as its pretty simple.

was that a joke or are u that ignorant?

 

[Tarrant64]

Originally posted by: jlazzaro

Originally posted by: Tarrant64
OSPF is interesting, that one as its pretty simple.

was that a joke or are u that ignorant?

Let me rephrase that for you then. There is plenty to talk about on OSPF, but it can be summed up pretty well.

 

[mcmilljb]

Originally posted by: spidey07
What is the context of the assignment? I see a lot of security in there. Most all of those are my specialty so let us know a little detail and we can point you in the right direction.

Are you looking for vulnerabilities or are you looking for tons of information on the protocol? RFCs are going to be your best resource and citing/reading them is THE source for reference. If you want an easy target security wise, choose WEP...tons of info. But IMHO, that's the easy way out.

If you want even easier, choose HTTP.

:thumbsup:
I vote for HTTP with maybe a touch of SSL.

 

[spidey07]

SSL/HTTPS would be REALLY good because it would tie in with security. You could go over the protocol and how to break it and do man in the middle.

 

[m1ldslide1]

Originally posted by: Tarrant64

Originally posted by: jlazzaro

Originally posted by: Tarrant64
OSPF is interesting, that one as its pretty simple.

was that a joke or are u that ignorant?

Let me rephrase that for you then. There is plenty to talk about on OSPF, but it can be summed up pretty well.

Not to rub it in, but it can only be summed up pretty well if you're talking about what the acronym stands for. Designing and configuring it for even a medium-sized enterprise will typically require years of network engineering experience.

Discussing routing protocols in this setting doesn't seem very feasible, given the amount of prerequisite knowledge necessary to have a discussion, and also the equipment and configuration experience necessary for a demonstration.

I concur with others that WEP sounds like a gimme for this assignment. You could do the demonstration with a laptop and a $10 wireless router.

 

[Nuwave]

Whatever you decide to do would you share it with us?

 

[mcmilljb]

Originally posted by: m1ldslide1

Originally posted by: Tarrant64

Originally posted by: jlazzaro

Originally posted by: Tarrant64
OSPF is interesting, that one as its pretty simple.

was that a joke or are u that ignorant?

Let me rephrase that for you then. There is plenty to talk about on OSPF, but it can be summed up pretty well.

Not to rub it in, but it can only be summed up pretty well if you're talking about what the acronym stands for. Designing and configuring it for even a medium-sized enterprise will typically require years of network engineering experience.

Discussing routing protocols in this setting doesn't seem very feasible, given the amount of prerequisite knowledge necessary to have a discussion, and also the equipment and configuration experience necessary for a demonstration.

I concur with others that WEP sounds like a gimme for this assignment. You could do the demonstration with a laptop and a $10 wireless router.

I think it depends on the setting of the presentation plus the actual report the teacher gets. He could easily do a comparison of distance vector and link state routing protocols with RIP(or EIGRP) and OSPF as examples. This probably is not a graduate level course, so he probably doesn't have to go too in depth. These students should be able to get the basics of OSPF.

 

[Tarrant64]

Originally posted by: mcmilljb

Originally posted by: m1ldslide1

Originally posted by: Tarrant64

Originally posted by: jlazzaro

Originally posted by: Tarrant64
OSPF is interesting, that one as its pretty simple.

was that a joke or are u that ignorant?

Let me rephrase that for you then. There is plenty to talk about on OSPF, but it can be summed up pretty well.

Not to rub it in, but it can only be summed up pretty well if you're talking about what the acronym stands for. Designing and configuring it for even a medium-sized enterprise will typically require years of network engineering experience.

Discussing routing protocols in this setting doesn't seem very feasible, given the amount of prerequisite knowledge necessary to have a discussion, and also the equipment and configuration experience necessary for a demonstration.

I concur with others that WEP sounds like a gimme for this assignment. You could do the demonstration with a laptop and a $10 wireless router.

I think it depends on the setting of the presentation plus the actual report the teacher gets. He could easily do a comparison of distance vector and link state routing protocols with RIP(or EIGRP) and OSPF as examples. This probably is not a graduate level course, so he probably doesn't have to go too in depth. These students should be able to get the basics of OSPF.

That was my perspective, thank you.

 

[spidey07]

Originally posted by: Tarrant64
That was my perspective, thank you.

Yeah, but presenting a protocol from the protocol's perspective is too much to ask of routing protocols other than RIP. There's the whole algorithm and state machines that really should be discussed as well as implications to make it proper to study. There are entire 300 page books written on OSPF alone that don't cover it all.

Routing TCP/IP vol 1 and 2 would be a "start".

 

[lockmac]

Thanks for the posts guys. I am doing WEP, because i wrote a paper earlier this semester on WEP and apparently am meant to write my second paper on the same protocol (the first assignment was apparently a "pre" assignment to this one).

Anyways i have done a fair bit of study on WEP. I have even learnt how to crack it with Back Track (dont worry, only my own network).

Anyways, im still learning RFC's at uni (well i missed that week) so im not too sure on them. Is their an RFC for WEP? Or is it just under teh standard of 802.11??

I had a look and couldnt find an actualy RFC for just "WEP". Anyone able to help me out here?

Many thanks