Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Slides:



Advertisements
Similar presentations
Inter WISP WLAN roaming
Advertisements

Authentication.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Module 5: Configuring Access for Remote Clients and Networks.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Security+ Guide to Network Security Fundamentals, Third Edition
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Remote Access Network Management Kelly Given Allison Traina.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
802.1x EAP Authentication Protocols
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
.  Define authentication  Authentication credentials  Authentication models  Authentication servers  Extended authentication protocols  Virtual.
Remote Networking Architectures
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
MCTS GUIDE TO MICROSOFT WINDOWS 7 Chapter 14 Remote Access.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 9 Network Policy and Access Services in Windows Server 2008.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
Chapter 20: Getting from the Office to the Road: VPNs BAI617.
Mobile and Wireless Communication Security By Jason Gratto.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
WIRELESS LAN SECURITY Using
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Chapter 13 – Network Security
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
70-411: Administering Windows Server 2012
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Module 11: Remote Access Fundamentals
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Hands-On Microsoft Windows Server Introduction to Remote Access Routing and Remote Access Services (RRAS) –Enable routing and remote access through.
Shambhu Upadhyaya Security –Upper Layer Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 10)
Cisco’s Secure Access Control Server (ACS)
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Module 8: Designing Security for Authentication. Overview Creating a Security Plan for Authentication Creating a Design for Security of Authentication.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.
Authentication Protocols Natalie DeKoker, Lindsay Haley, Jordan Lunda, Matty Ott.
Information Systems Design and Development Security Precautions Computing Science.
1 Example security systems n Kerberos n Secure shell.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
Understand User Authentication LESSON 2.1A Security Fundamentals.
Module 9: Configuring Network Access
Microsoft Windows NT 4.0 Authentication Protocols
Module Overview Installing and Configuring a Network Policy Server
Configuring and Troubleshooting Routing and Remote Access
Radius, LDAP, Radius used in Authenticating Users
Topic 12: Virtual Private Networks
Presentation transcript:

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Security+ Guide to Network Security Fundamentals, Third Edition Objectives Define authentication Describe the different types of authentication credentials List and explain the authentication models 2

Security+ Guide to Network Security Fundamentals, Third Edition Objectives (continued) Define authentication servers Describe the different extended authentication protocols Explain how a virtual private network functions 3

Security+ Guide to Network Security Fundamentals, Third Edition Definition of Authentication Authentication can be defined in ________ contexts  The first is viewing authentication as it _________ ________________________  The second is to look at it as one of the ________ ____________ of security —___________, ______________, and __________________ 4

Security+ Guide to Network Security Fundamentals, Third Edition Authentication and Access Control Terminology (Review…) Access control is the process by which resources or services are granted or denied Identification  The presentation of credentials or identification ________________________  The ____________________________ to ensure that they are __________________ and not fabricated Authorization  Granting permission for admittance Access is the right to use specific resources 5

Security+ Guide to Network Security Fundamentals, Third Edition Authentication, Authorization, and Accounting (_____________) Authentication in AAA provides _________ ________________________________  Typically by having them enter a valid ___________ before granting access Authorization is the process that determines whether the _____________________ to carry out certain tasks  Often defined as the process of ______________ Accounting measures the ______________ _______________ during each network session 6

Security+ Guide to Network Security Fundamentals, Third Edition Authentication, Authorization, and Accounting (AAA) (continued) The information can then be used in different ways:  To find evidence of problems  For billing  For capacity planning activities AAA servers  ______________ to performing ______________ 7

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Credentials Types of authentication, or authentication credentials  Passwords  One-time passwords  Standard biometrics  Behavioral biometrics  Cognitive biometrics More to come on these… 8

Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords _____________ passwords are typically ________ in nature One-time passwords (_____________)  ______________ passwords that change frequently  Systems using OTPs generate a _______________ on demand that is __________________ The most common type is a ___________________ OTP  Used in _____________ with a _______________ The token and a corresponding authentication server ____________________________________  Each algorithm is different for each user’s token 9

Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords (continued) 10

Security+ Guide to Network Security Fundamentals, Third Edition11

Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords (continued) There are several variations of OTP systems _____________________OTPs  Authentication server displays a challenge (a __________________) to the user  User then __________________________ into the token Which then executes a special algorithm to __________ a _____________________________ Because the ____________________ has this same algorithm, it can also generate the password and __________________________________________ 12

Security+ Guide to Network Security Fundamentals, Third Edition Standard Biometrics ______________________________  Uses a ______________________________ for authentication (what he is)  Examples: ___________________________, irises, retinas Types of fingerprint scanners  ________________ fingerprint scanner  _______________ fingerprint scanner Disadvantages  __________ hardware scanning devices must be installed  Readers are ______________________________ 13

Security+ Guide to Network Security Fundamentals, Third Edition _________________ Biometrics Authenticates by ____________________ that the user __________________ Keystroke dynamics  Attempt to ____________________________  Keystroke dynamics uses two unique typing variables  User must authenticate by typing ______________ __________________________ Those along with _____________ (used when typing username and password) are sent to authentication server If _______________ do not match stored sample, user is ___________________________ 14

Security+ Guide to Network Security Fundamentals, Third Edition Behavioral Biometrics (continued) Voice recognition  Used to authenticate users based on the unique _______________________________  Highly unlikely issue but still a concern Attacker able to __________________ and then create a recording to use for authentication Computer footprint  __________________________ a user ______________ accesses a system 15

Security+ Guide to Network Security Fundamentals, Third Edition Cognitive Biometrics _________________ biometrics  Related to the ________________________, and ____________________ of the user  Considered to be much ___________________ to remember because it is based on the user’s life experiences One example of cognitive biometrics is based on a life experience that the user remembers Another example of cognitive biometrics requires the user to identify specific faces 16

Authentication Models Authentication credentials can be ___________ to provide _______________ Single and multi-factor authentication  One-factor authentication Using only _______________________  _________________authentication _________________, particularly if different types of authentication methods are used  Three-factor authentication Requires that a user present ___________________ of authentication credentials Security+ Guide to Network Security Fundamentals17

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) ___________________________  Identity management Using a single authenticated ID to be ___________ ____________________________  Federated identity management (_________) When those networks are owned by ________________________________________ One application of FIM is single sign-on (SSO) 18

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) Windows _____________________  Originally introduced in 1999 as.NET Passport  Requires a user to create a standard username and password  Originally designed as an ________________ ___________ and as a ____________________  When the user wants to log into a Web site that supports Windows Live ID  Once authenticated, the user is given an encrypted time-limited “global” cookie 19

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) Windows _______________________  Feature of Windows that is ________________ ______________________ while helping them to manage privacy Allows users to _______________________________  Types of cards Managed cards Personal cards 20

Security+ Guide to Network Security Fundamentals, Third Edition21 Authentication Models (continued)

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) ________________________  A decentralized __________________________ that does _______________________ to be installed on the desktop  A uniform resource locator ________________________ An OpenID identity is only a URL backed up by a __________________________________ OpenID provides a means to prove that the user owns that specific URL Weakness- depends on being ________________ _________________ for authentication  Depends on ____________ which has it own weaknesses 22

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Servers Authentication can be provided on a network by a _________ AAA or authentication server The most common type of authentication and AAA servers are  _______________________________ and generic servers built on the Lightweight Directory Access Protocol (_____________) More to come on all of these… 23

Security+ Guide to Network Security Fundamentals, Third Edition RADIUS RADIUS (Remote Authentication Dial in User Service)  Developed in 1992  Quickly became the _____________________ with widespread support  Suitable for what are called “________________ control applications” With the development of IEEE 802.1x port security for both wired and wireless LANs  RADIUS has recently seen even _____________ 24

Security+ Guide to Network Security Fundamentals, Third Edition RADIUS (continued) A RADIUS _____________ is typically a device such as a __________________ or wireless access point (___________)  This device is responsible for __________________ and connection parameters in the form of a RADIUS message __________________________________ The RADIUS _____________________________ the RADIUS client request  Sends back a RADIUS message response RADIUS clients also send RADIUS ___________ __________________ to RADIUS servers 25

Security+ Guide to Network Security Fundamentals, Third Edition26

Security+ Guide to Network Security Fundamentals, Third Edition Kerberos ______________________  An _________________ developed by the Massachusetts Institute of Technology (MIT)  Used to ________________________________ Uses ___________ and ________________ for security Kerberos process  User is provided a _________ that is issued by the Kerberos authentication server  The ____ _________________ to the network for a service  The ________________________ to verify the identity of the user If all checks out, user is authenticated 27

Security+ Guide to Network Security Fundamentals, Third Edition Terminal Access Control Access Control System (TACACS+) Terminal Access Control Access Control System ____________________  An industry standard protocol specification that ___________________________________ to a ________________________ The centralized server can be a TACACS+ database Designed to support ______________ of remote connections 28

Security+ Guide to Network Security Fundamentals, Third Edition Lightweight Directory Access Protocol (______________) ___________________ - A database stored on the network itself that contains _________ ___________________________________ _______________  A ____________ for directory services created by __________________ Outlining uniformity on ________________________ Capability to look up information by ___________ (White-pages service) Browse and search for information by ______________ (Yellow-pages service) 29

Security+ Guide to Network Security Fundamentals, Third Edition X.500 (continued) and DAP The information is held in a directory information base (DIB) Entries in the DIB are arranged in a tree structure called the __________________ ______________ (DIT) X.500 _______ Directory Access Protocol (DAP)  ___________ for a client application to ________ an X.500 directory  DAP is too large to run on a personal computer 30

Security+ Guide to Network Security Fundamentals, Third Edition LDAP (continued) Lightweight Directory Access Protocol (_______________)  Sometimes called ________________  A _________________________ Primary differences  _________ was designed to _______________  LDAP has _________________  LDAP encodes its protocol elements in a _____ ___________ than X.500 LDAP is an ____________ protocol 31

Security+ Guide to Network Security Fundamentals, Third Edition Extended Authentication Protocols (EAP) Extensible Authentication Protocol (____)  _____________ protocol of IEEE 802.1x that governs the __________________________, _______________, and _________________  An “envelope” that can carry many ____________ of _______________ used for authentication The EAP protocols can be divided into _____ categories:  ________________ protocols, ___________ protocols, and _______________ protocols 32

Security+ Guide to Network Security Fundamentals, Third Edition33

Security+ Guide to Network Security Fundamentals, Third Edition Authentication Legacy Protocols _____________________ for authentication Three authentication legacy protocols include:  Password Authentication Protocol (PAP)  Challenge-Handshake Authentication Protocol (CHAP)  Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) 34

Security+ Guide to Network Security Fundamentals, Third Edition EAP Weak Protocols ____________________________________ EAP weak protocols include:  Extended Authentication Protocol–MD5 (EAP- MD5)  Lightweight EAP (LEAP) 35

Security+ Guide to Network Security Fundamentals, Third Edition EAP Strong Protocols EAP strong protocols acceptable for use in WLANs as well include:  EAP with _______________________ (EAP-TLS) Generally found in large Windows-based organizations  EAP with Tunneled TLS (EAP-TTLS) and Protected EAP (PEAP) Creates ___________________________ between client and authentication server 36

Security+ Guide to Network Security Fundamentals, Third Edition Remote Authentication and Security Important to _______________________ for _______________ communications  Transmissions are routed through networks or devices that the organization does not manage and secure _____________ remote authentication and security usually includes:  __________________ services  Installing a _______________________  Maintaining a consistent remote access ________ 37

Security+ Guide to Network Security Fundamentals, Third Edition Remote Access Services (RAS) Remote Access Services (__________)  Any __________________________ that enables ______________________________________  Provides remote users with the _________ access and functionality as local users 38

Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (VPNs) Virtual private network (__________)  One of the most common types of RAS  Uses an _________________, such as the Internet, as if it were a __________________  ______________ all data that is transmitted between the remote device and the network ___________ common types of VPNs  __________________ aka virtual private dial-up network (VPDN)  __________________ 39

Security+ Guide to Network Security Fundamentals, Third Edition40

Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) VPN transmissions are achieved through ____________________________ _________________  _________________ between VPN devices VPN ______________ _____________________  Aggregates hundreds or thousands of multiple connections Depending upon the type of endpoint that is being used, __________________________ on the devices that are connecting to the VPN 41

Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) VPNs can be_________-based or ________-based ________________ VPNs offer the ____________ in how network traffic is managed  Preferred in instances where _____________________ ________________________________________ _________________ VPNs generally ___________ _________________ regardless of the protocol Generally, __________ based VPNs ___________ ___________________ as a hardware-based VPN and are not as easy to manage  __________________ VPNs generally tunnel all traffic they handle regardless of the protocol ________________________________ 42

Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) _____________ of VPN technology:  _____________ no more need for leased connections  ________________  Full ______________ encrypted transmission  ______________ compresses data  _________________ invisible to end user  __________________  Industry wide __________________ 43

Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) _______________ to VPN technology:  _______________ in depth understanding of security issues needed  ________________________  __________________  Additional protocols  _____________________  ____________________ 44

Security+ Guide to Network Security Fundamentals, Third Edition Remote Access Policies Establishing ___________ _______________ is ______________________  Potential security risk possible Some recommendations for remote access policies:  Remote access policies should be ____________ for all users  Remote access should be the ______________ _____________________  Form a working group and create a __________ ______________ will agree to 45

Security+ Guide to Network Security Fundamentals, Third Edition Summary Access control is the process by which resources or services are denied or granted There are three types of authentication methods Authentication credentials can be combined to provide extended security Authentication can be provided on a network by a dedicated AAA or authentication server 46

Security+ Guide to Network Security Fundamentals, Third Edition Summary (continued) The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the Extensible Authentication Protocol (EAP) Organizations need to provide avenues for remote users to access corporate resources as if they were sitting at a desk in the office 47

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.