View
41
Download
0
Category
Tags:
Preview:
DESCRIPTION
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 8 Authentication. Objectives. Define authentication Describe the different types of authentication credentials List and explain the authentication models. Objectives ( continued ). Define authentication servers - PowerPoint PPT Presentation
Citation preview
Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 8Authentication
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives
Define authentication Describe the different types of authentication
credentials List and explain the authentication models
2
Security+ Guide to Network Security Fundamentals, Third Edition
Objectives (continued)
Define authentication servers Describe the different extended authentication
protocols Explain how a virtual private network
functions
3
Security+ Guide to Network Security Fundamentals, Third Edition
Definition of Authentication
Authentication can be defined in ________ contexts The first is viewing authentication as it _________
________________________ The second is to look at it as one of the ________
____________ of security —___________, ______________, and __________________
4
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication and Access Control Terminology (Review…) Access control is the process by which resources or
services are granted or denied Identification
The presentation of credentials or identification ________________________
The ____________________________ to ensure that they are __________________ and not fabricated
Authorization Granting permission for admittance
Access is the right to use specific resources
5
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication, Authorization, and Accounting (_____________) Authentication in AAA provides _________
________________________________ Typically by having them enter a valid ___________ before
granting access Authorization is the process that determines
whether the _____________________ to carry out certain tasks Often defined as the process of ______________
Accounting measures the ______________ _______________ during each network session
6
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication, Authorization, and Accounting (AAA) (continued) The information can then be used in different
ways: To find evidence of problems For billing For capacity planning activities
AAA servers ______________ to performing ______________
7
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Credentials
Types of authentication, or authentication credentials Passwords One-time passwords Standard biometrics Behavioral biometrics Cognitive biometrics
More to come on these…
8
Security+ Guide to Network Security Fundamentals, Third Edition
One-Time Passwords _____________ passwords are typically ________
in nature One-time passwords (_____________)
______________ passwords that change frequently Systems using OTPs generate a _______________ on
demand that is __________________ The most common type is a ___________________
OTP Used in _____________ with a _______________
The token and a corresponding authentication server ____________________________________ Each algorithm is different for each user’s token
9
Security+ Guide to Network Security Fundamentals, Third Edition
One-Time Passwords (continued)
10
Security+ Guide to Network Security Fundamentals, Third Edition 11
Security+ Guide to Network Security Fundamentals, Third Edition
One-Time Passwords (continued) There are several variations of OTP systems _____________________OTPs
Authentication server displays a challenge (a __________________) to the user
User then __________________________ into the token Which then executes a special algorithm to __________
a _____________________________ Because the ____________________ has this same
algorithm, it can also generate the password and __________________________________________
12
Security+ Guide to Network Security Fundamentals, Third Edition
Standard Biometrics
______________________________ Uses a ______________________________ for
authentication (what he is) Examples: ___________________________, irises, retinas
Types of fingerprint scanners ________________ fingerprint scanner _______________ fingerprint scanner
Disadvantages __________ hardware scanning devices must be installed Readers are ______________________________
13
Security+ Guide to Network Security Fundamentals, Third Edition
_________________ Biometrics Authenticates by ____________________ that
the user __________________ Keystroke dynamics
Attempt to ____________________________ Keystroke dynamics uses two unique typing
variables User must authenticate by typing ______________
__________________________ Those along with _____________ (used when typing
username and password) are sent to authentication server If _______________ do not match stored sample, user is
___________________________
14
Security+ Guide to Network Security Fundamentals, Third Edition
Behavioral Biometrics (continued) Voice recognition
Used to authenticate users based on the unique _______________________________
Highly unlikely issue but still a concern Attacker able to __________________ and then create
a recording to use for authentication
Computer footprint __________________________ a user
______________ accesses a system
15
Security+ Guide to Network Security Fundamentals, Third Edition
Cognitive Biometrics _________________ biometrics
Related to the ________________________, and ____________________ of the user
Considered to be much ___________________ to remember because it is based on the user’s life experiences
One example of cognitive biometrics is based on a life experience that the user remembers
Another example of cognitive biometrics requires the user to identify specific faces
16
Authentication Models Authentication credentials can be
___________ to provide _______________ Single and multi-factor authentication
One-factor authentication Using only _______________________
_________________authentication _________________, particularly if different types of
authentication methods are used Three-factor authentication
Requires that a user present ___________________ of authentication credentials
Security+ Guide to Network Security Fundamentals 17
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Models (continued) ___________________________
Identity management Using a single authenticated ID to be ___________
____________________________ Federated identity management (_________)
When those networks are owned by ________________________________________
One application of FIM is single sign-on (SSO)
18
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Models (continued) Windows _____________________
Originally introduced in 1999 as .NET Passport Requires a user to create a standard username
and password Originally designed as an ________________
___________ and as a ____________________ When the user wants to log into a Web site that
supports Windows Live ID Once authenticated, the user is given an
encrypted time-limited “global” cookie
19
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Models (continued) Windows _______________________
Feature of Windows that is ________________ ______________________ while helping them to manage privacy Allows users to _______________________________
Types of cards Managed cards Personal cards
20
Security+ Guide to Network Security Fundamentals, Third Edition 21
Authentication Models (continued)
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Models (continued) ________________________
A decentralized __________________________ that does _______________________ to be installed on the desktop
A uniform resource locator ________________________ An OpenID identity is only a URL backed up by a
__________________________________ OpenID provides a means to prove that the user
owns that specific URL Weakness- depends on being ________________
_________________ for authentication Depends on ____________ which has it own weaknesses
22
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Servers Authentication can be provided on a network
by a _________ AAA or authentication server The most common type of authentication and
AAA servers are _______________________________ and
generic servers built on the Lightweight Directory Access Protocol (_____________)
More to come on all of these…
23
Security+ Guide to Network Security Fundamentals, Third Edition
RADIUS RADIUS (Remote Authentication Dial in
User Service) Developed in 1992 Quickly became the _____________________
with widespread support Suitable for what are called “________________
control applications” With the development of IEEE 802.1x port
security for both wired and wireless LANs RADIUS has recently seen even _____________
24
Security+ Guide to Network Security Fundamentals, Third Edition
RADIUS (continued) A RADIUS _____________ is typically a device
such as a __________________ or wireless access point (___________) This device is responsible for __________________ and
connection parameters in the form of a RADIUS message __________________________________
The RADIUS _____________________________ the RADIUS client request Sends back a RADIUS message response
RADIUS clients also send RADIUS ___________ __________________ to RADIUS servers
25
Security+ Guide to Network Security Fundamentals, Third Edition 26
Security+ Guide to Network Security Fundamentals, Third Edition
Kerberos ______________________
An _________________ developed by the Massachusetts Institute of Technology (MIT)
Used to ________________________________ Uses ___________ and ________________ for security
Kerberos process User is provided a _________ that is issued by the
Kerberos authentication server The ____ _________________ to the network for a service The ________________________ to verify the identity of
the user If all checks out, user is authenticated
27
Security+ Guide to Network Security Fundamentals, Third Edition
Terminal Access Control Access Control System (TACACS+) Terminal Access Control Access Control
System ____________________ An industry standard protocol specification that
___________________________________ to a ________________________
The centralized server can be a TACACS+ database
Designed to support ______________ of remote connections
28
Security+ Guide to Network Security Fundamentals, Third Edition
Lightweight Directory Access Protocol (______________) ___________________ - A database stored
on the network itself that contains _________ ___________________________________
_______________ A ____________ for directory services created by
__________________ Outlining uniformity on ________________________ Capability to look up information by ___________
(White-pages service) Browse and search for information by ______________
(Yellow-pages service)
29
Security+ Guide to Network Security Fundamentals, Third Edition
X.500 (continued) and DAP
The information is held in a directory information base (DIB)
Entries in the DIB are arranged in a tree structure called the __________________ ______________ (DIT)
X.500 _______ Directory Access Protocol (DAP) ___________ for a client application to ________
an X.500 directory DAP is too large to run on a personal computer
30
Security+ Guide to Network Security Fundamentals, Third Edition
LDAP (continued) Lightweight Directory Access Protocol
(_______________) Sometimes called ________________ A _________________________
Primary differences _________ was designed to _______________ LDAP has _________________ LDAP encodes its protocol elements in a _____
___________ than X.500 LDAP is an ____________ protocol
31
Security+ Guide to Network Security Fundamentals, Third Edition
Extended Authentication Protocols (EAP) Extensible Authentication Protocol (____)
_____________ protocol of IEEE 802.1x that governs the __________________________, _______________, and _________________
An “envelope” that can carry many ____________ of _______________ used for authentication
The EAP protocols can be divided into _____ categories: ________________ protocols, ___________
protocols, and _______________ protocols
32
Security+ Guide to Network Security Fundamentals, Third Edition 33
Security+ Guide to Network Security Fundamentals, Third Edition
Authentication Legacy Protocols _____________________ for authentication Three authentication legacy protocols
include: Password Authentication Protocol (PAP) Challenge-Handshake Authentication Protocol
(CHAP) Microsoft Challenge-Handshake Authentication
Protocol (MS-CHAP)
34
Security+ Guide to Network Security Fundamentals, Third Edition
EAP Weak Protocols
____________________________________ EAP weak protocols include:
Extended Authentication Protocol–MD5 (EAP-MD5)
Lightweight EAP (LEAP)
35
Security+ Guide to Network Security Fundamentals, Third Edition
EAP Strong Protocols
EAP strong protocols acceptable for use in WLANs as well include: EAP with _______________________ (EAP-TLS)
Generally found in large Windows-based organizations EAP with Tunneled TLS (EAP-TTLS) and
Protected EAP (PEAP) Creates ___________________________ between
client and authentication server
36
Security+ Guide to Network Security Fundamentals, Third Edition
Remote Authentication and Security Important to _______________________ for
_______________ communications Transmissions are routed through networks or
devices that the organization does not manage and secure
_____________ remote authentication and security usually includes: __________________ services Installing a _______________________ Maintaining a consistent remote access ________
37
Security+ Guide to Network Security Fundamentals, Third Edition
Remote Access Services (RAS) Remote Access Services (__________)
Any __________________________ that enables ______________________________________
Provides remote users with the _________ access and functionality as local users
38
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual Private Networks (VPNs) Virtual private network (__________)
One of the most common types of RAS Uses an _________________, such as the
Internet, as if it were a __________________ ______________ all data that is transmitted
between the remote device and the network ___________ common types of VPNs
__________________ aka virtual private dial-up network (VPDN)
__________________
39
Security+ Guide to Network Security Fundamentals, Third Edition 40
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual Private Networks (continued) VPN transmissions are achieved through
____________________________ _________________
_________________ between VPN devices VPN ______________ _____________________
Aggregates hundreds or thousands of multiple connections Depending upon the type of endpoint that is being
used, __________________________ on the devices that are connecting to the VPN
41
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual Private Networks (continued) VPNs can be_________-based or ________-based ________________ VPNs offer the ____________
in how network traffic is managed Preferred in instances where _____________________
________________________________________ _________________ VPNs generally ___________
_________________ regardless of the protocol Generally, __________ based VPNs ___________
___________________ as a hardware-based VPN and are not as easy to manage __________________ VPNs generally tunnel all traffic
they handle regardless of the protocol ________________________________
42
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual Private Networks (continued)
_____________ of VPN technology: _____________ no more need for leased
connections ________________ Full ______________ encrypted transmission ______________ compresses data _________________ invisible to end user __________________ Industry wide __________________
43
Security+ Guide to Network Security Fundamentals, Third Edition
Virtual Private Networks (continued)
_______________ to VPN technology: _______________ in depth understanding of
security issues needed ________________________ __________________ Additional protocols _____________________ ____________________
44
Security+ Guide to Network Security Fundamentals, Third Edition
Remote Access Policies Establishing ___________ _______________
is ______________________ Potential security risk possible
Some recommendations for remote access policies: Remote access policies should be ____________
for all users Remote access should be the ______________
_____________________ Form a working group and create a __________
______________ will agree to
45
Security+ Guide to Network Security Fundamentals, Third Edition
Summary
Access control is the process by which resources or services are denied or granted
There are three types of authentication methods
Authentication credentials can be combined to provide extended security
Authentication can be provided on a network by a dedicated AAA or authentication server
46
Security+ Guide to Network Security Fundamentals, Third Edition
Summary (continued)
The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the Extensible Authentication Protocol (EAP)
Organizations need to provide avenues for remote users to access corporate resources as if they were sitting at a desk in the office
47
Recommended