1 / 47

Security+ Guide to Network Security Fundamentals, Third Edition

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 8 Authentication. Objectives. Define authentication Describe the different types of authentication credentials List and explain the authentication models. Objectives ( continued ). Define authentication servers

Download Presentation

Security+ Guide to Network Security Fundamentals, Third Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

  2. Objectives Define authentication Describe the different types of authentication credentials List and explain the authentication models Security+ Guide to Network Security Fundamentals, Third Edition

  3. Objectives (continued) Define authentication servers Describe the different extended authentication protocols Explain how a virtual private network functions Security+ Guide to Network Security Fundamentals, Third Edition

  4. Definition of Authentication Authentication can be defined in ________ contexts The first is viewing authentication as it _________ ________________________ The second is to look at it as one of the ________ ____________ ofsecurity —___________, ______________, and __________________ Security+ Guide to Network Security Fundamentals, Third Edition

  5. Authentication and Access Control Terminology (Review…) Access control is the process by which resources or services are granted or denied Identification The presentation of credentials or identification ________________________ The ____________________________ to ensure that they are __________________ and not fabricated Authorization Granting permission for admittance Access is the right to use specific resources Security+ Guide to Network Security Fundamentals, Third Edition

  6. Authentication, Authorization, and Accounting (_____________) Authentication in AAA provides _________ ________________________________ Typically by having them enter a valid___________before granting access Authorization is the process that determines whether the _____________________ to carry out certain tasks Often defined as the process of______________ Accounting measures the ______________ _______________ during each network session Security+ Guide to Network Security Fundamentals, Third Edition

  7. Authentication, Authorization, andAccounting(AAA) (continued) The information can then be used in different ways: To find evidence of problems For billing For capacity planning activities AAA servers ______________ to performing ______________ Security+ Guide to Network Security Fundamentals, Third Edition

  8. Authentication Credentials Types of authentication, or authentication credentials Passwords One-time passwords Standard biometrics Behavioral biometrics Cognitive biometrics More to come on these… Security+ Guide to Network Security Fundamentals, Third Edition

  9. One-Time Passwords _____________ passwords are typically ________ in nature One-time passwords (_____________) ______________ passwordsthat change frequently Systems using OTPs generate a_______________on demand that is__________________ The most common type is a ___________________ OTP Used in _____________ with a _______________ The token and a corresponding authentication server____________________________________ Each algorithm is different for each user’s token Security+ Guide to Network Security Fundamentals, Third Edition

  10. One-Time Passwords (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  11. Security+ Guide to Network Security Fundamentals, Third Edition

  12. One-Time Passwords (continued) There are several variations of OTP systems _____________________OTPs Authentication server displays a challenge (a __________________) to the user User then __________________________into the token Which then executes a special algorithm to__________a_____________________________ Because the ____________________ has this same algorithm, it can also generate the password and __________________________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  13. Standard Biometrics ______________________________ Uses a______________________________for authentication (what he is) Examples: ___________________________, irises, retinas Types of fingerprint scanners ________________fingerprint scanner _______________fingerprint scanner Disadvantages __________ hardware scanning devices must be installed Readers are ______________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  14. _________________ Biometrics Authenticates by ____________________ that the user __________________ Keystroke dynamics Attempt to ____________________________ Keystroke dynamics uses two unique typing variables User must authenticate by typing ______________ __________________________ Those along with _____________(used when typing username and password) are sent to authentication server If _______________ do not match stored sample, user is ___________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  15. Behavioral Biometrics (continued) Voice recognition Used to authenticate users based on theunique _______________________________ Highly unlikely issue but still a concern Attacker able to __________________ and then create a recording to use for authentication Computer footprint __________________________ a user ______________ accesses a system Security+ Guide to Network Security Fundamentals, Third Edition

  16. Cognitive Biometrics _________________ biometrics Related to the ________________________, and ____________________ of the user Considered to be much ___________________ to remember because it is based on the user’s life experiences One example of cognitive biometrics is based on a life experience that the user remembers Another example of cognitive biometrics requires the user to identify specific faces Security+ Guide to Network Security Fundamentals, Third Edition

  17. Authentication Models • Authentication credentials can be ___________ to provide _______________ • Single and multi-factor authentication • One-factor authentication • Using only_______________________ • _________________authentication • _________________, particularly if different types of authentication methods are used • Three-factor authentication • Requires that a user present___________________of authentication credentials Security+ Guide to Network Security Fundamentals

  18. Authentication Models (continued) ___________________________ Identity management Using a single authenticated ID to be ___________ ____________________________ Federated identity management (_________) When those networks are owned by ________________________________________ One application of FIM is single sign-on (SSO) Security+ Guide to Network Security Fundamentals, Third Edition

  19. Authentication Models (continued) Windows _____________________ Originally introduced in 1999 as .NET Passport Requires a user to create a standard username and password Originally designed as an ________________ ___________ and as a ____________________ When the user wants to log into a Web site that supports Windows Live ID Once authenticated, the user is given an encrypted time-limited “global” cookie Security+ Guide to Network Security Fundamentals, Third Edition

  20. Authentication Models (continued) Windows _______________________ Feature of Windows that is ________________ ______________________ while helping them to manage privacy Allows users to _______________________________ Types of cards Managed cards Personal cards Security+ Guide to Network Security Fundamentals, Third Edition

  21. Authentication Models (continued) Security+ Guide to Network Security Fundamentals, Third Edition

  22. Authentication Models (continued) ________________________ A decentralized __________________________ that does _______________________ to be installed on the desktop A uniform resource locator ________________________ An OpenID identity is only a URL backed up by a __________________________________ OpenID provides a means to prove that the user owns that specific URL Weakness- depends on being ________________ _________________ for authentication Depends on ____________ which has it own weaknesses Security+ Guide to Network Security Fundamentals, Third Edition

  23. Authentication Servers Authentication can be provided on a network by a _________ AAA or authentication server The most common type of authentication and AAA servers are _______________________________and generic servers built on the Lightweight Directory Access Protocol (_____________) More to come on all of these… Security+ Guide to Network Security Fundamentals, Third Edition

  24. RADIUS RADIUS (Remote Authentication Dial in User Service) Developed in 1992 Quickly became the _____________________ with widespread support Suitable for what are called “________________ control applications” With the development of IEEE 802.1x port security for both wired and wireless LANs RADIUS has recently seen even _____________ Security+ Guide to Network Security Fundamentals, Third Edition

  25. RADIUS (continued) A RADIUS _____________ is typically a device such as a __________________ or wireless access point (___________) This device is responsible for __________________ and connection parameters in the form of a RADIUS message __________________________________ The RADIUS _____________________________ the RADIUS client request Sends back a RADIUS message response RADIUS clients also send RADIUS ___________ __________________ to RADIUS servers Security+ Guide to Network Security Fundamentals, Third Edition

  26. Security+ Guide to Network Security Fundamentals, Third Edition

  27. Kerberos ______________________ An _________________ developed by the Massachusetts Institute of Technology (MIT) Used to ________________________________ Uses ___________ and ________________ for security Kerberos process User is provided a _________ that is issued by the Kerberos authentication server The ____ _________________ to the network for a service The ________________________ to verify the identity of the user If all checks out, user is authenticated Security+ Guide to Network Security Fundamentals, Third Edition

  28. Terminal Access Control Access Control System (TACACS+) Terminal Access Control Access Control System ____________________ An industry standard protocol specification that ___________________________________ to a ________________________ The centralized server can be a TACACS+ database Designed to support ______________ of remote connections Security+ Guide to Network Security Fundamentals, Third Edition

  29. Lightweight Directory Access Protocol (______________) ___________________ - A database stored on the network itself that contains _________ ___________________________________ _______________ A ____________ for directory services created by __________________ Outlining uniformity on ________________________ Capability to look up information by ___________ (White-pages service) Browse and search for information by ______________ (Yellow-pages service) Security+ Guide to Network Security Fundamentals, Third Edition

  30. X.500 (continued) and DAP The information is held in a directory information base (DIB) Entries in the DIB are arranged in a tree structure called the __________________ ______________ (DIT) X.500 _______ Directory Access Protocol (DAP) ___________ for a client application to ________ an X.500 directory DAP is too large to run on a personal computer Security+ Guide to Network Security Fundamentals, Third Edition

  31. LDAP (continued) Lightweight Directory Access Protocol (_______________) Sometimes called ________________ A _________________________ Primary differences _________ was designed to _______________ LDAP has _________________ LDAP encodes its protocol elements in a _____ ___________ than X.500 LDAP is an ____________ protocol Security+ Guide to Network Security Fundamentals, Third Edition

  32. Extended Authentication Protocols (EAP) Extensible Authentication Protocol (____) _____________ protocol of IEEE 802.1x that governs the __________________________, _______________, and _________________ An “envelope” that can carry many ____________ of _______________ used for authentication The EAP protocols can be divided into _____ categories: ________________ protocols, ___________ protocols, and _______________ protocols Security+ Guide to Network Security Fundamentals, Third Edition

  33. Security+ Guide to Network Security Fundamentals, Third Edition

  34. Authentication Legacy Protocols _____________________ for authentication Three authentication legacy protocols include: Password Authentication Protocol (PAP) Challenge-Handshake Authentication Protocol (CHAP) Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) Security+ Guide to Network Security Fundamentals, Third Edition

  35. EAP Weak Protocols ____________________________________ EAP weak protocols include: Extended Authentication Protocol–MD5 (EAP-MD5) Lightweight EAP (LEAP) Security+ Guide to Network Security Fundamentals, Third Edition

  36. EAP Strong Protocols EAP strong protocols acceptable for use in WLANs as well include: EAP with _______________________ (EAP-TLS) Generally found in large Windows-based organizations EAP with Tunneled TLS (EAP-TTLS) and Protected EAP (PEAP) Creates ___________________________ between client and authentication server Security+ Guide to Network Security Fundamentals, Third Edition

  37. Remote Authentication and Security Important to _______________________ for _______________ communications Transmissions are routed through networks or devices that the organization does not manage and secure _____________ remote authentication and security usually includes: __________________ services Installing a _______________________ Maintaining a consistent remote access ________ Security+ Guide to Network Security Fundamentals, Third Edition

  38. Remote Access Services (RAS) Remote Access Services (__________) Any__________________________that enables ______________________________________ Provides remote users with the_________ access and functionality as local users Security+ Guide to Network Security Fundamentals, Third Edition

  39. Virtual Private Networks (VPNs) Virtual private network (__________) One of the most common types of RAS Uses an _________________, such as the Internet, as if it were a __________________ ______________ all data that is transmitted between the remote device and the network ___________ common types of VPNs __________________ aka virtual private dial-up network (VPDN) __________________ Security+ Guide to Network Security Fundamentals, Third Edition

  40. Security+ Guide to Network Security Fundamentals, Third Edition

  41. Virtual Private Networks (continued) VPN transmissions are achieved through ____________________________ _________________ _________________ between VPN devices VPN ___________________________________ Aggregates hundreds or thousands of multiple connections Depending upon the type of endpoint that is being used, __________________________ on the devices that are connecting to the VPN Security+ Guide to Network Security Fundamentals, Third Edition

  42. Virtual Private Networks (continued) VPNs can be_________-based or ________-based ________________ VPNs offer the ____________ in how network traffic is managed Preferred in instances where _____________________ ________________________________________ _________________ VPNs generally ___________ _________________ regardless of the protocol Generally, __________ based VPNs ___________ ___________________ as a hardware-based VPN and are not as easy to manage __________________ VPNs generally tunnel alltraffic they handle regardless of the protocol ________________________________ Security+ Guide to Network Security Fundamentals, Third Edition

  43. Virtual Private Networks (continued) _____________ of VPN technology: _____________ no more need for leased connections ________________ Full ______________ encrypted transmission ______________ compresses data _________________ invisible to end user __________________ Industry wide __________________ Security+ Guide to Network Security Fundamentals, Third Edition

  44. Virtual Private Networks (continued) _______________ to VPN technology: _______________ in depth understanding of security issues needed ________________________ __________________ Additional protocols _____________________ ____________________ Security+ Guide to Network Security Fundamentals, Third Edition

  45. Remote Access Policies Establishing ___________ _______________ is ______________________ Potential security risk possible Some recommendations for remote access policies: Remote access policies should be ____________ for all users Remote access should be the ______________ _____________________ Form a working group and create a __________ ______________ will agree to Security+ Guide to Network Security Fundamentals, Third Edition

  46. Summary Access control is the process by which resources or services are denied or granted There are three types of authentication methods Authentication credentials can be combined to provide extended security Authentication can be provided on a network by a dedicated AAA or authentication server Security+ Guide to Network Security Fundamentals, Third Edition

  47. Summary (continued) The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the Extensible Authentication Protocol (EAP) Organizations need to provide avenues for remote users to access corporate resources as if they were sitting at a desk in the office Security+ Guide to Network Security Fundamentals, Third Edition

More Related