Information Security Professionals

Slides:

Advertisements

Similar presentations

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Advertisements

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

Configuring Routing and Remote Access(RRAS) and Wireless Networking

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.

1 Group Account Administration Introduction to Groups Planning a Group Strategy Creating Groups Understanding Default Groups Groups for Administrators.

Remote Desktop Services Remote Desktop Connection Remote Desktop Protocol Remote Assistance Remote Server Administration T0ols.

Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Local Area Networks (LAN) are small networks, with a short distance for the cables to run, typically a room, a floor, or a building. - LANs are limited.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Chapter 3: Authentication, Authorization, and Accounting

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.

5.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 5: Planning.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.

Chapter 3: Authentication, Authorization, and Accounting

NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.

By Rashid Khan Lesson 6-Building a Directory Service.

AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.

Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.

Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.

1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.

Basic Edge Core switch Training for Summit Communication.

PART1 Data collection methodology and NM paradigms 1.

Implementing Cisco Secure Access Solutions

100% Exam Passing Guarantee & Money Back Assurance

Chapter One: Mastering the Basics of Security

Module Overview Installing and Configuring a Network Policy Server

Frame Relay lab1.

Data Virtualization Demoette… CIS Rights

Chapter 2: System Structures

Radius, LDAP, Radius used in Authenticating Users

Marcos Hernandez, SMB Technical Marketing Engineer

Introduction to Networks

CompTIA Security+ Study Guide (SY0-401)

Introduction to Cisco Identity Services Engine (ISE)

To Join the Teleconference

Network Services.

Cisco Real Exam Dumps IT-Dumps

Free Dumps With Real Exam Question Answers | Free Update

Extended Authentication Protocol (EAP) Vulnerabilities exploited through Rogue Access Points Stephen Cumella.

Network Security and Monitoring

* Essential Network Security Book Slides.

An Introduction to Computer Networking

Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016.

Keeping Member Data Safe

Cisco networking CNET-448

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

Lock and Key by Linda Wier 2/23/2019.

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

Creating and Managing Folders

Presentation transcript:

Information Security Professionals On Cisco Devices for Information Security Professionals A Roadmap for Authentication, Authorization and Accounting

AAA on Cisco Devices for Information Security Professionals Security professionals come from many sectors of Information Technology and Business. The diversity of talent on any Security team provides an interesting atmosphere and a breadth of knowledge that is not often found in the current IT environment of increasing specialization. Network equipment poses a unique challenge to security experts since its functions and features have developed differently from other technologies. This presentation attempts to relate the network features of AAA (authentication, authorization and accounting) to well-known security principles.

AAA on Cisco Devices for Information Security Professionals Cisco devices have multiple options for access and authentication. They can authenticate locally, use an external source, or be configured to do both. The default is to use local authentication. Configuring “aaa new-model” allows the device to specify a method list for authentication. This method list is exactly that – a list of authentication methods. Devices are normally configured to use a remote server for authentication (RADIUS or TACACS+) and local authentication is listed last. This does not mean that a user can authenticate to either method. The first method listed will be used unless it is unavailable.

AAA on Cisco Devices for Information Security Professionals Method List Logic For a method list that specifies a remote server and then local authentication: Remote server is reachable Authentication by remote server Remote server is not reachable Authentication via local database As long as the remote server is reachable, all authentication will go to the remote server. If authentication fails, access is denied. If the username doesn’t exist, access is denied. [It does not go to the next method (or server) on authentication failure.] Once the remote server becomes unreachable, the locally configured (on the device) username and password becomes the only authentication method until the remote server is available again.

AAA on Cisco Devices for Information Security Professionals A method list is not the only way to configure multiple authentication sources. If the method list specifies to use tacacs+ and then local authentication with multiple tacacs+ servers configured, authentication will occur using the first available server. In the example configuration below: tacacs-server host 10.1.1.2 tacacs-server host 10.10.1.22 The device will always use server 10.1.1.2 to authenticate. It will authenticate against 10.10.1.22 only after it attempts to reach the first server and gets no response (times out). And it will not use local authentication until every configured server times out.

AAA on Cisco Devices for Information Security Professionals That was a lot of detailed information about method lists on Cisco devices. Why would anyone in Security need to know this? A. Logging Depending on the method and server performing the authentication, the location of the log entry recording this access may be found in any one of a number of places. Simply requesting the syslog entries as configured on the device itself may not show user access attempts. In addition, the authenticating server could be configured to log locally or send the logs to its configured syslog server. So when attempting to validate that user access attempts are logged, first determine where authentication is occurring. Then determine where the authentication server is sending its log entries. Those are the ones you want to request.

AAA on Cisco Devices for Information Security Professionals RADIUS and TACACS+ Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized AAA management for users who connect and use a network service. Terminal Access Controller Access Control System Plus (TACACS+) is also a protocol that handles AAA services. The primary functional difference between the two is that RADIUS combines Authentication and Authorization and TACACS+ separates those functions. What that means in practical terms is that RADIUS doesn’t log the commands used by an administrator. It will only log start, stop and interim records. TACACS+ can perform per-command authorization and accounting. TACACS+ can also provide more granular control over who can run which commands on specified devices. Traditionally RADIUS is used for dial-in access and TACACS+ is used for device administration.

AAA on Cisco Devices for Information Security Professionals The chart below gives the basic differences between the two protocols. Depending on your network environment, one may be “better” than the other. The commonly used Cisco Access Control Server (ACS) provides the capability to use either one.

AAA on Cisco Devices for Information Security Professionals At first glance and in many circumstances, TACACS+ would be the better choice for device management. However, early versions of Cisco’s Identity Services Engine (ISE) only supported RADIUS and did not have support for TACACS+. [Newer versions now have TACACS+ support.] Cisco’s ISE combined with RADIUS can provide dynamic control of network access and provide advanced security functions such as TRUSTSEC, 802.1x, network identity awareness, BYOD onboarding, network and device context awareness and system-wide visibility into who, where and what is on a network. The point here is to show that it’s not the protocol that’s important, but the way it is implemented that matters the most.

AAA on Cisco Devices for Information Security Professionals User Accounts An important item commonly reviewed by Security is user accounts. With the complexity of the possible AAA configurations on network devices, the review of user accounts may include multiple systems. The username configured on the device is only for local authentication. If a method list is configured, the user accounts for those methods are all potential access accounts. Similar to logging, the configuration needs to be reviewed to determine the location of the user accounts. Devices commonly point to an ACS server (configured as a RADIUS or TACACS+ server). The ACS server can use either local accounts or authenticate against Active Directory or LDAP. If you are reviewing items such as password complexity, shared accounts, password history and account lockout, the accounts in multiple systems may need to be reviewed. These systems may be under the administrative control of other teams and require coordination with those teams for a full review of the device’s access, monitoring and logging.

AAA on Cisco Devices for Information Security Professionals Thank you for viewing this presentation and hopefully you have gained an appreciation for the complexities of reviewing network device security. So long and thanks for all the fish!