RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
(4.4) Internet Protocols Layered approach to Internet Software 1.
Authentication servers: RADIUS TACACS+
Remote Access Network Management Kelly Given Allison Traina.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Georgy Melamed Eran Stiller
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Remote User Authentication. Module Objectives By the end of this module participants will be able to: Describe the methods available for authenticating.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Remote Networking Architectures
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Brian Dwyer – CITA370. Introduction  Network Device Security  Identity Management AAA Process Model ○ Authentication ○ Authorization ○ Accounting (Sometimes.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
 It defines the format of the frame to be exchanged between devices.  It defines how two devices can negotiate the establishment of the link and the.
PPP (Point to Point Protocol)
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
Guide to Operating System Security Chapter 9 Web, Remote Access, and VPN Security.
© 2004, Cisco Systems, Inc. All rights reserved.
Mobile and Wireless Communication Security By Jason Gratto.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.
12-Sep-15 Virtual Private Network. Why the need To transmit files securely without disclosing sensitive information to others in the Internet.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v Chapter.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
70-411: Administering Windows Server 2012
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Module 8: Designing Network Access Solutions. Module Overview Securing and Controlling Network Access Designing Remote Access Services Designing RADIUS.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Module 11: Remote Access Fundamentals
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Cisco’s Secure Access Control Server (ACS)
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
Chapter 3: Authentication, Authorization, and Accounting
AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.
PPP Configuration.
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
RADIUS What it is Remote Authentication Dial-In User Service
1 Example security systems n Kerberos n Secure shell.
What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Kerberos is a three-headed dog Available as open source or in supported.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Remote Authentication Dial-In User Service (RADIUS)
PPP Protocol.
PPP Protocol.
Microsoft Windows NT 4.0 Authentication Protocols
Module Overview Installing and Configuring a Network Policy Server
Configuring and Troubleshooting Routing and Remote Access
Radius, LDAP, Radius used in Authenticating Users
PPP – Point to Point Protocol
PPP PROTOCOL The First semester
Password Authentication Protocol
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Radius, LDAP, Radius, Kerberos used in Authenticating Users
PPP Protocol.
Virtual Private Networks (VPN)
Presentation transcript:

RADIUS Server PAP & CHAP Protocols

Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.  Authentication : Refers to confirmation that a user who is requesting a service is a valid user. Examples of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called).  Authorization : Refers to the granting of specific types of service (including "no service") to a user, based on their authentication. Examples of services : IP address filtering, encryption, bandwidth control/traffic management.  Accounting : Refers to the tracking of the consumption of network resources by users. May be used for management, planning, billing etc. AAA server provides all the above services to its clients.

AAA Protocols  Terminal Access Controller Access Control System (TACACS)  TACACS+  Remote Authentication Dial In User Service(RADIUS)  DIAMETER : Diameter is a planned replacement of RADIUS.

RADIUS Server  The Remote Authentication Dial-In User Service (RADIUS) protocol was developed by Livingston Enterprises, Inc., as an access server authentication and accounting protocol.  RADIUS is a protocol for carrying authentication, authorization, and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server.  Uses PAP, CHAP or EAP protocols to authenticate users.  Look in text file, LDAP Servers, Database for authentication.  After authentication services parameters passed back to NAS.

RADIUS infrastructure components

Functions..  Communication between a network access server (NAS) and a RADIUS server is based on the User Datagram Protocol (UDP).  RADIUS server handles issues related to server availability, retransmission, and timeouts.  RADIUS is a client/server protocol  A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.

Interaction between a user and the RADIUS client and server

Authentication and Authorization  The RADIUS server can support a variety of methods to authenticate a user.

PAP  The Password Authentication Protocol (PAP) provides a simple method for a user to authenticate using a 2-way handshake.  PAP is used by Point to Point Protocol to validate users before allowing them access to server resources.  PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure.

Working of PAP

CHAP  Challenge-Handshake Authentication Protocol is a more secure procedure for connecting to a system than the Password Authentication Procedure (PAP).  It involves a three-way exchange of a shared secret. During link establishment, CHAP conducts periodic challenges to make sure that the remote host still has a valid password value.  While PAP basically stops working once authentication is established, this leaves the network vulnerable to attack.

Working of CHAP

Advantages  CHAP provides protection against playback attack by using different challenge value that is unique and comes in random. Because the challenge is unique and unpredictable, the resulting hash value is also unique and random. Which makes it difficult for ‘guessing’.  The use of repeated and different challenges, limits the time of exposure to any single attack.

PAP vs CHAP  PAP is in clear text. It mostly refers to providing a password to an account. The password gets thru the wire. It is vulnerable to sniffing cause whoever is listening would know the password.  CHAP, on the other hand, issues a challenge. The password never actually makes it thru the wire but a question is asked.

References  authentication-dial-user-service-radius/ html  Authentication-Protocol--CHAP-.php  Protocol--PAP-.php

Contact :