1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

Slides:



Advertisements
Similar presentations
Authentication.
Advertisements

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
Chapter 5 Secure LAN Switching.  MAC Address Flooding Causing CAM Overflow and Subsequent DOS and Traffic Analysis Attacks.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
Georgy Melamed Eran Stiller
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
Remote Networking Architectures
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID 802.1x OVERVIEW Sudhir Nath Product Manager, Trust.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Course 201 – Administration, Content Inspection and SSL VPN
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 7 City College.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Configuring Routing and Remote Access(RRAS) and Wireless Networking
© 2004, Cisco Systems, Inc. All rights reserved.
Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.
Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.
© 1999, Cisco Systems, Inc. 3-1 Configuring the Network Access Server for AAA Security.
Robert E. Meyers CCNA, CCAI Youngstown State University Cisco Regional Academy Instructor Cisco Networking Academy Program Semester 4, v Chapter.
Wide Area Networks(WANs) Lecture Week 2. Point-to-Point Protocol (PPP) Accessing the WAN.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
11 SECURING COMMUNICATIONS Chapter 7. Chapter 7: SECURING COMMUNICATIONS2 CHAPTER OBJECTIVES  Explain how to secure remote connections.  Describe how.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Chapter 3: Authentication, Authorization, and Accounting
70-411: Administering Windows Server 2012
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
VIRTUAL PRIVATE NETWORK By: Tammy Be Khoa Kieu Stephen Tran Michael Tse.
11.59 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,
Securing Wired Local Area Networks(LANs)
Cisco’s Secure Access Control Server (ACS)
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 3: Authentication, Authorization, and Accounting
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Prepared By: Dr. Mohamed Abdeldayem Reference: Chapter 24 Wade Edwards, CCNP Complete Study Guide, Experiment 12 Configuring PPP on a serial link.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Security fundamentals Topic 7 Securing network communications.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
PPP Configuration.
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
RADIUS What it is Remote Authentication Dial-In User Service
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—3-1 Lesson 3 Cisco PIX Firewall Technology and Features.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—16-1 Lesson 16 Easy VPN Remote—Small Office/Home Office.
Lesson 2a © 2005 Cisco Systems, Inc. All rights reserved. SNPA v4.0—2-1 Firewall Technologies and the Cisco Security Appliance.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor.
أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)
Configuring and Troubleshooting Routing and Remote Access
PPP – Point to Point Protocol
– Chapter 3 – Device Security (B)
Presentation transcript:

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.

2 © 2005 Cisco Systems, Inc. All rights reserved. Network Security 1 Module 4 – Trust and Identity Technology

3 © 2005 Cisco Systems, Inc. All rights reserved. Learning Objectives 4.1 AAA 4.2 Authentication Technologies 4.3 Identity Based Networking Services (IBNS) 4.4 Network Admission Control (NAC)

4 © 2005 Cisco Systems, Inc. All rights reserved. Module 1 – Trust and Identity Technology 4.1 AAA

5 © 2005 Cisco Systems, Inc. All rights reserved. AAA Model— Network Security Architecture Authentication Who are you? “I am user student and my password validateme proves it.” Authorization What can you do? What can you access? “I can access host 2000_Server with Telnet.” Accounting What did you do? How long did you do it? How often did you do it? “I accessed host 2000_Server with Telnet 15 times.”

6 © 2005 Cisco Systems, Inc. All rights reserved. Implementing Cisco AAA Administrative access—Console,Telnet, and Aux access Remote user network access—Async, group-async, BRI, and serial (PRI) access Cisco Secure ACS Remote client (SLIP, PPP, ARAP) NAS Corporate file server Console PSTN/ISDN Internet Remote client (Cisco VPN Client) Router Cisco Secure ACS appliance

7 © 2005 Cisco Systems, Inc. All rights reserved. Implementing AAA Using Local Services 1.The client establishes connection with the router. 2.The router prompts the user for their username and password. 3.The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database Perimeter router Remote client

8 © 2005 Cisco Systems, Inc. All rights reserved. Implementing AAA Using External Servers 1.The client establishes a connection with the router. 2.The router communicates with the Cisco Secure ACS (server or appliance). 3.The Cisco Secure ACS prompts the user for their username and password. 4.The Cisco Secure ACS authenticates the user. The user is authorized to access the network based on information found in the Cisco Secure ACS database Perimeter router Remote client Cisco Secure ACS Cisco Secure ACS appliance4

9 © 2005 Cisco Systems, Inc. All rights reserved. The TACACS+ and RADIUS AAA Protocols Two different protocols are used to communicate between the AAA security servers and a router, NAS, or firewall. Cisco Secure ACS supports both TACACS+ and RADIUS: TACACS+ remains more secure than RADIUS. RADIUS has a robust API and strong accounting. Cisco Secure ACS Firewall Router Network access server TACACS+RADIUS Security server

10 © 2005 Cisco Systems, Inc. All rights reserved. Module 1 – Trust and Identity Technology 4.2 Authentication Technologies

11 © 2005 Cisco Systems, Inc. All rights reserved. Authentication Methods

12 © 2005 Cisco Systems, Inc. All rights reserved. Authentication—Remote PC Username and Password

13 © 2005 Cisco Systems, Inc. All rights reserved. Authentication— One-Time Passwords, S/Key List of one-time passwords Generated by S/Key program hash function Sent in clear text over network Server must support S/Key A A B 310B E170D A C84DFBC0 4C7BD4B1 F79FC2ED 30A02EA4 S/Key passwordsWorkstation Security server supports S/Key S/Key password (clear text) A A B 310B E170D A C84DFBC0 4C7BD4B1 F79FC2ED 30A02EA4

14 © 2005 Cisco Systems, Inc. All rights reserved. Authentication— Token Cards and Servers Cisco Secure ACS (OTP) Token server

15 © 2005 Cisco Systems, Inc. All rights reserved. AAA Example— Authentication Via PPP Link PAP—Password Authentication Protocol Clear text, repeated password Subject to eavesdropping and replay attacks CHAP—Challenge Handshake Authentication Protocol Secret password, per remote user Challenge sent on link (random number) Challenge can be repeated periodically to prevent session hijacking The CHAP response is an MD5 hash of (challenge + secret) provides authentication Robust against sniffing and replay attacks MS-CHAP—Microsoft CHAP v1 (supported in IOS > 11.3) and v1 or v2 (supported in IOS > 12.2) Network access server TCP/IP and PPP client PPP PSTN or ISDN PPP

16 © 2005 Cisco Systems, Inc. All rights reserved. Module 1 – Trust and Identity Technology 4.3 Identity Based Networking Services (IBNS)

17 © 2005 Cisco Systems, Inc. All rights reserved. Identity Based Network Services Cisco VPN Concentrators, Cisco IOS Routers, PIX Firewalls Unified Control of User Identity for the Enterprise Router Internet Cisco Secure ACS Firewall VPN Clients Hard and Soft Tokens Remote Offices OTP Server

18 © 2005 Cisco Systems, Inc. All rights reserved. Identity Based Networking Services Features and Benefits: Intelligent adaptability for offering greater flexibility and mobility to stratified users A combination of authentication, access control, and user policies to secure network connectivity and resources User productivity gains and reduced operating costs

19 © 2005 Cisco Systems, Inc. All rights reserved x Components

20 © 2005 Cisco Systems, Inc. All rights reserved x Authentication Server (RADIUS) Catalyst 2950 (switch) End User (client)

21 © 2005 Cisco Systems, Inc. All rights reserved x Benefits FeatureBenefit 802.1x Authenticator Support Enables interaction between the supplicant component on workstations and application of appropriate policy. MAC Address Authentication Adds support for devices such as IP phones that do not presently include 802.1x supplicant support. Default Authorization Policy Permits access for unauthenticated devices to basic network service. Multiple DHCP Pools Authenticated users can be assigned IP addresses from a different IP range than unauthenticated users, allowing network traffic policy application by address range.

22 © 2005 Cisco Systems, Inc. All rights reserved x Wireless LAN Example Authentication Server (RADIUS) Catalyst 2950 (switch) Access Point

23 © 2005 Cisco Systems, Inc. All rights reserved. Module 1 – Trust and Identity Technology 4.4 Network Admission Control (NAC)

24 © 2005 Cisco Systems, Inc. All rights reserved. NAC Components

25 © 2005 Cisco Systems, Inc. All rights reserved. NAC Vendor Participation

26 © 2005, Cisco Systems, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.