Chapter 3: Authentication, Authorization, and Accounting

Slides:



Advertisements
Similar presentations
© 2003, Cisco Systems, Inc. All rights reserved..
Advertisements

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 4 – Implementing Firewall Technologies.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Configuring and Testing Your Network Network Fundamentals – Chapter 11.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
CCNA 5.0 Planning Guide Chapter 7: Securing Site-to-Site Connectivity
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 CCNA 5.0 Planning Guide Chapter 5: Network Address Translation for IPv4.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configuring and Testing Your Network Network Fundamentals – Chapter 11 Final.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
Privilege Levels Cisco IOS provides for 16 different privilege levels ranging from 0 to 15. Cisco IOS comes with 2 predefined user levels. User mode.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.
Configuring a network os
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 5 City College.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
© Wiley Inc All Rights Reserved. CHAPTER 4: Introduction to the Cisco IOS CCNA: Cisco Certified Network Associate Study Guide.
Chapter 3: Authentication, Authorization, and Accounting
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Remote access typically involves allowing telnet, SSH connections to the router Remote requires.
Chapter 11: Managing a Secure Network
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
1 Course Number Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Chapter 5: Implementing Intrusion Prevention
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Five Windows Server 2008 Remote Desktop Services,
Chapter 8: Implementing Virtual Private Networks
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 1 ver.2 Module 6 City College.
Chapter 2: Securing Network Devices
Chapter 7: Cryptographic Systems
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved.
Enterprise Network Security Accessing the WAN – Chapter 4.
AAA Services Authentication -Who ? -Management of the user’s identity Authorization -What can the user do? -Management of the granted services Accounting.
How to Deploy and Configure the Smart Net Total Care CSPC Collector
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.
Chapter 9: Implementing the Cisco Adaptive Security Appliance
Chapter 6: Securing the Local Area Network
Chapter 4: Implementing Firewall Technologies
Configuring AAA Kamyar Miremadi Laila Sherif Summer 2005.
Chapter 3: Network Protocols and Communications
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—4-1 LAN Connections Understanding Cisco Router Security.
Chapter 2: Configure a Network Operating System
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.0 Module 3 PPP.
© 2002, Cisco Systems, Inc. All rights reserved..
Configuring and Testing Your Network Network Fundamentals.
Introduction to Networks v5.1 Chapter 4: Network Access.
Cisco Exam Questions IMPLEMENTING CISCO IOS NETWORK SECURITY (IINS V2.0) VERSION: Presents: 1.
Instructor Materials Chapter 8 Configuring Cisco Devices
Instructor Materials Chapter 5: Network Security and Monitoring
© 2002, Cisco Systems, Inc. All rights reserved.
Chapter 2: Configure a Network Operating System
Enterprise Network Security
Information Security Professionals
Configuring and Testing Your Network
Chapter 5: Network Security and Monitoring
Implement Inter-VLAN Routing
Chapter 2: Configure a Network Operating System
Understanding Cisco Router Security
Enterprise Network Security
Implement Inter-VLAN Routing
Chapter 10: Advanced Cisco Adaptive Security Appliance
Enterprise Network Security
Implement Inter-VLAN Routing
Presentation transcript:

Chapter 3: Authentication, Authorization, and Accounting CCNA Security v2.0

Chapter Outline 3.0 Introduction 3.1 Purpose of the AAA 3.2 Local AAA Authentication 3.3 Server-Based AAA 3.4 Server-Based AAA Authentication 3.5 Server-Based Authorization and Accounting 3.6 Summary Chapter Outline

Section 3.1: Purpose of the AAA Upon completion of this section, you should be able to: Explain why AAA is critical to network security. Describe the characteristics of AAA.

Topic 3.1.1: AAA Overview

Authentication without AAA Telnet is Vulnerable to Brute-Force Attacks 3.1.1.1 Authentication without AAA

Authentication without AAA (Cont.) SSH and Local Database Method 3.1.1.1 Authentication without AAA

AAA Components 3.1.1.2 AAA Components

Topic 3.1.2: AAA Characteristics

Authentication Modes Local AAA Authentication Server-Based AAA Authentication

Authorization AAA Authorization 3.1.2.2 Authorization

Accounting AAA Accounting Types of accounting information: Network Connection EXEC System Command Resource AAA Accounting 3.1.2.3 Accounting 3.1.2.4 Activity - Indentify the Characteristics of AAA

Section 3.2: Local AAA Authentication Upon completion of this section, you should be able to: Configure AAA authentication, using the CLI, to validate users against a local database. Troubleshoot AAA authentication that validates users against a local database.

Topic 3.2.1: Configuring Local AAA Authentication with CLI

Authenticating Administrative Access Add usernames and passwords to the local router database for users that need administrative access to the router. Enable AAA globally on the router. Configure AAA parameters on the router. Confirm and troubleshoot the AAA configuration. 3.2.1.1 Authenticating Administrative Access

Authentication Methods

Default and Named Methods Example Local AAA Authentication 3.2.1.3 Default and Named Methods

Fine-Tuning the Authentication Configuration Command Syntax Display Locked Out Users 3.2.1.4 Fine-Tuning the Authentication Configuration Show Unique ID of a Session

Topic 3.2.2: Troubleshooting Local AAA Authentication

Debug Options Debug Local AAA Authentication 3.2.2.1 Debug Options

Debugging AAA Authentication Understanding Debug Output 3.2.2.2 Debugging AAA Authentication

Section 3.3: Server-Based AAA Upon completion of this section, you should be able to: Describe the benefits of server-based AAA. Compare the TACACS+ and RADIUS authentication protocols.

Topic 3.3.1: Server-Based AAA Characteristics

Comparing Local AAA and Server-Based AAA Implementations Local authentication: User establishes a connection with the router. Router prompts the user for a username and password, authentication the user using a local database. Server-based authentication: User establishes a connection with the router. Router prompts the user for a username and password. Router passes the username and password to the Cisco Secure ACS (server or engine) The Cisco Secure ACS authenticates the user. 3.3.1.1 Comparing Local AAA and Server-Based AAA Implementations

Introducing Cisco Secure Access Control System

Topic 3.3.2: Server-Based AAA Communication Protocols

Introducing TACACS+ and RADIUS

TACACS+ Authentication TACACS+ Authentication Process 3.3.2.2 TACACS+ Authentication

RADIUS Authentication RADIUS Authentication Process 3.3.2.3 RADIUS Authentication

Integration of TACACS+ and ACS Cisco Secure ACS 3.3.2.4 Integration of TACACS+ and ACS

Integration of AAA with Active Directory 3.3.2.6 Video - Integration of AAA with Identity Service Engine 3.3.2.7 Activity - Identify the AAA Communication Protocol

Section 3.4: Server-Based AAA Authentication Upon completion of this section, you should be able to: Configure server-based AAA authentication, using the CLI, on Cisco routers. Troubleshoot server-based AAA authentication.

Topic 3.4.1: Configuring Server-Based Authentication with CLI

Steps for Configuring Server-Based AAA Authentication with CLI Enable AAA. Specify the IP address of the ACS server. Configure the secret key. Configure authentication to use either the RADIUS or TACACS+ server. 3.4.1.1 Steps for Configuring Server-Based AAA Authentication with CLI

Configuring the CLI with TACACS+ Servers Server-Based AAA Reference Topology 3.4.1.2 Configuring the CLI for TACACS+ Servers Configure a AAA TACACS+ Server

Configuring the CLI for RADIUS Servers Configure a AAA RADIUS Server 3.4.1.3 Configuring the CLI for RADIUS Servers

Configure Authentication to Use the AAA Server Command Syntax 3.4.1.4 Configure Authentication to Use the AAA Server Syntax Checker - Configure Server-Based AAA Authentication Configure Server-Based AAA Authentication

Topic 3.4.2: Troubleshooting Server-Based AAA Authentication

Monitoring Authentication Traffic Troubleshooting Server-Based AAA Authentication 3.4.2.1 Monitoring Authentication Traffic

Debugging TACACS+ and RADIUS Troubleshooting RADIUS 3.4.2.2 Debugging TACACS+ and RADIUS Troubleshooting TACACS+

Debugging TACACS+ and RADIUS (Cont.) AAA Server-Based Authentication Success 3.4.2.2 Debugging TACACS+ and RADIUS (Cont.) 3.4.2.3 Video Demonstration: Configure a Cisco Router to Access a AAA RADIUS Server AAA Server-Based Authentication Failure

Section 3.5: Server-Based AAA Authorization and Accounting Upon completion of this section, you should be able to: Configure server-based AAA authorization. Configure server-based AAA accounting. Explain the functions of 802.1x components.

Topic 3.5.1: Configuring Server-Based AAA Authorization

Introduction to Server-Based AAA Authorization Authentication vs. Authorization Authentication ensures a device or end-user is legitimate Authorization allows or disallows authenticated users access to certain areas and programs on the network. TACACS+ vs. RADIUS TACACS+ separates authentication from authorization RADIUS does not separate authentication from authorization 3.5.1.1 Introduction to Server-Based AAA Authorization

AAA Authorization Configuration with CLI Command Syntax Authorization Method Lists 3.5.1.2 AAA Authorization Configuration with CLI Example AAA Authorization

Topic 3.5.2: Configuring Server-Based AAA Accounting

Introduction to Server-Based AAA Accounting

AAA Accounting Configuration with CLI Command Syntax Accounting Method Lists 3.5.2.2 AAA Accounting Configuration with CLI Syntax Checker - Configure AAA Accounting Example AAA Accounting

Topic 3.5.3: 802.1X Authentication

Security Using 802.1X Port-Based Authentication 802.1X Roles 802.1X Message Exchange 3.5.3.1 Security Using 802.1X Port-Based Authentication

802.1X Port Authorization State Command Syntax for dot1x port-control 3.5.3.2 802.1X Port Authorization State

Configuring 802.1X 3.5.3.3 Configuring 802.1X Syntax Checker - Configure 802.1X Port-Authentication on a 2960 Switch 3.6.1.1 Packet Tracer - Configure Authentication on Cisco Routers 3.6.1.2 Lab - Securing Administrative Access Using AAA and RADIUS

Section 3.6: Summary Chapter Objectives: Explain how AAA is used to secure a network. Implement AAA authentication that validates users against a local database. Implement server-based AAA authentication using TACACS+ and RADIUS protocols. Configure server-based AAA authorization and accounting. 3.6.1.1 Packet Tracer - Configure Authentication on Cisco Routers 3.6.1.2 Lab - Securing Administrative Access Using AAA and RADIUS 3.6.1.3 Summary

Instructor Resources Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) These resources cover a variety of topics including navigation, assessments, and assignments. A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2 https://www.netacad.com