Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication.

Similar presentations


Presentation on theme: "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication."— Presentation transcript:

1 Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

2 Security+ Guide to Network Security Fundamentals, Third Edition Objectives Define authentication Describe the different types of authentication credentials List and explain the authentication models 2

3 Security+ Guide to Network Security Fundamentals, Third Edition Objectives (continued) Define authentication servers Describe the different extended authentication protocols Explain how a virtual private network functions 3

4 Security+ Guide to Network Security Fundamentals, Third Edition Definition of Authentication Authentication can be defined in ________ contexts  The first is viewing authentication as it _________ ________________________  The second is to look at it as one of the ________ ____________ of security —___________, ______________, and __________________ 4

5 Security+ Guide to Network Security Fundamentals, Third Edition Authentication and Access Control Terminology (Review…) Access control is the process by which resources or services are granted or denied Identification  The presentation of credentials or identification ________________________  The ____________________________ to ensure that they are __________________ and not fabricated Authorization  Granting permission for admittance Access is the right to use specific resources 5

6 Security+ Guide to Network Security Fundamentals, Third Edition Authentication, Authorization, and Accounting (_____________) Authentication in AAA provides _________ ________________________________  Typically by having them enter a valid ___________ before granting access Authorization is the process that determines whether the _____________________ to carry out certain tasks  Often defined as the process of ______________ Accounting measures the ______________ _______________ during each network session 6

7 Security+ Guide to Network Security Fundamentals, Third Edition Authentication, Authorization, and Accounting (AAA) (continued) The information can then be used in different ways:  To find evidence of problems  For billing  For capacity planning activities AAA servers  ______________ to performing ______________ 7

8 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Credentials Types of authentication, or authentication credentials  Passwords  One-time passwords  Standard biometrics  Behavioral biometrics  Cognitive biometrics More to come on these… 8

9 Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords _____________ passwords are typically ________ in nature One-time passwords (_____________)  ______________ passwords that change frequently  Systems using OTPs generate a _______________ on demand that is __________________ The most common type is a ___________________ OTP  Used in _____________ with a _______________ The token and a corresponding authentication server ____________________________________  Each algorithm is different for each user’s token 9

10 Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords (continued) 10

11 Security+ Guide to Network Security Fundamentals, Third Edition11

12 Security+ Guide to Network Security Fundamentals, Third Edition One-Time Passwords (continued) There are several variations of OTP systems _____________________OTPs  Authentication server displays a challenge (a __________________) to the user  User then __________________________ into the token Which then executes a special algorithm to __________ a _____________________________ Because the ____________________ has this same algorithm, it can also generate the password and __________________________________________ 12

13 Security+ Guide to Network Security Fundamentals, Third Edition Standard Biometrics ______________________________  Uses a ______________________________ for authentication (what he is)  Examples: ___________________________, irises, retinas Types of fingerprint scanners  ________________ fingerprint scanner  _______________ fingerprint scanner Disadvantages  __________ hardware scanning devices must be installed  Readers are ______________________________ 13

14 Security+ Guide to Network Security Fundamentals, Third Edition _________________ Biometrics Authenticates by ____________________ that the user __________________ Keystroke dynamics  Attempt to ____________________________  Keystroke dynamics uses two unique typing variables  User must authenticate by typing ______________ __________________________ Those along with _____________ (used when typing username and password) are sent to authentication server If _______________ do not match stored sample, user is ___________________________ 14

15 Security+ Guide to Network Security Fundamentals, Third Edition Behavioral Biometrics (continued) Voice recognition  Used to authenticate users based on the unique _______________________________  Highly unlikely issue but still a concern Attacker able to __________________ and then create a recording to use for authentication Computer footprint  __________________________ a user ______________ accesses a system 15

16 Security+ Guide to Network Security Fundamentals, Third Edition Cognitive Biometrics _________________ biometrics  Related to the ________________________, and ____________________ of the user  Considered to be much ___________________ to remember because it is based on the user’s life experiences One example of cognitive biometrics is based on a life experience that the user remembers Another example of cognitive biometrics requires the user to identify specific faces 16

17 Authentication Models Authentication credentials can be ___________ to provide _______________ Single and multi-factor authentication  One-factor authentication Using only _______________________  _________________authentication _________________, particularly if different types of authentication methods are used  Three-factor authentication Requires that a user present ___________________ of authentication credentials Security+ Guide to Network Security Fundamentals17

18 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) ___________________________  Identity management Using a single authenticated ID to be ___________ ____________________________  Federated identity management (_________) When those networks are owned by ________________________________________ One application of FIM is single sign-on (SSO) 18

19 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) Windows _____________________  Originally introduced in 1999 as.NET Passport  Requires a user to create a standard username and password  Originally designed as an ________________ ___________ and as a ____________________  When the user wants to log into a Web site that supports Windows Live ID  Once authenticated, the user is given an encrypted time-limited “global” cookie 19

20 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) Windows _______________________  Feature of Windows that is ________________ ______________________ while helping them to manage privacy Allows users to _______________________________  Types of cards Managed cards Personal cards 20

21 Security+ Guide to Network Security Fundamentals, Third Edition21 Authentication Models (continued)

22 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Models (continued) ________________________  A decentralized __________________________ that does _______________________ to be installed on the desktop  A uniform resource locator ________________________ An OpenID identity is only a URL backed up by a __________________________________ OpenID provides a means to prove that the user owns that specific URL Weakness- depends on being ________________ _________________ for authentication  Depends on ____________ which has it own weaknesses 22

23 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Servers Authentication can be provided on a network by a _________ AAA or authentication server The most common type of authentication and AAA servers are  _______________________________ and generic servers built on the Lightweight Directory Access Protocol (_____________) More to come on all of these… 23

24 Security+ Guide to Network Security Fundamentals, Third Edition RADIUS RADIUS (Remote Authentication Dial in User Service)  Developed in 1992  Quickly became the _____________________ with widespread support  Suitable for what are called “________________ control applications” With the development of IEEE 802.1x port security for both wired and wireless LANs  RADIUS has recently seen even _____________ 24

25 Security+ Guide to Network Security Fundamentals, Third Edition RADIUS (continued) A RADIUS _____________ is typically a device such as a __________________ or wireless access point (___________)  This device is responsible for __________________ and connection parameters in the form of a RADIUS message __________________________________ The RADIUS _____________________________ the RADIUS client request  Sends back a RADIUS message response RADIUS clients also send RADIUS ___________ __________________ to RADIUS servers 25

26 Security+ Guide to Network Security Fundamentals, Third Edition26

27 Security+ Guide to Network Security Fundamentals, Third Edition Kerberos ______________________  An _________________ developed by the Massachusetts Institute of Technology (MIT)  Used to ________________________________ Uses ___________ and ________________ for security Kerberos process  User is provided a _________ that is issued by the Kerberos authentication server  The ____ _________________ to the network for a service  The ________________________ to verify the identity of the user If all checks out, user is authenticated 27

28 Security+ Guide to Network Security Fundamentals, Third Edition Terminal Access Control Access Control System (TACACS+) Terminal Access Control Access Control System ____________________  An industry standard protocol specification that ___________________________________ to a ________________________ The centralized server can be a TACACS+ database Designed to support ______________ of remote connections 28

29 Security+ Guide to Network Security Fundamentals, Third Edition Lightweight Directory Access Protocol (______________) ___________________ - A database stored on the network itself that contains _________ ___________________________________ _______________  A ____________ for directory services created by __________________ Outlining uniformity on ________________________ Capability to look up information by ___________ (White-pages service) Browse and search for information by ______________ (Yellow-pages service) 29

30 Security+ Guide to Network Security Fundamentals, Third Edition X.500 (continued) and DAP The information is held in a directory information base (DIB) Entries in the DIB are arranged in a tree structure called the __________________ ______________ (DIT) X.500 _______ Directory Access Protocol (DAP)  ___________ for a client application to ________ an X.500 directory  DAP is too large to run on a personal computer 30

31 Security+ Guide to Network Security Fundamentals, Third Edition LDAP (continued) Lightweight Directory Access Protocol (_______________)  Sometimes called ________________  A _________________________ Primary differences  _________ was designed to _______________  LDAP has _________________  LDAP encodes its protocol elements in a _____ ___________ than X.500 LDAP is an ____________ protocol 31

32 Security+ Guide to Network Security Fundamentals, Third Edition Extended Authentication Protocols (EAP) Extensible Authentication Protocol (____)  _____________ protocol of IEEE 802.1x that governs the __________________________, _______________, and _________________  An “envelope” that can carry many ____________ of _______________ used for authentication The EAP protocols can be divided into _____ categories:  ________________ protocols, ___________ protocols, and _______________ protocols 32

33 Security+ Guide to Network Security Fundamentals, Third Edition33

34 Security+ Guide to Network Security Fundamentals, Third Edition Authentication Legacy Protocols _____________________ for authentication Three authentication legacy protocols include:  Password Authentication Protocol (PAP)  Challenge-Handshake Authentication Protocol (CHAP)  Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) 34

35 Security+ Guide to Network Security Fundamentals, Third Edition EAP Weak Protocols ____________________________________ EAP weak protocols include:  Extended Authentication Protocol–MD5 (EAP- MD5)  Lightweight EAP (LEAP) 35

36 Security+ Guide to Network Security Fundamentals, Third Edition EAP Strong Protocols EAP strong protocols acceptable for use in WLANs as well include:  EAP with _______________________ (EAP-TLS) Generally found in large Windows-based organizations  EAP with Tunneled TLS (EAP-TTLS) and Protected EAP (PEAP) Creates ___________________________ between client and authentication server 36

37 Security+ Guide to Network Security Fundamentals, Third Edition Remote Authentication and Security Important to _______________________ for _______________ communications  Transmissions are routed through networks or devices that the organization does not manage and secure _____________ remote authentication and security usually includes:  __________________ services  Installing a _______________________  Maintaining a consistent remote access ________ 37

38 Security+ Guide to Network Security Fundamentals, Third Edition Remote Access Services (RAS) Remote Access Services (__________)  Any __________________________ that enables ______________________________________  Provides remote users with the _________ access and functionality as local users 38

39 Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (VPNs) Virtual private network (__________)  One of the most common types of RAS  Uses an _________________, such as the Internet, as if it were a __________________  ______________ all data that is transmitted between the remote device and the network ___________ common types of VPNs  __________________ aka virtual private dial-up network (VPDN)  __________________ 39

40 Security+ Guide to Network Security Fundamentals, Third Edition40

41 Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) VPN transmissions are achieved through ____________________________ _________________  _________________ between VPN devices VPN ______________ _____________________  Aggregates hundreds or thousands of multiple connections Depending upon the type of endpoint that is being used, __________________________ on the devices that are connecting to the VPN 41

42 Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) VPNs can be_________-based or ________-based ________________ VPNs offer the ____________ in how network traffic is managed  Preferred in instances where _____________________ ________________________________________ _________________ VPNs generally ___________ _________________ regardless of the protocol Generally, __________ based VPNs ___________ ___________________ as a hardware-based VPN and are not as easy to manage  __________________ VPNs generally tunnel all traffic they handle regardless of the protocol ________________________________ 42

43 Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) _____________ of VPN technology:  _____________ no more need for leased connections  ________________  Full ______________ encrypted transmission  ______________ compresses data  _________________ invisible to end user  __________________  Industry wide __________________ 43

44 Security+ Guide to Network Security Fundamentals, Third Edition Virtual Private Networks (continued) _______________ to VPN technology:  _______________ in depth understanding of security issues needed  ________________________  __________________  Additional protocols  _____________________  ____________________ 44

45 Security+ Guide to Network Security Fundamentals, Third Edition Remote Access Policies Establishing ___________ _______________ is ______________________  Potential security risk possible Some recommendations for remote access policies:  Remote access policies should be ____________ for all users  Remote access should be the ______________ _____________________  Form a working group and create a __________ ______________ will agree to 45

46 Security+ Guide to Network Security Fundamentals, Third Edition Summary Access control is the process by which resources or services are denied or granted There are three types of authentication methods Authentication credentials can be combined to provide extended security Authentication can be provided on a network by a dedicated AAA or authentication server 46

47 Security+ Guide to Network Security Fundamentals, Third Edition Summary (continued) The management protocol of IEEE 802.1x that governs the interaction between the system, authenticator, and RADIUS server is known as the Extensible Authentication Protocol (EAP) Organizations need to provide avenues for remote users to access corporate resources as if they were sitting at a desk in the office 47


Download ppt "Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication."

Similar presentations


Ads by Google