2.2 - Authentication Methods Flashcards

1
Q

RADIUS (Remote Authentication Dial-in User Service)

A
  • One of the more common AAA protocols
    – Supported on a wide variety of platforms and devices
    – Not just for dial-in
  • Centralize authentication for users
    – Routers, switches, firewalls
    – Server authentication
    – Remote VPN access
    – 802.1X network access
  • RADIUS services available on almost any server
    operating system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TACACS

A
  • Terminal Access Controller
    – Access-Control System
    – Remote authentication protocol
    – Created to control access to dial-up lines to ARPANET
  • TACACS+
    – The latest version of TACACS
    – More authentication requests and response codes
    – Released as an open standard in 1993
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Kerberos

A
  • Network authentication protocol
    – Authenticate once, trusted by the system
    – No need to re-authenticate to everything
    – Mutual authentication - the client and the server
    – Protect against on-path or replay attacks
  • Standard since the 1980s
    – Developed by the Massachusetts Institute of
    Technology (MIT)
  • Microsoft starting using Kerberos in Windows 2000
    – Based on Kerberos 5.0 open standard
    – Compatible with other operating systems and devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SSO with Kerberos

A
  • Authenticate one time
    – Lots of backend ticketing
    – Cryptographic tickets
  • No constant username and password input!
    – Save time
  • Only works with Kerberos
    – Not everything is Kerberos-friendly
  • There are many other SSO methods
    – Smart-cards, SAML, etc.
    Which method to use?
  • Many different ways to communicate to an
    authentication server
    – More than a simple login process
  • Often determined by what is at hand
    – VPN concentrator can talk to a RADIUS server
    – We have a RADIUS server
  • TACACS+
    – Probably a Cisco device
  • Kerberos - Probably a Microsoft network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Multi-factor authentication

A
  • More than one factor
    – Something you are
    – Something you have
    – Something you know
    – Somewhere you are
    – Something you do
  • Can be expensive
    – Separate hardware tokens
    – Specialized scanning equipment
  • Can be inexpensive - Free smartphone applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly