Network Security Implemenation Flashcards
What is AAA
Authentication
Authorization
Accounting
Framework for controlling remote access to system resources
Give all the remote networking protocols that implement AAA
RADIUS
TACACS
TACACS+
Diameter
Definition of Authentication
The method of uniquely validating a particular entity or individual’s credentials.
Give all Authentication factors
Something you know, such as a password
Something you have, such as a token or access card
Something you are, including physical characteristics such as fingerprints or a retina pattern
Somewhere you are or are not
Something you do; for example, a keystroke logger that measures how hard you press the keys while typing, or how long the keys remain pressed
Definition of MFA
MFA: Multifactor authentication is an authentication scheme that requires the validation of at least two of the possible authentication factors.
Definition of Two Factor Aunthentication
Two-factor authentication: An authentication scheme that requires validation of two authentication factors.
What is Local Authentication and give examples
When users are off the network, rather than authenticating to a network server database, they authenticate to a local system account
Windows: SAM registry hive
Linux: /etc/passwd or /etc/shadow file
What do users need for Local Authentication
Biometric authentication
Passphrase
Token device
Definition of SSO
Single sign-on is a mechanism where a single user authentication provides access to all the devices or applications where the user has permission.
Definition of LDAP
Lightweight Directory Access Protocol (LDAP) is a directory service protocol that defines how a client can access information, perform operations, and share directory data on a directory server.
What is a digital certificate
Digital certificate: An electronic document that associates credentials with a public key.
What is a CA
Digital certificate: An electronic document that associates credentials with a public key.
What is the purpose of a certificate
Users, devices, services, and applications can all hold certificates.
Certificates validate the certificate holder’s identity.
Certificates are a way to distribute the holder’s public key.
A root CA is typically the first or only CA installed.
A root certificate is typically a self-signed certificate that identifies the root CA.
Defintion of Kerberos
Kerberos: A popular open-source authentication protocol that is based on a time-sensitive ticket-granting system.
Definition of TGT
TGT: (Ticket-Granting Ticket) Used in Kerberos. It is an encrypted file requested from a Ticket-Granting Server that is only valid for a short time to access network services.
Definition of TGS
TGS: (Ticket-Granting Server) Used by Kerberos. It is the logical key distribution center and functions as a trusted third party to issue Ticket-Granting Tickets.
Give the process of Kerberos
1 A user logs on to the domain.
2 The user requests a Ticket Granting Ticket (TGT) from the authenticating server.
3 The authenticating server responds with a time-stamped TGT.
4 The user presents the TGT back to the authenticating server and requests a service ticket to access a specific resource.
5 The authenticating server responds with a service ticket.
6 The user presents the service ticket to the resource.
7 The resource authenticates the user and allows access.
Give a full description of RADIUS
Enables a server to provide standardized, centralized authentication for remote users.
Configure one RADIUS server; configure the other remote access servers as RADIUS clients.
RADIUS clients will pass all authentication requests to the RADIUS server for verification.
Can centralize user configuration, remote access policies, and usage logging on a RADIUS server.
Supported by VPN servers, Ethernet switches requiring authentication, wireless access points (WAPs), as well as other types of network devices.
Give a full description of TACAS+
Authentication protocols that provide centralized authentication and authorization services for remote users.
TACACS includes process-wide encryption for authentication; RADIUS encrypts only passwords.
TACACS uses TCP instead of UDP and supports multiple protocols. Extensions to the TACACS protocols exist, such as Cisco’s TACACS+ and XTACACS.
TACACS uses TCP port 49 and also supports multifactor authentication.
TACACS+ is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user.
TACACS+ is not compatible with TACACS because it uses an advanced version of the TACACS algorithm.
Give a full description of RDP
The backbone of Microsoft’s Remote Desktop system.
Its capabilities include data encryption, remote audio and printing, access to local files, and redirection of the host’s disk drives and peripheral ports.
In client versions, 6.1 and later, any application that can be accessed via the normal remote desktop can serve as a standalone remote application.
The server listens on port 3389.
The server component, the terminal server, is available on most Windows operating systems, except for Windows Vista® Home Edition.
A desktop client is available for most operating systems.
Give a full description of VNC
A platform-independent desktop sharing system.
VNC client and server software is available for almost any operating system (and for Java®), so a VNC viewer on a Linux system can connect to a VNC server on a
Microsoft system and vice versa.
VNC uses the Remote Frame Buffer (RFB) protocol, which allows the client and server to determine the best version of RFB they can support during a session.
VNC is not an inherently secure system but does offer varying levels of password and content encryption, depending on the implementation.
Definition of NAC
Network access control (NAC) is a general term for the collected protocols, policies, and hardware that govern access on network interconnections.
Give a full descrpition of NAC
NAC provides an additional security layer that scans devices for conformance and allows or quarantines updates to meet policy standards.
Security professionals will deploy a NAC policy according to an organization’s needs based on three main elements:
=The authentication method
=Endpoint vulnerability assessment
Network security enforcement
Once the NAC policy is determined, professionals must determine where NAC will be deployed within their network structure.
What is IEEE 802.1x
IEEE 802.1x is a standard for securing networks by implementing Extensible Authentication Protocol (EAP) as the authentication protocol over either a wired or wireless Ethernet LAN, rather than the more traditional implementation of EAP over Point-to-Point Protocol (PPP).