Network Services - AAA Servers Flashcards
AAA stands for…
Authentication
Authorization
Accounting
802.1x
Standardized framework used for port-based authentication on wired and wireless networks (RADIUS and TACACS+ use this framework for authentication. There are 3 roles for an authentication to occur:
1) Supplicant
2) Authenticator
3)Authentication server
AUthentication
Occurs when a person’s identity is established with proof and is confirmed by the system
Lightweight Directory Access Protocol (LDAP)
A database used to centralize information about clients and objects on the network. Uses port 389 when unencrypted and port 636 while encrypted.
Active Directory (AD)
Used to organize and manage the network, including clients, servers, devices, users, and groups
Remote Authentication Dial-In User Service (RADIUS)
Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the EAP. It operates at the application layer level. It also utilizes UDP for making connections.
Terminal Access Controller Access-Control System Plus (TACACS+)
Proprietary version of RADIUS that can perform the role of an authenticator in 802.1x networks
TACACS+ vs RADIUS
TACACS+
-Relies on TCP
-Separates authentication, authorization, and accounting processes
-Supports all network protocols
-Exclusive to Cisco devices
RADIUS
-Relies on UDP
-Combines authentication and authorization
-Does not support all network protocols
-Has cross-platform capability
Authorization
Occurs when a user is given access to a certain piece of data or certain areas of a building
Kerberos
Authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets. A domain controller can be a single point of failure for Kerberos (to avoid this, we ca use redundancy)
Accounting
Ensures the tracking of data, computer usage, and network resources is maintained. Non-repudiation occurs when you have proof that someone has taken action.