RAS Authentication Methods (PAP, TACACS+, etc) Flashcards

1
Q

In which ways do clients enter a RAS server?

A

Through dial-up or a VPN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is PAP

A

Password Authentication Protocol, an authentication method used with Point-to-Point Protocol (PPP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why is PAP rarely used?

A

It uses PPP to send passwords or PINs over a network in cleartext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is CHAP?

A

Challenge Handshake Authentication Protocol, an authentication method that authenticates remote users and uses PPP, but does not send passwords over a network in plaintext.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How is a shared secret used in CHAP?

A

The handshake process in CHAP includes a shared secret (known by the user and server, not a password but similar), combined with a nonce (# only used once) provided by the server and then hashed by the client.

This hashed secret is sent to the server. This process (a handshake) happens at the initial connection by the client, and also multiple times during the connection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Microsoft’s versions of CHAP?

A

MS-CHAP and MS-CHAPv2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What improvement does MS-CHAPv2 have over MS-CHAP?

A

Mutual authentication. Provides assurance that client is not sending info to a rogue server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

In RADIUS’ authentication process, what is encrypted?

A

In RADIUS, only the password is encrypted. TACACS+, encrypts the whole authentication process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is RADIUS?

A

A centralized authentication service, that centralizes the user database so that all authentication requests are handled by a central RADIUS server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which authentication service is an extension of RADIUS?

A

Diameter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why do many organizations prefer Diameter over RADIUS?

A

It adds extra capabilities including support for EAP for added security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is XTACACS?

A

An older Cisco proprietary authentication protocol, rarely used today.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is TACACS+?

A

Terminal Access Controller Access-Control System Plus

A Cisco alternative to RADIUS, can be used for remote access, and authentication with routers and other network devices.

Encrypts the entire authentication process, and uses multiple challenge and responses between the sever and client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TACACS+ can interact with what authentication service/

A

Kerberos, allowing a Cisco RAS (or VPN concentrator) to interact in a Microsoft AD environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly