Remote Access Protocols

Question 1

RAS

Answer 1

Microsoft Remote Access Server: the predecessor to Microsoft Routing and Remote Access Server (RRAS). RRAS is a microsfot windows server feature that allows Microsoft Windows clients to remotely access a microsoft windows network

Question 2

RDP

Answer 2

Remote Desktop Protocol: Microsoft protocol that allows a user to view and control the desktop of a remote computer

Question 3

PPPoE

Answer 3

Point to Point Protocol over Ethernet: commonly used protocol between a DSL modem in a home/business and a service provider. specifically PPPoE encapsulates PPP frames within Ethernet frames. This approach allows Ethernet connection to leverage the features of PPP, such as authentication

Question 4

PPP

Answer 4

Point to Point Protocol: common layer 2 protocol that offers features such as multilink interface, looped link detection, error detection, and authentication

Question 5

ICA

Answer 5

Independent Computing Architecture: Citrix Systems proprietary protocol that allows an application running on one platform to be seen and controlled from a remote client, independent of the client platform

Question 6

SSH

Answer 6

Secure Shell is a protocol used to securely connect to a remote host (via terminal emulator)

Question 7

Kerberos

Answer 7

Kerberos is a client/server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (key distribution center) that hands out tickets that are used instead of a username and password combination

Question 8

AAA

Answer 8

Authenticaiton, Authorization and Accounting: allows a network to have a single repository of user credentials. A network admin can then supply the same credentials to log into various network devices.
RADIUS and TACACS+ are protocols commonly used to communicate with an AAA server

Question 9

RADIUS

Answer 9

Remote Authentication Dial-In User Service

• UDP based protocol used to communicate with an AAA server.
• Unlike TACACS+. RADIUS doesnt encrypt an entire authentication packet, but only the password.
• RADIUS does offer more robust accounting features than TACACS+.
• RADIUS is a standards based protocol, where TACACS+ is a Cisco proprietary protocol

Question 10

TACACS+

Answer 10

Terminal Access Controller Access Control System Plus
Cisco proprietary TCP based AAA protocol. TACACS+ has 3 separate distinct sessions or functions for authentication, authorization, and accounting

Question 11

NAC

Answer 11

Network Admission Control
Can permit or deny access to a network based on characteristics of the device seeking admission, rather than just checking credentials.
EX: a clients OS and version of antivirus can be checked against a set of requriements before allowing the client to access to the network. This process of checking a clients characteristics is called “posture assessment”

Question 12

IEEE 802.1X

Answer 12

type of NAC that can permit or deny a wireless/wired LAN client access to a network. If IEEE 802.1X is being used to permit access to a LAN via a switch port, then IEEE 802.1X is being used for port security. The device seeking admission to the network is called the “supplicant”. The device which the supplicant connects is called the “authenticator”. The device that checks the supplicants credentials and permits or denies the supplicant to access the network is called an “authentication server”. Usually an authenticaiton server is a RADIUS server

Question 13

CHAP

Answer 13

Challenge Handshake Authentication Protocol
Performs a one way authentication for remote access connection. However authentication is performed through a 3 way handshake (challenge, response, and acceptance messages) between a server and a client. This 3 way handshake allows a client to be authenticated without sending credential information across a network. Password Authentication Protocol (PAP) is an unencrypted plain-text method for password exchange that should be avoided.

Question 14

MS-CHAP

Answer 14

Microsoft Challenge Handshake Authentication Protocol
A microsoft enhanced version of CHAP, offering a collection of additional resources not present in CHAP, including two way authentication

Question 15

EAP

Answer 15

Extensible Authentication Protocol
Specifies how authentication is performed by IEEE 802.1X. A variety of EaP types exist:
Extensible Authenticaion Protocol Flexible Authentication (EAP-FAST)
Extensible Authentication Protocol-Message Digest 5 (EAP-MD5)
Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)

Question 16

Two Factor Authentication

Answer 16

TFA, requires two types of authentication from a user seeking permission to a network

Question 17

Multifactor Authentication

Answer 17

similar to two factor, multifactor authentication requires two or more types of successful authentication before granting access to a network

Question 18

Single Sign On

Answer 18

allows a user to authenticate only once to gain access to multiple systems, without requiring the user to independently authenticate with each system

Question 19

Local Authentication

Answer 19

Local Authentication refers to the network device authenticating the user with a database of user account information stored on the device itself. This is often an important fall back method of authentication should another external method fail

Question 20

LDAP

Answer 20

Lightweight Directory Access Protocol
Permits a set of standards for the storage and access of suer account information. Many proprietary user stores support LDAP for ease of access. This includes Microsofts Active Directory

Question 21

Captive Portal

Answer 21

A captive portal is a web page that appears before the user is able to access the network resource. This web page accepts the credentials of the user for authentication and presents them to the authentication server.