Network Security 1 Module 4 Trust and Identity Technology



Similar documents
Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh ola.lundh@edu.falkenberg.se

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Network Security and AAA

Configuring Access Service Security

7.1. Remote Access Connection

Remote Access Security

CISCO IOS NETWORK SECURITY (IINS)

L2F Case Study Overview

BRI to PRI Connection Using Data Over Voice

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

Cisco Secure Access Control Server 4.2 for Windows

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

Securing Networks with PIX and ASA

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

TABLE OF CONTENTS NETWORK SECURITY 1...1

Securing Cisco Network Devices (SND)

Implementation Guidelines. Dyna Pass. Wireless Secure Access

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Chapter 10 Security Protocols of the Data Link Layer

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

Product Summary RADIUS Servers

AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Cisco Secure Access Control Server Deployment Guide

How To Configure Apple ipad for Cyberoam L2TP

RSA SecurID Ready Implementation Guide

How To Configure L2TP VPN Connection for MAC OS X client

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

Overview of Dial Interfaces, Controllers, and Lines

Authenticating a Lucent Portmaster 3 with Microsoft IAS and Active Directory

PassTest. Bessere Qualität, bessere Dienstleistungen!

Network Access Control and Cloud Security

Understanding the Cisco VPN Client

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

RuggedCom Solutions for

CCNA. Course Fee: 8500 INR (Lab Access, Software s, Books, Tool Kits & Tax Included) Course Duration: 5 Days

Computer Network Engineering

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard

Domain 6.0: Network Security

ASA and Native L2TP IPSec Android Client Configuration Example

WLAN Security: Identifying Client and AP Security

Web Authentication Application Note

Lab a Configure Remote Access Using Cisco Easy VPN

Exam Name: Cisco Sales Associate Exam Exam Type: Cisco Exam Code: Doc Type: Q & A with Explanations Total Questions: 50

(d-5273) CCIE Security v3.0 Written Exam Topics

Application Note: Onsight Device VPN Configuration V1.1

Wireless VPN White Paper. WIALAN Technologies, Inc.

Fast Lane México presenta su calendario de cursos:

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Enable VPN PPTP Server Function

How To Pass A Credit Course At Florida State College At Jacksonville

Objectives. Background. Required Resources. CCNA Security

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. Kapil.Kumar@relianceinfo.com

SLIP and PPP. Gursharan Singh Tatla

Module 10: Supporting Remote Users

Lecture 3. WPA and i

CCNA Security 2.0 Scope and Sequence

REMOTE ACCESS VPN NETWORK DIAGRAM

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Policy Management: The Avenda Approach To An Essential Network Service

Network Access Control and Cloud Security

VPN. Date: 4/15/2004 By: Heena Patel

Cisco Certified Security Professional (CCSP)

x900 Switch Access Requestor

Cisco VPN Concentrator Implementation Guide

NAC Guest. Lab Exercises

Lab Developing ACLs to Implement Firewall Rule Sets

Professional Profile Company Experience & Biography SixNet Consulting Group .SixNetConsulting

Designing a Windows Server 2008 Network Infrastructure

PRACTICE WAY TO TEACHING OF NETWORK SECURITY ONE YEAR AFTER. Used devices and their topology. JAROSLAV DOČKAL, PhD 1

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

The Trivial Cisco IP Phones Compromise

VPN PPTP Application. Installation Guide

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

CCNA Security v1.0 Scope and Sequence

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

- The PIX OS Command-Line Interface -

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Using IEEE 802.1x to Enhance Network Security

Intranet Security Solution

CTS2134 Introduction to Networking. Module Network Security

Configuring RADIUS Dial Up with Livingston Server Authentication

Skills Assessment Student Training Exam

Lab Configuring Access Policies and DMZ Settings

Guidelines for Placing ACS in the Network

1.1.1 Security The integrated model will provide the following capabilities:

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

Executive Summary and Purpose

Scenario: IPsec Remote-Access VPN Configuration

Table of Contents. Cisco Configuring the PPPoE Client on a Cisco Secure PIX Firewall

Transcription:

Network Security 1 Module 4 Trust and Identity Technology 1

Learning Objectives 4.1 AAA 4.2 Authentication Technologies 4.3 Identity Based Networking Services (IBNS) 4.4 Network Admission Control (NAC) 2

Module 1 Trust and Identity Technology 4.1 AAA 3

AAA Model Network Security Architecture Authentication Who are you? I am user student and my password validateme proves it. Authorization What can you do? What can you access? I can access host 2000_Server with Telnet. Accounting What did you do? How long did you do it? How often did you do it? I accessed host 2000_Server with Telnet 15 times. 4

Implementing Cisco AAA Remote client (SLIP, PPP, ARAP) NAS Cisco Secure ACS PSTN/ISDN Remote client (Cisco VPN Client) Console Corporate file server Internet Router Cisco Secure ACS appliance Administrative access Console,Telnet, and Aux access Remote user network access Async, group-async, BRI, and serial (PRI) access 5

Implementing AAA Using Local Services Remote client 1 Perimeter router 2 3 1. The client establishes connection with the router. 2. The router prompts the user for their username and password. 3. The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database. 6

Implementing AAA Using External Servers 1 Perimeter router 2 Cisco Secure ACS 3 Remote client 4 Cisco Secure ACS appliance 1. The client establishes a connection with the router. 2. The router communicates with the Cisco Secure ACS (server or appliance). 3. The Cisco Secure ACS prompts the user for their username and password. 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the network based on information found in the Cisco Secure ACS database. 7

The TACACS+ and RADIUS AAA Protocols Two different protocols are used to communicate between the AAA security servers and a router, NAS, or firewall. Cisco Secure ACS supports both TACACS+ and RADIUS: TACACS+ remains more secure than RADIUS. RADIUS has a robust API and strong accounting. Security server Cisco Secure ACS TACACS+ RADIUS Firewall Router Network access server 8

Module 1 Trust and Identity Technology 4.2 Authentication Technologies 9

Authentication Methods 10

Authentication Remote PC Username and Password 11

Authentication One-Time Passwords, S/Key List of one-time passwords Generated by S/Key program hash function Sent in clear text over network Server must support S/Key 308202A8 30820211 A0030201 02020438 0500301B 310B3009 06035504 06130255 1E170D39 39313032 32313730 3634375A C84DFBC0 4C7BD4B1 F79FC2ED 30A02EA4 308202A8 30820211 A0030201 02020438 0500301B 310B3009 06035504 06130255 1E170D39 39313032 32313730 3634375A C84DFBC0 4C7BD4B1 F79FC2ED 30A02EA4 Security server supports S/Key S/Key passwords Workstation S/Key password (clear text) 12

Authentication Token Cards and Servers 1. 2. 3. (OTP) 4. Cisco Secure ACS Token server 13

AAA Example Authentication Via PPP Link TCP/IP and PPP client PPP PSTN or ISDN PPP Network access server PAP Password Authentication Protocol Clear text, repeated password Subject to eavesdropping and replay attacks CHAP Challenge Handshake Authentication Protocol Secret password, per remote user Challenge sent on link (random number) Challenge can be repeated periodically to prevent session hijacking The CHAP response is an MD5 hash of (challenge + secret) provides authentication Robust against sniffing and replay attacks MS-CHAP Microsoft CHAP v1 (supported in IOS > 11.3) and v1 or v2 (supported in IOS > 12.2) 14

Module 1 Trust and Identity Technology 4.3 Identity Based Networking Services (IBNS) 15

Identity Based Network Services Unified Control of User Identity for the Enterprise Cisco VPN Concentrators, Cisco IOS Routers, PIX Firewalls Cisco Secure ACS OTP Server Hard and Soft Tokens Firewall Router Internet Remote Offices VPN Clients 16

Identity Based Networking Services Features and Benefits: Intelligent adaptability for offering greater flexibility and mobility to stratified users A combination of authentication, access control, and user policies to secure network connectivity and resources User productivity gains and reduced operating costs 17

802.1x Components 18

802.1x End User (client) Catalyst 2950 (switch) Authentication Server (RADIUS) 19

802.1x Benefits Feature Benefit 802.1x Authenticator Support Enables interaction between the supplicant component on workstations and application of appropriate policy. MAC Address Authentication Default Authorization Policy Multiple DHCP Pools Adds support for devices such as IP phones that do not presently include 802.1x supplicant support. Permits access for unauthenticated devices to basic network service. Authenticated users can be assigned IP addresses from a different IP range than unauthenticated users, allowing network traffic policy application by address range. 20

802.1x Wireless LAN Example Access Point Catalyst 2950 (switch) Authentication Server (RADIUS) 21

Module 1 Trust and Identity Technology 4.4 Network Admission Control (NAC) 22

NAC Components 23

NAC Vendor Participation 24

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information