Network Security 1. Module 4 Trust and Identity Technology. Ola Lundh 070 69 86596 ola.lundh@edu.falkenberg.se



Similar documents
Network Security 1 Module 4 Trust and Identity Technology

Remote Access Security

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD SEGURIDAD EN REDES. NIVEL I. VERSION 2.0

Network Security and AAA

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Cisco Secure Access Control Server Deployment Guide

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

CISCO IOS NETWORK SECURITY (IINS)

Interlink Networks RAD-Series AAA Server and RSA Security Two-Factor Authentication

Establishing two-factor authentication with Check Point and HOTPin authentication server from Celestix Networks

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Using LiveAction with Cisco Secure ACS (TACACS+ Server)

Cisco Secure Access Control Server 4.2 for Windows

ActivIdentity 4TRESS AAA Web Tokens and SSL VPN Fortinet Secure Access. Integration Handbook

ESET SECURE AUTHENTICATION. Cisco ASA Internet Protocol Security (IPSec) VPN Integration Guide

Mechanics of User Identification and Authentication

7.1. Remote Access Connection

RSA SecurID Ready Implementation Guide

Configuring Access Service Security

Rule 4-004G Payment Card Industry (PCI) Remote and Mobile Access Security (proposed)

Guidelines for Placing ACS in the Network

Security Threats VPNs and IPSec AAA and Security Servers PIX and IOS Router Firewalls. Intrusion Detection Systems

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

VPN s and Mobile Apps for Security Camera Systems: EyeSpyF-Xpert

SAS3 INSTALLATION MANUAL SNONO SYSTEMS 2015

AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION

ESET SECURE AUTHENTICATION. Cisco ASA SSL VPN Integration Guide

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

How To Pass A Credit Course At Florida State College At Jacksonville

Chapter 10 Security Protocols of the Data Link Layer

This chapter covers the following topics: Network admission control overview NAC Framework benefits NAC Framework components Operational overview

Domain 6.0: Network Security

Raptor Firewall Products

Check Point FW-1/VPN-1 NG/FP3

L2F Case Study Overview

TABLE OF CONTENTS NETWORK SECURITY 1...1

Network Access Control and Cloud Security

Product Summary RADIUS Servers

Borderware MXtreme. Secure Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

External authentication with Fortinet Fortigate UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Enhanced Password Security - Phase I

ASA and Native L2TP IPSec Android Client Configuration Example

Application Note: Onsight Device VPN Configuration V1.1

Extreme Networks Security Log Manager Administration Guide

Authentication, Authorization and Accounting (AAA) Protocols

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Common Remote Service Platform (crsp) Security Concept

Two-factor Authentication: A Tokenless Approach

Cisco ASA. Implementation Guide. (Version 5.4) Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

freeradius A High Performance, Open Source, Pluggable, Scalable (but somewhat complex) RADIUS Server Aurélien Geron, Wifirst, January 7th 2011

Fundamental Principles of Network Security

Configuring RADIUS Dial Up with Livingston Server Authentication

Cisco Secure Control Access System 5.8

Fundamental Principles of Network Security

RSA SecurID Ready Implementation Guide

Lecture 3. WPA and i

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

Information Security Basic Concepts

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

Exam Topics in This Chapter

Executive Summary. This white paper includes the following sections: A.What Does 802.1x Do? B. An Overview of the 802.1x Standard

Securing Cisco Network Devices (SND)

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

A brief on Two-Factor Authentication

Security Provider Integration RADIUS Server

Network Access Control and Cloud Security

VPN. Date: 4/15/2004 By: Heena Patel

Table of Contents. Cisco Configuring the PPPoE Client on a Cisco Secure PIX Firewall

How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Securing Networks with PIX and ASA

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

External Authentication with Citrix Access Gateway Advanced Edition

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

CCNA Security. Chapter Three Authentication, Authorization, and Accounting Cisco Learning Institute.

Firewalls and Virtual Private Networks

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Authenticating a Lucent Portmaster 3 with Microsoft IAS and Active Directory

Developing Network Security Strategies

(d-5273) CCIE Security v3.0 Written Exam Topics

Enhanced Password Security - Phase I

Defender EAP Agent Installation and Configuration Guide

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

RADIUS Vendor-Specific Attributes (VSA)

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Digipass Plug-In for IAS troubleshooting guide. Creation date: 15/03/2007 Last Review: 24/09/2007 Revision number: 3

WLAN Security: Identifying Client and AP Security

FUNDAMENTALS OF REMOTE ACCESS

Replacing legacy twofactor. with YubiRADIUS for corporate remote access. How to Guide

ProtectID. for Financial Services

YubiRADIUS Deployment Guide for corporate remote access. How to Guide

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

Transcription:

Network Security 1 Module 4 Trust and Identity Technology

Module 1 Trust and Identity Technology 4.1 AAA

AAA Model Network Security Architecture Authentication Who are you? I am user student and my password validateme proves it. Authorization What can you do? What can you access? I can access host 2000_Server with Telnet. Accounting What did you do? How long did you do it? How often did you do it? I accessed host 2000_Server with Telnet 15 times.

Implementing AAA Using Local Services Remote client 1 Perimeter router 2 3 1. The client establishes connection with the router. 2. The router prompts the user for their username and password. 3. The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database.

Implementing AAA Using External Servers 1 Perimeter router 2 Cisco Secure ACS 3 Remote client 4 Cisco Secure ACS appliance 1. The client establishes a connection with the router. 2. The router communicates with the Cisco Secure ACS (server or appliance). 3. The Cisco Secure ACS prompts the user for their username and password. 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the network based on information found in the Cisco Secure ACS database.

The TACACS+ and RADIUS AAA Protocols Two different protocols are used to communicate between the AAA security servers and a router, NAS, or firewall. Cisco Secure ACS supports both TACACS+ and RADIUS: TACACS+ remains more secure than RADIUS. RADIUS has a robust API and strong accounting. Security server Cisco Secure ACS TACACS+ RADIUS Firewall Router Network access server

The TACACS+ and RADIUS AAA Protocols

Module 1 Trust and Identity Technology 4.2 Authentication Technologies

Authentication One-Time Passwords, S/Key List of one-time passwords Generated by S/Key program hash function Sent in clear text over network Server must support S/Key 308202A8 30820211 A0030201 02020438 0500301B 310B3009 06035504 06130255 1E170D39 39313032 32313730 3634375A C84DFBC0 4C7BD4B1 F79FC2ED 30A02EA4 S/Key passwords Workstation Security server supports S/Key 308202A8 30820211 A0030201 02020438 0500301B 310B3009 06035504 06130255 1E170D39 39313032 32313730 3634375A C84DFBC0 4C7BD4B1 F79FC2ED 30A02EA4 S/Key password (clear text)

Authentication Token Cards and Servers 1. 2. 3. (OTP) 4. Cisco Secure ACS Token server

AAA Example Authentication Via PPP Link TCP/IP and PPP client PPP PSTN or ISDN PPP Network access server PAP Password Authentication Protocol Clear text, repeated password Subject to eavesdropping and replay attacks CHAP Challenge Handshake Authentication Protocol Secret password, per remote user Challenge sent on link (random number) Challenge can be repeated periodically to prevent session hijacking The CHAP response is an MD5 hash of (challenge + secret) provides authentication Robust against sniffing and replay attacks MS-CHAP Microsoft CHAP v1 (supported in IOS > 11.3) and v1 or v2 (supported in IOS > 12.2)

Module 1 Trust and Identity Technology 4.3 Identity Based Networking Services (IBNS)

Identity Based Networking Services Features and Benefits: Intelligent adaptability for offering greater flexibility and mobility to stratified users A combination of authentication, access control, and user policies to secure network connectivity and resources User productivity gains and reduced operating costs

Module 1 Trust and Identity Technology 4.4 Network Admission Control (NAC)

NAC Components

NAC Vendor Participation

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information