Transcript Chapter 13

Authentication and Access Control
Chapter 13
Networking Essentials
Spring, 2013
Security Filtering
Access Control Lists (ACLs)

Primary weapon of a _______

Determines which _____ are allowed in and
which _____ can be used

Four conditions on page 427 – why?
Security Filtering
Tunneling – used when you want to…
Examples of tunneling protocols (p. 428)





Virtual Private Network (VPN)
Remote access VPN (hint on p. 429 – top)
Site-to-site VPN – like LT (SC – NC)
Extranet VPN - why would you do this?
SSL
Developed by _________
______ Layer of the OSI Model
Public key encryption
HTTPS uses SSL to encrypt data (padlock)
Evolved with other protocols to become
________ , a Transport Layer protocol
L2TP
Stands for _________________________
Developed by ______
Because it’s at Layer 2, it is not bound by IP
and can be used with _____ and ______.
PPTP
Stands for __________________________
Occurs at the _______ Layer of the OSI
Model
Not popular any more because…
Read Note on bottom of 430
IPSec
Developed specifically by ____ for _____
Works at the ______ Layer of OSI Model
Note on page 431
Transport mode – encrypts ____
Tunnel mode – encrypts ______
Encryption
Private Encryption Keys (symmetric)
Sender and receiver use same key to
encrypt/decrypt data
 DES the first well-known standard (____ bit)
 3DES (more secure - _____ bits)
 AES (____, _____, or _____ bits)

Public Key Encryption

How does it work?
Other Algorithms
RSA – used by ________
PGP - problem with government 
Remote Access Technologies
RAS – developed by _______
RDP – been there, done that (128 bit)
PPP – _____ commonly use them for
authentication
PPPoE – encapsulating PPP frames within
Ethernet frames
VNC – platform independent, but not secure
ICA – WinFrame, which is cool, but slow
Network Resource-Sharing
Security Models
Share Level
You assign passwords to files and other
resources (i.e. – printers)
 All resources visible, but not accessible (why is
this a problem?)

User Level
You assign users rights to files and resources
 Only they can see, access resources

Managing Accounts
When an employee leaves an organization
Leave the account alone
 Delete the account
 Disable the account
 Which is best?

Anonymous accounts
Sometimes you need ‘em – why?
 Warning on bottom of 441

Limiting Connections for a User
Why is this a bad idea?
Why is this a good idea?
Renaming the Administrator account – why?
Managing Passwords
Minimum Length (at least ____, but less
than _____)
What NOT to choose as a password…
Use of special characters
Password Management Features
Automatic lockouts – why?
Password expiration – why? How often?
Password history – how many?
Password change – how often?
User Authentication Methods
PKI – CA is used to verify user’s identity
Kerberos
created at ____
 Issues tickets

Authentication, Authorization,
and Accounting
RADIUS


Used often for _______ users
Note on page 449
TACACS+

Different from RADIUS – how?
NAC – used in wireless setting to authenticate
__________
More User Authentication (link)
CHAP
MS-CHAP
MS-CHAP v2
EAP –used for _____ and ______ forms of
authentication
‘saboudit