Đang tải... (xem toàn văn)
The contents are presented in chapter 7: Define authentication, authentication credentials, authentication models, authentication servers, extended authentication protocols, Virtual Private Network (VPN). Inviting you to refer.
Authentication Objectives v Define authentication v Authentication credentials v Authentication models v Authentication servers v Extended authentication protocols v Virtual Private Network (VPN) Password-Guessing Attacks Surge v Slow guessing and botnets conceal the attacks v Countermeasures v Strong password policy, restricting access to server by source IP, two-factor authentication Definition of Authentication v Authentication can be defined in two contexts v The first is viewing authentication as it relates to access control v The second is to look at it as one of the three key elements of security: v Authentication v Authorization v Accounting Authentication & Access Control Terminology v Access control is the process by which resources or services are granted or denied v Identification v The presentation of credentials or identification v Authentication v The verification of the credentials to ensure that they are genuine and not fabricated v Authorization v Granting permission for admittance v Access is the right to use specific resources Authentication, Authorization, and Accounting v Short term: AAA v Authentication in AAA provides a way of identifying a user v Typically with a password v Authorization determines whether the user has the authority to carry out certain tasks v The process of enforcing policies v Accounting measures the resources a user “consumes” during each network session Uses of Accounting DATA v To find evidence of problems v For billing v For planning v AAA servers v Servers dedicated to performing AAA functions v Can provide significant advantages in a network Objectives v Define authentication v Authentication credentials v Authentication models v Authentication servers v Extended authentication protocols v Virtual Private Network (VPN) Authentication Credentials v Credentials are something you have, something you are, or something you know v Types of authentication credentials v Passwords v One-time passwords v Standard biometrics v Behavioral biometrics v Cognitive biometrics One-Time Passwords v Standard passwords are typically static in nature v One-time passwords (OTP) v Dynamic passwords that change frequently v Systems using OTPs generate a unique password on demand that is not reusable v The most common type is a time-synchronized OTP v Used in conjunction with a token v The token and a corresponding authentication server share the same algorithm v Each algorithm is different for each user’s token Extended Authentication Protocols (EAP) v In IEEE 802.1x, EAP is the "envelope" that carries data used for authentication v Three EAP protocol categories: v Authentication legacy protocols v EAP weak protocols v EAP strong protocols Extended Authentication Protocols (EAP) Authentication Legacy Protocols v No longer extensively used for authentication v Password Authentication Protocol (PAP) v Sends passwords in the clear v Challenge-Handshake Authentication Protocol (CHAP) v Safer than PAP, but vulnerable v Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) EAP Weak Protocols v Still used but have security vulnerabilities v Extended Authentication Protocol–MD5 (EAP-MD5) v Vulnerable to offline dictionary attacks v Lightweight EAP (LEAP) v Also vulnerable to offline dictionary attacks v Can be cracked faster than WEP EAP Strong Protocols v EAP with Transport Layer Security (EAP-TLS) v Uses certificates for both client and server v Used in large Windows networks v EAP with Tunneled TLS (EAP-TTLS) and Protected EAP (PEAP) v No client-side certificate v Easier to implement than EAP-TLS Objectives v Define authentication v Authentication credentials v Authentication models v Authentication servers v Extended authentication protocols v Virtual Private Network (VPN) Remote Authentication and Security v Important to maintain communications strong security for remote v Transmissions are routed through networks or devices that the organization does not manage and secure v Managing remote authentication and security usually includes: v Using remote access services v Installing a virtual private network v Maintaining a consistent remote access policy Remote Access Services (RAS) v Any combination of hardware and software that enables access to remote users to a local internal network v Provides remote users with the same access and functionality as local users Virtual Private Networks (VPNs) v One of the most common types of RAS v Uses an unsecured public network, such as the Internet, as if it were a secure private network v Encrypts all data that is transmitted between the remote device and the network v Common types of VPNs v Remote-access VPN or virtual private dial-up network (VPDN) v Site-to-site VPN Virtual Private Networks (VPNs) Virtual Private Networks (VPNs) v VPN transmissions are achieved through communicating with endpoints v Endpoint v End of the tunnel between VPN devices v VPN concentrator v Aggregates hundreds or thousands of multiple connections v Depending upon the type of endpoint that is being used, client software may be required on the devices that are connecting to the VPN Virtual Private Networks (VPNs) v VPNs can be software-based or hardware-based v Software-based VPNs offer the most flexibility in how network traffic is managed v Hardware-based VPNs generally tunnel all traffic they handle regardless of the protocol v Generally, software based VPNs not have as good performance or security as a hardware-based VPN VPN Advantages v Cost savings (no long-distance phone call) v Scalability (easy to add more users) v Full protection (all traffic is encrypted) v Speed (faster than direct dial-up) v Transparency (invisible to the user) v Authentication (only authorized users can connect) v Industry standards VPN Disadvantages v Management v Availability and performance v Interoperability v Additional protocols v Performance impact v Expense Remote Access Policies v Establishing strong remote access policies is important v Some recommendations for remote access policies: v Remote access policies should be consistent for all users v Remote access should be the responsibility of the IT department v Form a working group and create a standard that all departments will agree to ... Define authentication v Authentication credentials v Authentication models v Authentication servers v Extended authentication protocols v Virtual Private Network (VPN) Single and multi-factor authentication. .. authentication v One-factor authentication v Using only one authentication credential, such as a password v Two-factor authentication v Enhances security, particularly if different types authentication. .. Define authentication v Authentication credentials v Authentication models v Authentication servers v Extended authentication protocols v Virtual Private Network (VPN) Authentication Servers v Authentication