Authentication and Access Control Chapter 13 Networking Essentials Spring, 2013 Security Filtering Access Control Lists (ACLs) Primary weapon of a _______ Determines which _____ are allowed in and which _____ can be used Four conditions on page 427 – why? Security Filtering Tunneling – used when you want to… Examples of tunneling protocols (p. 428) Virtual Private Network (VPN) Remote access VPN (hint on p. 429 – top) Site-to-site VPN – like LT (SC – NC) Extranet VPN - why would you do this? SSL Developed by _________ ______ Layer of the OSI Model Public key encryption HTTPS uses SSL to encrypt data (padlock) Evolved with other protocols to become ________ , a Transport Layer protocol L2TP Stands for _________________________ Developed by ______ Because it’s at Layer 2, it is not bound by IP and can be used with _____ and ______. PPTP Stands for __________________________ Occurs at the _______ Layer of the OSI Model Not popular any more because… Read Note on bottom of 430 IPSec Developed specifically by ____ for _____ Works at the ______ Layer of OSI Model Note on page 431 Transport mode – encrypts ____ Tunnel mode – encrypts ______ Encryption Private Encryption Keys (symmetric) Sender and receiver use same key to encrypt/decrypt data DES the first well-known standard (____ bit) 3DES (more secure - _____ bits) AES (____, _____, or _____ bits) Public Key Encryption How does it work? Other Algorithms RSA – used by ________ PGP - problem with government Remote Access Technologies RAS – developed by _______ RDP – been there, done that (128 bit) PPP – _____ commonly use them for authentication PPPoE – encapsulating PPP frames within Ethernet frames VNC – platform independent, but not secure ICA – WinFrame, which is cool, but slow Network Resource-Sharing Security Models Share Level You assign passwords to files and other resources (i.e. – printers) All resources visible, but not accessible (why is this a problem?) User Level You assign users rights to files and resources Only they can see, access resources Managing Accounts When an employee leaves an organization Leave the account alone Delete the account Disable the account Which is best? Anonymous accounts Sometimes you need ‘em – why? Warning on bottom of 441 Limiting Connections for a User Why is this a bad idea? Why is this a good idea? Renaming the Administrator account – why? Managing Passwords Minimum Length (at least ____, but less than _____) What NOT to choose as a password… Use of special characters Password Management Features Automatic lockouts – why? Password expiration – why? How often? Password history – how many? Password change – how often? User Authentication Methods PKI – CA is used to verify user’s identity Kerberos created at ____ Issues tickets Authentication, Authorization, and Accounting RADIUS Used often for _______ users Note on page 449 TACACS+ Different from RADIUS – how? NAC – used in wireless setting to authenticate __________ More User Authentication (link) CHAP MS-CHAP MS-CHAP v2 EAP –used for _____ and ______ forms of authentication ‘saboudit