Chapter 13

Authentication and Access Control
Chapter 13
Networking Essentials
Spring, 2013
Security Filtering
Access Control Lists (ACLs)
Primary weapon of a _______
Determines which _____ are allowed in and
which _____ can be used
Four conditions on page 427 – why?
Security Filtering
Tunneling – used when you want to…
Examples of tunneling protocols (p. 428)
Virtual Private Network (VPN)
Remote access VPN (hint on p. 429 – top)
Site-to-site VPN – like LT (SC – NC)
Extranet VPN - why would you do this?
Developed by _________
______ Layer of the OSI Model
Public key encryption
HTTPS uses SSL to encrypt data (padlock)
Evolved with other protocols to become
________ , a Transport Layer protocol
Stands for _________________________
Developed by ______
Because it’s at Layer 2, it is not bound by IP
and can be used with _____ and ______.
Stands for __________________________
Occurs at the _______ Layer of the OSI
Not popular any more because…
Read Note on bottom of 430
Developed specifically by ____ for _____
Works at the ______ Layer of OSI Model
Note on page 431
Transport mode – encrypts ____
Tunnel mode – encrypts ______
Private Encryption Keys (symmetric)
Sender and receiver use same key to
encrypt/decrypt data
 DES the first well-known standard (____ bit)
 3DES (more secure - _____ bits)
 AES (____, _____, or _____ bits)
Public Key Encryption
How does it work?
Other Algorithms
RSA – used by ________
PGP - problem with government 
Remote Access Technologies
RAS – developed by _______
RDP – been there, done that (128 bit)
PPP – _____ commonly use them for
PPPoE – encapsulating PPP frames within
Ethernet frames
VNC – platform independent, but not secure
ICA – WinFrame, which is cool, but slow
Network Resource-Sharing
Security Models
Share Level
You assign passwords to files and other
resources (i.e. – printers)
 All resources visible, but not accessible (why is
this a problem?)
User Level
You assign users rights to files and resources
 Only they can see, access resources
Managing Accounts
When an employee leaves an organization
Leave the account alone
 Delete the account
 Disable the account
 Which is best?
Anonymous accounts
Sometimes you need ‘em – why?
 Warning on bottom of 441
Limiting Connections for a User
Why is this a bad idea?
Why is this a good idea?
Renaming the Administrator account – why?
Managing Passwords
Minimum Length (at least ____, but less
than _____)
What NOT to choose as a password…
Use of special characters
Password Management Features
Automatic lockouts – why?
Password expiration – why? How often?
Password history – how many?
Password change – how often?
User Authentication Methods
PKI – CA is used to verify user’s identity
created at ____
 Issues tickets
Authentication, Authorization,
and Accounting
Used often for _______ users
Note on page 449
Different from RADIUS – how?
NAC – used in wireless setting to authenticate
More User Authentication (link)
EAP –used for _____ and ______ forms of