This chapter focused on the technologies and security considerations of remote access solutions. There are many security risks associated with these implementations, which can be addressed with the right protocols and access controls. Employing the AAA framework can help ensure a network is configured to support the chosen protocols appropriately. Using these capabilities will create access control solutions to make an organization more secure and productive for all remote workers.
The appropriate solution, such as RADIUS or TACACS+, depends on the risk associated within the environment. You must identify the needs and requirements of your organization and compare them against available protocols to choose the best solution for your environment.
Authentication, Authorization, and Accounting (AAA)
Challenge Handshake Authentication Protocol (CHAP)
EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)
EAP with Message Digest 5 (EAP-MD5)
EAP with Transport Layer Security (EAP-TLS)
EAP with Tunneled Transport Layer Security (EAP-TTLS)
Encapsulating Security Payload (ESP)
Extensible Authentication Protocol (EAP)
Generic Routing Encapsulation (GRE)
Internet Protocol Security (IPSec)
Internet Security Association and Key Management Protocol (ISAKMP)
Layer 2 Tunneling Protocol (L2TP)
Lightweight Directory Access Protocol (LDAP)
Password Authentication Protocol (PAP)
Point-to-Point Tunneling Protocol (PPTP)
Remote Authentication Dial In User Service (RADIUS)
Terminal Access Controller Access Control System (TACACS)
Terminal Access Controller Access Control System Plus (TACACS+)