CHAPTER SUMMARY

This chapter focused on the technologies and security considerations of remote access solutions. There are many security risks associated with these implementations, which can be addressed with the right protocols and access controls. Employing the AAA framework can help ensure a network is configured to support the chosen protocols appropriately. Using these capabilities will create access control solutions to make an organization more secure and productive for all remote workers.

The appropriate solution, such as RADIUS or TACACS+, depends on the risk associated within the environment. You must identify the needs and requirements of your organization and compare them against available protocols to choose the best solution for your environment.

KEY CONCEPTS AND TERMS

802.1x

Accounting

Authentication, Authorization, and Accounting (AAA)

Authentication Header (AH)

Authentication server

Authenticator

Challenge Handshake Authentication Protocol (CHAP)

EAP with Flexible Authentication via Secure Tunneling (EAP-FAST)

EAP with Message Digest 5 (EAP-MD5)

EAP with Transport Layer Security (EAP-TLS)

EAP with Tunneled Transport Layer Security (EAP-TTLS)

Encapsulating Security Payload (ESP)

Extended TACACS (XTACACS)

Extensible Authentication Protocol (EAP)

Generic Routing Encapsulation (GRE)

Internet Key Exchange (IKE)

Internet Protocol Security (IPSec)

Internet Security Association and Key Management Protocol (ISAKMP)

Layer 2 Tunneling Protocol (L2TP)

Lightweight Directory Access Protocol (LDAP)

Lightweight EAP (LEAP)

MS-CHAP

Network access server (NAS)

OAKLEY

Password Authentication Protocol (PAP)

Point-to-Point Protocol (PPP)

Point-to-Point Tunneling Protocol (PPTP)

Protected EAP (PEAP)

Remote access server (RAS)

Remote Authentication Dial In User Service (RADIUS)

Security association (SA)

Supplicant

Terminal Access Controller Access Control System (TACACS)

Terminal Access Controller Access Control System Plus (TACACS+)

Transport Layer Security (TLS)

CHAPTER 10 ASSESSMENT

  1. RADIUS uses TCP.
    1. True
    2. False
  2. AAA stands for _____.
  3. Which of the following best describes the act of verifying that users are who they say they are?
    1. Identification
    2. Authentication
    3. Authorization
    4. Auditing
  4. Which of the following are authentication protocols used with PPP? (Select three.)
    1. CHES
    2. CHAP
    3. EAP
    4. MAP
    5. PAP
  5. TACACS+ encrypts the entire data packet.
    1. True
    2. False
  6. What portion of TACACS+ provides AAA capabilities?
    1. NAS
    2. Client
    3. TACACS+ daemon
    4. XTACACS
  7. What are examples of web authentication? (Select three.)
    1. Knowledge-based authentication
    2. Identification
    3. Certificates
    4. User ID/password
    5. Remote access server
  8. Which one of the following authentication types requires the use of client-side certificates?
    1. EAP-MD5
    2. EAP-TLS
    3. PEAP
    4. EAP-FAST
  9. Cisco developed the TACACS+ and XTACACS protocols.
    1. True
    2. False
  10. Which of the following is used to validate the communications between a RADIUS server and a RADIUS client?
    1. NAS
    2. TACACS daemon
    3. RAS
    4. Shared secret
  11. PAP is a _____ handshake.
  12. CHAP is a _____ handshake.
  13. What is a program that runs in the background?
    1. RAS
    2. Encryption
    3. Daemon
    4. PAP
  14. What is the de facto standard for IPSec key exchange?
    1. OAKLEY
    2. IKE
    3. ISAKMP
    4. RADIUS
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset