Authenticating RAS Clients *

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

AAA protocols provide ____, ____, and ____.

AAA protocols provide authentication, authorization, and accounting. TACACS + uses multiple challenges and responses during a session.

____ tracks user access with logs.

Accounting

_____ is sometimes referred to as an AAA protocol, but it does not provide any accounting services.

Kerberos

___ implementation of CHAP, which is used only by Microsoft clients.

MS-CHAP

What does XTACACS for?

Means Extended TACACS

What does MS-CHAP stand for?

Microsoft Challenge Handshake Authentication Protocol

How does mutual authentication reduce risks?

Mutual authentication provides assurances of the server's identity <b>before</b> the client transmits data. It reduces the risk of a client sending sensitive data to a rogue server.

Is PPP more secure than CHAP?

No. Challenge Handshake Authentication Protocol (CHAP) uses PPP and authenticates remote users, but it is more secure than PAP.

What is a nonce?

Number Used Once

PAP authentication uses a ___ or a PIN.

PAP authentication uses a password or a PIN.

Challenge Handshake Authentication Protocol (CHAP) uses ___ (a protocol) and authenticates remote users.

PPP

What does PAP stand for?

Password Authentication Protocol

What does PPP stand for?

Point-to-Point Protocol

Password Authentication Protocol (PAP) is used with ____ (a protocol) to authenticate clients.

Point-to-Point Protocol (PPP) PPP was primarily used with dial-up connections. PPP replaced Serial Line Interface Protocol (SLIP) as a more efficient method of connecting to remote servers such as Internet Service Providers (ISPs).

TACACS + is the Cisco alternative to_____ and is a recommended replacement for XTACACS.

RADIUS

____ (Radius, TACACS+) only encrypts the password, whereas ___ encrypts the entire authentication process.

RADIUS (UDP) TACACS+ (TCP)

____ and ____ are both considered AAA protocols because they provide all three services (authentication, authorization and accounting). They authenticate users who attempt remote access, determine if the user is authorized for remote access by checking a database, and then record the user's activity.

RADIUS and TACACS+

What does RAS stand for?

Remote Access Service

What is RAS?

Remote Access Service (RAS) provides access to an internal network from an outside source. Clients access a RAS server via either dial-up or a virtual private network (VPN). A VPN allows a client to access a private network over a public network, such as the Internet. Remote access methods are useful for personnel who need access to the private network from remote locations. This includes users who travel frequently and telecommuters who work from home. However, no matter which remote access method you use, you still need to ensure that only authorized clients can access the network remotely.

What does RADIUS stand for?

Remote Authentication Dial-In User Service

What is RADIUS?

Remote Authentication Dial-In User Service (RADIUS) is a centralized authentication service. Instead of each individual RAS server needing a separate database to identify who can authenticate, authentication requests are forwarded to a central RADIUS server. Think AOL.

In CHAP the nonce is provided by the ____.

The server

Why is RADIUS beneficial?

Think AOL. It alleviates the database of user's to be replicated to each RAS server in the company.

Microsoft Active Directory uses Kerberos for <b>authentication</b>. (True or False)

True

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is an improvement over CHAP for Microsoft clients. (True or False)

True

Organizations can use TACACS + as an <b>authentication</b> service for network devices. (True or False)

True

PAP, CHAP, MS-CHAP, RADIUS, DIAMETER, XTACACS, TACACS+, AAA Protocols different <b>authentication</b> mechanisms you can use with RAS. (True or False)

True

RADIUS only encrypts the password; not the entire process. (True or False)

True

The centralized RADIUS server is configured with a shared secret (similar to a password) to the other servers in different cities. (True or False)

True

You can use TACACS+ to authenticate users to a network device <b>before</b> they are able to access a configuration page for a router or a switch. (True or False)

True As a reminder, Microsoft Active Directory uses Kerberos for authentication. Organizations also use TACACS + as an authentication service for network devices. In other words, you can use it to authenticate users before they are able to access a configuration page for a router or a switch. The network devices must be TACACS + enabled, and a TACACS + server provides the authentication services.

RADIUS uses (UDP or TCP).

UDP

RADIUS uses the ______ (protocol), which uses a best-effort delivery mechanism.

User Datagram Protocol (UDP)

MS-CHAP supported clients as old as ____ (looking for Windows version).

Windows 95

____ verifies a user's identification.

Authentication

_____ determines if a user should have access.

Authorization

The goal of ____ (a protocol) is to allow the client to pass credentials over a public network (such as a phone or the Internet) without allowing attackers to intercept the data and later use it in an attack. The client hashes a secret after combining it with a nonce (number used once) provided by the server. This handshake process is used when the client initially tries to connect to the server, and at different times during the connection. The client and server <b>both</b> know a shared secret (similar to a password) used in the authentication process. However, the client doesn't send the shared secret over the network in plaintext as PAP does. Instead, the <b>client hashes it after combining it with a nonce (number used once) provided by the server<b>. This handshake process is used when the client initially tries to connect to the server, and at different times during the connection.

CHAP

____ (PAP, PPP, or CHAP) uses a handshake process where the server challenges the client. The client then responds with appropriate authentication information.

CHAP

What does CHAP stand for? What is it associated with?

Challenge Handshake Authentication Protocol RAS Clients

Extended TACACS (XTACACS) is an older ____ (looking for company) proprietary authentication protocol that is rarely used today.

Cisco

_____ is an <b>extension</b> of RADIUS and many organizations have switched to **** as a replacement for RADIUS due to its extra capabilities.

Diameter

One significant improvement of Diameter over Radius is the support of the ____ (protocol) and ____ (protocol), which significantly enhances the security of Diameter.

EAP and TCP

What does EAP stand for?

Extensible Authentication Protocol

TACACS + is proprietary to Cisco, it cannot interact with Kerberos or Active Directory. (True or False)

False Although TACACS + is proprietary to Cisco, it can interact with Kerberos. This allows a Cisco RAS server (or VPN concentrator) to interact in a Microsoft Active Directory environment.

RADIUS uses multiple challenges and responses between the client and the server. (True or False)

False TACACS + uses multiple challenges and responses between the client and the server.

TACACS + provides two important security benefits over RADIUS. Name them.

First, it encrypts the entire authentication process, whereas RADIUS encrypts only the password. Second, TACACS + uses multiple challenges and responses between the client and the server.

What does SLIP stand for?

Serial Line Interface Protocol

The biggest weakness of PAP is _____.

Sniffing Attacks

DIAMETER uses (UDP or TCP).

TCP

TACACS+ uses (UDP or TCP).

TCP

User Datagram Protocol (UDP) uses a best-effort delivery mechanism. TACACS+ uses ____ (protocol) that provides guaranteed delivery.

TCP

Diameter adds several other commands beyond the capabilities of RADIUS. Diameter uses ___ (protocol) instead of UDP used by RADIUS.

TCP In geometry, the diameter of a circle is a straight line between the two edges of a circle, whereas the radius is a straight line from the center to an edge. In other words, the diameter of a circle is twice as long as the radius. The designers considered this when naming Diameter to indicate indirectly that it is twice as good as RADIUS.

What does TACACS+ stand for?

Terminal Access Controller Access-Control System Plus

Most organizations use either RADIUS, Diameter, or TACACS +, instead of ____.

XTACACS

A significant improvement of MS-CHAPv2 over MS-CHAP is the ability to perform ______.

mutual authentication

In _____, not only does the client authenticate to the server, but the server also authenticates to the client.

mutual authentication

In addition to using TACACS + for remote access, you can also use it for authentication with ___ and ___.

routers and other network devices.


Ensembles d'études connexes

integrated physics and chemistry

View Set

NURS 3334 Practice Questions Exam 5

View Set

Ortografía: Uso de la "B" y de la "V".

View Set

Prep U: Taylor Ch. 39- Fluid, Electrolyte, and Acid-Base Balance

View Set

Fluid & Electrolyte Review Questions

View Set