2.2 - Authentication Methods Flashcards

Question 1

Q

RADIUS (Remote Authentication Dial-in User Service)

Answer

A

One of the more common AAA protocols
– Supported on a wide variety of platforms and devices
– Not just for dial-in
Centralize authentication for users
– Routers, switches, firewalls
– Server authentication
– Remote VPN access
– 802.1X network access
RADIUS services available on almost any server
operating system

Question 2

Q

TACACS

Answer

A

Terminal Access Controller
– Access-Control System
– Remote authentication protocol
– Created to control access to dial-up lines to ARPANET
TACACS+
– The latest version of TACACS
– More authentication requests and response codes
– Released as an open standard in 1993

Question 3

Q

Kerberos

Answer

A

Network authentication protocol
– Authenticate once, trusted by the system
– No need to re-authenticate to everything
– Mutual authentication - the client and the server
– Protect against on-path or replay attacks
Standard since the 1980s
– Developed by the Massachusetts Institute of
Technology (MIT)
Microsoft starting using Kerberos in Windows 2000
– Based on Kerberos 5.0 open standard
– Compatible with other operating systems and devices

Question 4

Q

SSO with Kerberos

Answer

A

Authenticate one time
– Lots of backend ticketing
– Cryptographic tickets
No constant username and password input!
– Save time
Only works with Kerberos
– Not everything is Kerberos-friendly
There are many other SSO methods
– Smart-cards, SAML, etc.
Which method to use?
Many different ways to communicate to an
authentication server
– More than a simple login process
Often determined by what is at hand
– VPN concentrator can talk to a RADIUS server
– We have a RADIUS server
TACACS+
– Probably a Cisco device
Kerberos - Probably a Microsoft network

Question 5

Q

Multi-factor authentication

Answer

A

(5 cards)