4.2

Question 1

What does AAA stand for?

Answer 1

Authorization, Authentication and Accounting

Question 2

What are the AAA framework steps to get access to a network device?

Answer 2

1. Identification(usually the username/who we are)
2. Authentication(usually the password/prove who we are)
3. Authorization(based on the identification and authentication, what access do we have?)
4. Accounting(resources used: Login time, data sent and received, logout time)

Question 3

What does RADIUS stand for?

Answer 3

Remote Authentication Dial-in User Service

Question 4

What does RADIUS do?

Answer 4

Its one of more common AAA protocols

Question 5

Whats an example of RADIUS?

Answer 5

centralize authentication for users like routers, switches, firewalls, remote VPN access since RADIUS services are available on almost any server operating system.

Question 6

What does TACACS stand for?

Answer 6

Terminal Access Controller Access-Control System

Question 7

What does TACACS do?

Answer 7

It’s an alternative to RADIUS aremote authentication protocol created to control access to dial-up lines to APRANET.

Question 8

Whats XTACACS?

Answer 8

(Extended TACACS) It’s an additional support for accounting and auditing.

Question 9

Whats TACACS+?

Answer 9

Latest version of TACACS which offers more authentication requests and response codes.

Question 10

What are Kerberos?

Answer 10

They are a network authentication protocol which only authenticates once and once it’s trusted by the entire system, they wont be a need to re-authenticate to everything.

Question 11

What does SSO stand for?

Answer 11

Single Sign-On and it’s part of the kerberos which authenticates one time. This means no constant username and password input to save time. It only works with Kerberos protocols, but not everything is kerberos-friendly.

Question 12

What is LDAP used for?

Answer 12

It’s the protocol for reading and writing directories over an IP network(an organized set of records, like a phone directory(LDAP uses tcp/389 and udp/389)

Question 13

Whats the use of local authentication?

Answer 13

Credentials are stored on the local device(doesnt use a centralized database). Most devices include an initial account. Its difficult to scale local accounts(no centralized administration so everything must be added or changed on all devices) but its useful as a backup.

Question 14

What are certificates used for?

Answer 14

They are used in certificate-based authentications like smart cards(private key is on the card)

Question 15

Whats a PIV card?

Answer 15

(Personal Identity Verification card) It’s a US Federal Government smart card with picture and identification info.

Question 16

Whats a CAC?

Answer 16

(Common Access Card) It is used by US Department of Defense smart card with picture and identification.

Question 17

Whats IEEE 802.1X used for?

Answer 17

To gain access to the network using a certificate that is stored on a device or a separate physical device.

Question 18

What is auditing used for?

Answer 18

With the logged information, we can see how are our resources used or are our systems and applications secure?(Like time-of-day restrictions that we can apply to a lab that nobody uses at 3 am.

Question 19

What is multi-factor authentication?

Answer 19

It's when more than one factor is used to authenticate:
Something you are
something you have
something you know
somewhere you are
something you do

Question 20

Whats an example of something you know?

Answer 20

Password, PIN and pattern

Question 21

Whats an example of something you have?

Answer 21

Smart card, USB token,pseudo random authentication code for hardware or software and SMS to a phone with a code.

Question 22

Whats an example of something you are?

Answer 22

Biometric authentication(Not foolproof)

Question 23

Whats an example of somewhere you are?

Answer 23

Provide a factor based on your location, IP address(works with IPv4 and not so much with IPv6) and mobile device locations services(needs to be able to receive GPS info)

Question 24

Whats an example of something you do?

Answer 24

A personal way of doing things, handwriting analysis, typing technique
(these are very similar to biometrics which means close to something you are)

Question 25

Whats 802.1X?

Answer 25

It’s a port based(physical interfaces not tcp or udp) NAC(Network Access Control) which means clients dont get access until you authenticate. 802.1X uses EAP and RADIUS, but also we need to disable our unused ports and duplicate the MAC address checking.

Question 26

Whats port security?

Answer 26

It prevents unauthorized users from connecting to a switch interface(it will alert or disable the port) which works based on the source MAC address. Each port has its own config.

Question 27

How does port security work?

Answer 27

1. Configure a maximum number of source MAC addresses on an interface.
2. The switch monitors the number of unique MAC addresses.
3. Once you exceed the maximum, port security activities.

Question 28

Whats MAC filtering?

Answer 28

(Media Access Control) It’s the limitation of access through the physical hardware address. To find the working MAC addresses through packet captures

Question 29

What is captive portal?

Answer 29

It’s an authentication to a network which is common in wireless networks.

Question 30

How does the captive portal work?

Answer 30

After our device is connected to a network, access table recognizes a lack of authentication and redirects us to a captive portal page where it asks for username and password. Once proper authentication is validated, the web session continues(until captive portal removes our access)

Question 31

Whats ACL used for?

Answer 31

(Access Control Lists) It’s used to allow or deny traffic. They are applied to routers or switch interfaces and are defined on the ingress or egress of an interface. ACLs evaluate on certain criteria(like source IP, destination IP, ICMP, TCp port numbers, UDP port numbers).