Network+ 14 Flashcards
Kerberos is a client/server authentication protocol that supports mutual authentication between a client and a server. Kerberos uses the concept of a trusted third party (a key distribution center) that hands out tickets that are used instead of a username and password combination.
Kerberos
Authentication, authorization, and accounting (AAA) allows a network to have a single repository of user credentials. A network administrator can then, for example, supply the same credentials to log in to various network devices (for example, routers and switches). RADIUS and TACACS+ are protocols commonly used to communicate with a AAA server.
AAA
Remote Authentication Dial-In User Service (RADIUS) is a UDP-based protocol used to communicate with a AAA server. Unlike TACACS+, RADIUS does not encrypt an entire authentication packet, but only the password. However, RADIUS does offer more robust accounting features than TACACS+.
RADIUS
Terminal Access Controller Access-Control System Plus (TACACS+) is a Cisco proprietary TCP-based AAA protocol. TACACS+ has three separate and distinct sessions or functions for authentication, authorization, and accounting.
Network Admission Control (NAC) can permit or deny access to a network based on characteristics of the device seeking admission, rather than just checking user credentials.
TACACS+
IEEE 802.1X is a type of NAC that can permit or deny a wireless or wired LAN client access to a network. If IEEE 802.1X is used to permit access to a LAN via a switch port, then IEEE 802.1X is being used for port security. The device seeking admission to the network is called the supplicant. The device to which the supplication connects (either wirelessly or through a wired connection) is called the authenticator. The device that checks the supplicant’s credentials and permits or denies the supplicant to access the network is called an authentication server. Usually, an authentication server is a RADIUS server.
IEEE 802.1X
Challenge-Handshake Authentication Protocol (CHAP) performs a one-way authentication for a remote-access connection. However, authentication is performed through a three-way handshake (challenge, response, and acceptance messages) between a server and a client. The three-way handshake allows a client to be authenticated without sending credential information across a network.
CHAP
Microsoft Challenge-Handshake Authentication Protocol (MS-CHAP) is a Microsoft-enhanced version of CHAP, offering a collection of additional features not present with CHAP, including two-way authentication.
Extensible Authentication Protocol (EAP) specifies how authentication is performed by IEEE 802.1X
Single sign-on (SSO) allows a user to authenticate only once to gain access to multiple systems, without requiring the user to independently authenticate with each system.
Local authentication refers to the network device authenticating the user with a database of user account information stored on the device itself.
MS-CHAP Etc …
poison reverse : This feature of a distance-vector routing protocol causes a route received on one interface to be advertised back out of that same interface with a metric considered to be infinite.
PGP is a widely deployed asymmetric encryption algorithm and is often used to encrypt email traffic. A free variant of pretty good privacy (PGP), which is an asymmetric encryption algorithm. A common variant of HMAC frequently used in email systems. Like CHAP, CRAM-MD5 only performs one-way authentication (the server authenticates the client).
poison reverse etc …
rate at which bits are encoded on the line can be referred to as the bit rate, baud rate represents the number of symbols or characters being sent per second, Multiplexing is the concept of taking multiple sets of data (such as voice traffic and email traffic) and sending them simultaneously (or almost simultaneously) over a link on a network, such as a T1 leased line between two sites. At the receiving side, the process of separating out the data streams (separating the voice traffic from the email traffic) is referred to as demultiplexing.
rate etc …
(SCADA) network is used for the control of remote equipment and to monitor that equipment. This may be part of an industrial control system (ICS) that is used to manage a power plant or water treatment facility. Networks like these with distributed control systems (DCSs) may have devices such as programmable logic controllers (PLCs) and remote terminal units that are proprietary and may take specialized training to learn and troubleshoot.
NAS = IP Small Computer System Interface (iSCSI), Fibre Channel, and Network File System (NFS), Near-end crosstalk (NEXT) is crosstalk that occurs at the near end of the cable; far-end crosstalk is interference at the far end of the cable or circuit, memorandum of understanding (MOU) between the two companies to identify and confirm in writing the intentions and agreements between the companies.
SCADA etc …
