NIS Chapter 04 Flashcards
(33 cards)
Define authentication
the verification of the identity of a user using their credentials
define authorisation
he granting of access to resources based on successful authentication
define accounting
keeping track of the use of resources by a user on the network
give 3 examples of authentication credentials
password and username, biometrics, RFID
what are the 3 categories of credentials?
- something you know, you have, you are
What is a RADIUS server
it is a remote authentication dial in user server that is a protocol that provides AAA capabilities. A single authorisation entity
3 examples of accounting records that RADIUS servers contain?
- usernames, Input packets, outpackets
what is 802..1X
it is a standard that deals with access control in a network. It provides an authorisation framework to either allow or disallow traffic to pass through a port.
What authentication protocol is used in layer 2?
Extensible Authentication Protocol
What are the 3 major components of the 802.1X framework
- Supplicant
- authenticator
-authentication server
Describe the supplicant in a the 802.1X standard
- this is a device that needs to be validated by the authentication server based on it credentials
What protocol do the supplicant and the authentication server use a communication medium? And at which layer does this communication take place?`
the Extensible Authentication Protocol. Layer 2
What is an authenticator in the 802.1X standard?
the intermediatory between the supplicant and the authentication server.
What are the 2 ports maintained by the authenticator and what are they for?
There is a controlled port that is used to only allow traffic after authentication.
the uncontrolled traffic allows only EAP traffic to pass
A supplicant can be a device or software, what can the authenticator be in a real world example?
An access point or a WLAN controller
what is an authentication server?
a component that validates the credentials of a supplicant
What is LDAP?
Lightweight Directory ACcess Protocol that can be used as an application for querying and modifying services in the place of an authentication server.
Why would an organisation choose to have no RADIUS server or LDAP?
SO that queries can go from the authenticator to the LDAP instead of going through a RADIUS. This is to increase performance
What is a NAC?
Network access control which is a server that allows for access decision to be made based on a devices antivirus state and OS patch version.
What happens if the NAC is not satisfied with a device’s state?
Create a VLAN that isolates them till the necessary changed are implemented
What are the distinguishing features of authentication servers?
- Client server model
- Network security (encryption)
- Flexible Authentication Mechanism (various auth methods)
- EAP (new attributes)
What is mutual authentication?
This is a type of authentication that validates both the supplicant and the authentication server, This prevents man in the middle attacks
How does mutual authentication happen?
The EAP protocol allows the supplicant to validate the AS using server side certificates
What is the purpose of the AS certificates?
- validates the AS before supplicant sends its credentials
- Creates an encrypted TLS tunnel to supply supplicant credentials after authentication
