lecture 6 - AAA

lecture 6 - AAA - Network Security CS 6823 Lecture 2...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 6823 - Network Security 1 Network Security CS 6823 - Lecture 2 Authentication, Authorization and Accounting Keith O’Brien [email protected]
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CS 6823 - Network Security 2 AAA - Authentication,  Authorization and Accounting Authentication - is the method a user is identified prior to  be allowed access to network services.   Verifying that that  identify being claimed is authentic. Identity - Can be human or machine.  Set of attributes are  assigned to an subject which forms the identity.     Authentication is the verification of one’s identity. This can happen through: passwords, biometrics, tokens
Background image of page 2
CS 6823 - Network Security 3 Authentication Identity is usually supplied by means of some public  information such as a username Authentication of that identity is generally performed using  one or more of the three basic types of authentication: - Something a person knows (password, mother’s maiden  name) - Something a person has (access badge, secureid token) - Something a person is ( biometrics, fingerprint, iris scan) Combining one or more of the above increases the  strength of the authentication.   
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CS 6823 - Network Security 4 Authorization What a subject is allowed to do one they are authenticated  to the network. Provides the method for collecting and sending information  used for billing, management and forensics. Accounting
Background image of page 4
CS 6823 - Network Security Basic Identity Concepts What is an identity? - an assertion of who we are. - allows us to differentiate between one another What does it look like? - Typical Network Identities include - Username / Password - Email: [email protected] - MAC Address: 00-0c-14-a4-9d-33 - IP Address: 10.0.1.199 - Digital Certificates How do we use identities? - Used to grant appropriate authorizations — rights to services within a given domain 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CS 6823 - Network Security 6 A Word on Passwords The most ubiquitous Should be easy to remember but hard to guess (even by  brute force with a computer) Good way to generate a secure pass is to think of a  phrase you can remember and take the first letter of each  word. Example:  “I really like Poly’s Cyber Security Masters  Program” Would be: irlpcsmp Don’t do dictionary words as they can be brute forced Don’t do dictionary works with “cute” substitutions as they  can also be brute forced  ex:  p0lyt3chnic Best is to use completely random string and then use a  “password vault” program to store.
Background image of page 6
CS 6823 - Network Security 7 Radius Remote Authentication Dial-in User Service (RADIUS) Defined in RFC 2865 Communication between the Network Access Server and  Radius service is via UDP
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 35

lecture 6 - AAA - Network Security CS 6823 Lecture 2...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online