Module Three

Use encryption vpn treat as external connection

Info iconThis preview shows pages 21–22. Sign up to view the full content.

View Full Document Right Arrow Icon
Use encryption, VPN, treat as external connection, directional antenna Secure Remote Access Methods: Restricted Address n Filtering by source IP address n Node authentication not user authentication Caller ID n Caller ID checks incoming number against approved list n Very commonly used, hard to defeat n Hard to administer for traveling users Call Back n Caller supplies password or identifier and hangs up n System dials back number listed for the user n Hard to administer for traveling users Remote Identification and Authentication n Verify who is remotely communication. n Identification - Who n Authentication – Verify and Trust Remote Node Security Protocols: Password Authentication Protocol (PAP) n Remote security protocol. Provides Identification and Authentication. n Uses static replayable password for authentication (now considered weak) n Does not encrypt the User ID or Password Challenge Handshake Protocol (CHAP) n Next evolution of PAP uses stronger authentication n Nonreplayable Challenge/Response n Verifies Identity of the node n Often used to enable network-to-network communication n Commonly used by remote access servers and xDSL, ISDN, and cable modems Remote Access Authentication Systems: n TACACS – Terminal Access Controller Access Control System (TCP) n TACACS+ – includes the use of two factor authentication n RADIUS – Remote Access Dial-In User Service (UDP) TACACS – Terminal Access Controller Access Control System n Provides remote authentication and related services n User password administered in a central database rather than in individual routers n TACACS enabled network device prompts for user name and static password n TACACS enabled network device queries TACACA server to verify password n Does not support prompting for password change or use of dynamic tokens TACACS+ Terminal Access Controller Access Control System Plus n Proprietary CISCO enhancement n Two factor Authentication n User can change password
Background image of page 21

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Ability to use secure tokens n Better Audit Trails RADIUS – Remote Access Dial-In User Service n Offers similar benefits to TACACS+ n Often used as a stepping stone to TACACS+ n Radius Server contains dynamic password and network service access information (Network ACLS) n Radius is a fully open protocol, can be customized for almost any security system n Can be used with Kerberos and provides CHAP remote node authentication n Except does not work with: n Apple Talk Remote Access Resolution Protocol n NetBios Frame Protocol Control Protocol n Netware Asynchronous Services Interface n X.25 PAD Connection Does not provide two-way authentication and is not used for router-to-router authentication.
Background image of page 22
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page21 / 22

Use encryption VPN treat as external connection directional...

This preview shows document pages 21 - 22. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online