9781111640125_IM_ch09

Security+ Guide to Network Security Fundamentals

This preview shows page 6 - 8 out of 10 pages.

Answer: access control list (ACL) access control list ACL 4. ____ are user accounts that remain active after an employee has left an organization. Answer: Orphaned accounts Authentication Services 1. Note that authentication services can be provided on a network by a dedicated authentication, authorization, and accounting (AAA) server or by an authentication server. 2. Explain that the most common type of authentication and AAA servers are RADIUS, Kerberos, Terminal Access Control Access Control Systems (TACACS), and generic servers built on the Lightweight Directory Access Protocol (LDAP). RADIUS 1. Explain that RADIUS, or Remote Authentication Dial In User Service, was developed in 1992 and quickly became the industry standard with widespread support across nearly all vendors of networking equipment.
Image of page 6

Subscribe to view the full document.

Security+ Guide to Network Security Fundamentals, Fourth Edition 9-7 2. Emphasize that RADIUS is suitable for what are called “high-volume service control applications” such as dial-in access to a corporate network. 3. Discuss the steps for RADIUS authentication. Refer to Figure 9-7, which illustrates the steps. Kerberos 1. Explain that Kerberos is an authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users. 2. Describe how Kerberos works. Terminal Access Control Access Control System (TACACS) 1. Explain that similar to RADIUS, Terminal Access Control Access Control System (TACACS) is an authentication service commonly used on UNIX devices that communicates by forwarding user authentication information to a centralized server. 2. Note that the centralized server can either be a TACACS database or a database such as a Linux or UNIX password file with TACACS protocol support. 3. Refer to Table 9-5 for a comparison of RADIUS and TACACS+. Lightweight Directory Access Protocol (LDAP) 1. Define a directory service, which is a database stored on the network itself that contains information about users and network devices. 2. Emphasize that it contains information such as the user’s name, telephone extension, e- mail address, logon name, and other facts. 3. Explain that the directory service also keeps track of all of the resources on the network and a user’s privileges to those resources, and grants or denies access based on the directory service information. 4. Note that directory services make it much easier to grant privileges or permissions to network users. 5. Explain that LDAP makes it possible for almost any application running on virtually any computer platform to obtain directory information.
Image of page 7
Image of page 8
You've reached the end of this preview.
  • '
  • NoProfessor

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern