SlideShare uma empresa Scribd logo

AAA Implementation

A
Ahmad El Tawil

The document discusses authentication, authorization, and accounting (AAA) and provides instructions for configuring AAA on Cisco routers. It begins with an introduction to the three A's of AAA - authentication, authorization, and accounting. It then covers identifying each component and implementing authentication using local services or external servers like TACACS+ and RADIUS. The document also discusses authenticating router access, configuring AAA on Cisco routers including enabling AAA globally and setting authentication lists, and troubleshooting AAA using debug commands.

Educação
1 de 29
AAA Implementation Presenter: Ahmad Ali Al Taweel Doctor: Kasem Ahmad
Outline – Introduction of AAA – Identification of each A – Implementing Authentication – TACACS+ and RADIUS AAA Protocols – Authenticating Router Access – Configuring AAA for Cisco Routers – Troubleshooting AAA on Cisco Routers – Configuring AAA with Cisco SDM – Summary
INTRODUCTION OF AAA  Sometimes referred to as “ triple-A” or just AAA,  A- Authentication  A- Authorization  A- Accounting Represent the big tree in terms of IP based network management & policy administration.
 AUTHENTICATION  Authentication is a process that ensures & confirms a user’s identity.  Authentication begins when a user tries to access information.  The user must prove his access rights & identity.  This login combination, which must be assigned to each user, authenticates access.
 AUTHORIZATION  Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username & password.  The amount of information & the amount of services the user has access to depend on the user’s authorization level.
 ACCOUNTING  Accounting is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there & the amount of data transferred during the session.  Accounting data is used for trend analysis, capacity planning, billing auditing & cost allocation.
AAA MODEL—NETWORK SECURITY ARCHITECTURE • Authentication – Who are you? – “I am user student and my password validateme proves it.” • Authorization – What can you do? What can you access? – “User student can access host serverXYZ using Telnet.” • Accounting – What did you do? How long did you do it? How often did you do it? – “User student accessed host serverXYZ using Telnet for 15 minutes.”
IMPLEMENTING AUTHENTICATION USING LOCAL SERVICES 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database. Perimeter Router Remote Client 1 2 3
IMPLEMENTING AUTHENTICATION USING EXTERNAL SERVERS 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router passes the username and password to the Cisco Secure ACS (server or engine). 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the router (administrative access) or the network based on information found in the Cisco Secure ACS database. Perimeter Router Remote Client Cisco Secure ACS for Windows Server Cisco Secure ACS Solution Engine 1 2 3 4
TACACS+ AND RADIUS AAA PROTOCOLS • Two different protocols are used to communicate between the AAA security servers and authenticating devices. • Cisco Secure ACS supports both TACACS+ and RADIUS: – TACACS+ remains more secure than RADIUS. – RADIUS has a robust application programming interface and strong accounting. Cisco Secure ACS Firewall Router Network Access Server TACACS+ RADIUS Security Server
Microsoft Windows dial-up networking connection: Username and Password fields Security Server Microsoft Windows Remote PC NAS Username and password (TCP/IP PPP) PSTN or ISDN
PPP , ISDN , PSTN  Point-to-Point Protocol (PPP) is a data link (layer 2) protocol used to establish a direct connection between two nodes. It connects two routers directly without any host or any other networking device in between. It can provide connection authentication,transmission encryption (using E CP, RFC 1968), and compression.  Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data.  Public Switched Telephone Network (PSTN) is the world's collection of interconnected voice-oriented public telephone networks.
AUTHENTICATING ROUTER ACCESS Telnet Host LAN Remote LAN Network Access Console Router Remote Router Administrative Access Internet
ROUTER LOCAL AUTHENTICATION CONFIGURATION PROCESS Here are the general steps required to configure a Cisco router for local authentication: • Step 1: Secure access to privileged EXEC mode. • Step 2: Enable AAA globally on the perimeter router with the aaa new-model command. • Step 3: Configure AAA authentication lists. • Step 4: Configure AAA authorization for use after the user has passed authentication. • Step 5: Configure the AAA accounting options for how you want to write accounting records. • Step 6: Verify the configuration.
ENABLE AAA GLOBALLY USING THE AAA NEW-MODEL COMMAND aaa new-model router(config)# router(config)# aaa new-model username username password password router(config)# router(config)# username Joe106 password 1MugOJava • Establishes AAA section in configuration file • Sets username and password aaa authentication login default local • Helps prevent administrative access lockout while configuring AAA router(config)#
AAA AUTHENTICATION COMMANDS • These aaa authentication commands are available in Cisco IOS Releases 12.2 and later. • Each of these commands has its own syntax and options (methods). aaa authentication arap aaa authentication banner aaa authentication enable default aaa authentication fail-message aaa authentication local-override aaa authentication login aaa authentication nasi aaa authentication password-prompt aaa authentication ppp aaa authentication username-prompt router(config)#
AAA authentication Login Command aaa authentication login {default | list-name} method1 [method2...] router(config)# router(config)# aaa authentication login default enable router(config)# aaa authentication login console-in local router(config)# aaa authentication login tty-in line
AAA authentication PPP Command aaa authentication ppp {default | list-name} method1 [method2...] router(config)# router(config)# aaa authen ppp default local router(config)# aaa authen ppp dial-in local none
AAA authentication Enable Default Command aaa authentication enable default method1 [method2...] router(config)# router(config)# aaa authentication enable default group tacacs+ enable none
Apply Authentication Commands to Lines and Interfaces • Authentication commands can be applied to lines or interfaces. router(config)# line console 0 router(config-line)# login authentication console-in router(config)# int s3/0 router(config-if)# ppp authentication chap dial-in Note: It is recommended that you always define a default list for AAA to provide “last resort” authentication on all lines and interfaces protected by AAA.
aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} method1 [method2...] router(config)# router(config)# aaa authorization commands 1 alpha local router(config)# aaa authorization commands 15 bravo local router(config)# aaa authorization network charlie local none router(config)# aaa authorization exec delta if-authenticated router(config)# aaa authorization commands 15 default local
AAA ACCOUNTING COMMAND aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} [vrf vrf- name] {start-stop | stop-only | none} [broadcast] group groupname router(config)# router(config)# aaa accounting commands 15 default stop-only group tacacs+ router(config)# aaa accounting auth-proxy default start-stop group tacacs+
TROUBLESHOOTING AAA USING DEBUG COMMANDS debug aaa authentication router# • Use this command to help troubleshoot AAA authentication problems debug aaa accounting router# • Use this command to help troubleshoot AAA accounting problems debug aaa authorization router# • Use this command to help troubleshoot AAA authorization problems
router# debug aaa authentication 113123: Feb 4 10:11:19.305 CST: AAA/MEMORY: create_user (0x619C4940) user='' ruser='' port='tty1' rem_addr='async/81560' authen_type=ASCII service=LOGIN priv=1 113124: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): port='tty1' list='' action=LOGIN service=LOGIN 113125: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): using "default" list 113126: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): Method=LOCAL 113127: Feb 4 10:11:19.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113128: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='(undef)') 113129: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113130: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113131: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETPASS 113132: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='diallocal') 113133: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = GETPASS 113134: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113135: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = PASS
router# debug aaa accounting 16:49:21: AAA/ACCT: EXEC acct start, line 10 16:49:32: AAA/ACCT: Connect start, line 10, glare 16:49:47: AAA/ACCT: Connection acct stop: task_id=70 service=exec port=10 protocol=telnet address=172.31.3.78 cmd=glare bytes_in=308 bytes_out=76 paks_in=45 paks_out=54 elapsed_time=14
CONFIGURING AAA WITH CISCO SDM 1 2 3
THANK YOU

Recomendados

AAA server
AAA serverAAA server
AAA serverhetvi naik
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA ProtocolNetwax Lab
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
Radius1
Radius1Radius1
Radius1balamurugan.k Kalibalamurugan
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
Radius Protocol
Radius ProtocolRadius Protocol
Radius ProtocolNetwax Lab
 

Recomendados

AAA server
AAA serverAAA server
AAA serverhetvi naik
 
Authentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesAuthentication, authorization, accounting(aaa) slides
Authentication, authorization, accounting(aaa) slidesrahul kundu
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA ProtocolNetwax Lab
 
Implementing Cisco AAA
Implementing Cisco AAAImplementing Cisco AAA
Implementing Cisco AAAdkaya
 
Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
Radius1
Radius1Radius1
Radius1balamurugan.k Kalibalamurugan
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
Radius Protocol
Radius ProtocolRadius Protocol
Radius ProtocolNetwax Lab
 
Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 AuthenticationInformation Technology
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Aksum Institute of Technology(AIT, @Letsgo)
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking Mehul Jariwala
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Ipsec
IpsecIpsec
IpsecRupesh Mishra
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)Shashidhara Vyakaranal
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Subnetting
SubnettingSubnetting
SubnettingGichelle Amon
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic PresentationMD. SHORIFUL ISLAM
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure ShellPeter R. Egli
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 

Mais conteúdo relacionado

Mais procurados

AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected accessLopamudra Das
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
Remote access service
Remote access serviceRemote access service
Remote access serviceApoorw Pandey
 
Network Security
Network SecurityNetwork Security
Network SecurityManoj Singh
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 

Mais procurados (20)

Ch08 Authentication
Ch08 AuthenticationCh08 Authentication
Ch08 Authentication
 
Dmz
Dmz Dmz
Dmz
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS Protocols
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
 
Wi-FI Hacking
Wi-FI Hacking Wi-FI Hacking
Wi-FI Hacking
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Ipsec
IpsecIpsec
Ipsec
 
Wi fi protected access
Wi fi protected accessWi fi protected access
Wi fi protected access
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 
Remote access service
Remote access serviceRemote access service
Remote access service
 
Network Security
Network SecurityNetwork Security
Network Security
 
DNS (Domain Name System)
DNS (Domain Name System)DNS (Domain Name System)
DNS (Domain Name System)
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Subnetting
SubnettingSubnetting
Subnetting
 
Wireshark Basic Presentation
Wireshark Basic PresentationWireshark Basic Presentation
Wireshark Basic Presentation
 
SSH - Secure Shell
SSH - Secure ShellSSH - Secure Shell
SSH - Secure Shell
 
Network security
Network securityNetwork security
Network security
 

Semelhante a AAA Implementation

CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7Chaing Ravuth
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214Mac An
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and aclSagarR24
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
At8000 s configurando_aaa
At8000 s configurando_aaaAt8000 s configurando_aaa
At8000 s configurando_aaaNetPlus
 
Commissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCommissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCreekside Marketing Group, LLC
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace securitySagarR24
 
CCNA_Security_02.ppt
CCNA_Security_02.pptCCNA_Security_02.ppt
CCNA_Security_02.pptveracru1
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]RootedCON
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 
Diameter Presentation
Diameter PresentationDiameter Presentation
Diameter PresentationBeny Haddad
 

Semelhante a AAA Implementation (20)

CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.ppt
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldap
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldap
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overview
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Brkcrt 2214
Brkcrt 2214Brkcrt 2214
Brkcrt 2214
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and acl
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
At8000 s configurando_aaa
At8000 s configurando_aaaAt8000 s configurando_aaa
At8000 s configurando_aaa
 
Commissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial NetworksCommissioning, Managing & Troubleshooting Industrial Networks
Commissioning, Managing & Troubleshooting Industrial Networks
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace security
 
CCNA_Security_02.ppt
CCNA_Security_02.pptCCNA_Security_02.ppt
CCNA_Security_02.ppt
 
Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]Carlos García - Pentesting Active Directory [rooted2018]
Carlos García - Pentesting Active Directory [rooted2018]
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02
 
Diameter Presentation
Diameter PresentationDiameter Presentation
Diameter Presentation
 

Mais de Ahmad El Tawil

Force sensors presentation
Force sensors presentationForce sensors presentation
Force sensors presentationAhmad El Tawil
 
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...Ahmad El Tawil
 
Map reduce presentation
Map reduce presentationMap reduce presentation
Map reduce presentationAhmad El Tawil
 
Map reduce advantages over parallel databases report
Map reduce advantages over parallel databases reportMap reduce advantages over parallel databases report
Map reduce advantages over parallel databases reportAhmad El Tawil
 
Map reduce advantages over parallel databases
Map reduce advantages over parallel databases Map reduce advantages over parallel databases
Map reduce advantages over parallel databases Ahmad El Tawil
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment reportAhmad El Tawil
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment Ahmad El Tawil
 
Piper Alpha Disaster Report
Piper Alpha Disaster ReportPiper Alpha Disaster Report
Piper Alpha Disaster ReportAhmad El Tawil
 
Fruit detection using morphological
Fruit detection using morphological Fruit detection using morphological
Fruit detection using morphological Ahmad El Tawil
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentationAhmad El Tawil
 
Bhopal Disaster Presentation
Bhopal Disaster PresentationBhopal Disaster Presentation
Bhopal Disaster PresentationAhmad El Tawil
 
Security algorithms for manet
Security algorithms for manetSecurity algorithms for manet
Security algorithms for manetAhmad El Tawil
 
5G green communication
5G green communication5G green communication
5G green communicationAhmad El Tawil
 
A survey of ethical hacking process and security
A survey of ethical hacking process and securityA survey of ethical hacking process and security
A survey of ethical hacking process and securityAhmad El Tawil
 
Cybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyCybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyAhmad El Tawil
 

Mais de Ahmad El Tawil (18)

Force sensors presentation
Force sensors presentationForce sensors presentation
Force sensors presentation
 
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
Enabling Reusable and Adaptive Modeling,Provisioning & Execution of BPEL Proc...
 
Map reduce presentation
Map reduce presentationMap reduce presentation
Map reduce presentation
 
Map reduce advantages over parallel databases report
Map reduce advantages over parallel databases reportMap reduce advantages over parallel databases report
Map reduce advantages over parallel databases report
 
Map reduce advantages over parallel databases
Map reduce advantages over parallel databases Map reduce advantages over parallel databases
Map reduce advantages over parallel databases
 
Cloud computing risk assesment report
Cloud computing risk assesment reportCloud computing risk assesment report
Cloud computing risk assesment report
 
Cloud computing risk assesment
Cloud computing risk assesment Cloud computing risk assesment
Cloud computing risk assesment
 
Piper Alpha Disaster Report
Piper Alpha Disaster ReportPiper Alpha Disaster Report
Piper Alpha Disaster Report
 
Fruit detection using morphological
Fruit detection using morphological Fruit detection using morphological
Fruit detection using morphological
 
Piper Alpha Disaster
Piper Alpha DisasterPiper Alpha Disaster
Piper Alpha Disaster
 
Cloud computing risk assesment presentation
Cloud computing risk assesment presentationCloud computing risk assesment presentation
Cloud computing risk assesment presentation
 
Bhopal Disaster Presentation
Bhopal Disaster PresentationBhopal Disaster Presentation
Bhopal Disaster Presentation
 
Security algorithms for manet
Security algorithms for manetSecurity algorithms for manet
Security algorithms for manet
 
Bayesian network
Bayesian networkBayesian network
Bayesian network
 
5G green communication
5G green communication5G green communication
5G green communication
 
A survey of ethical hacking process and security
A survey of ethical hacking process and securityA survey of ethical hacking process and security
A survey of ethical hacking process and security
 
E-DHCP
E-DHCPE-DHCP
E-DHCP
 
Cybercriminals focus on Cryptocurrency
Cybercriminals focus on CryptocurrencyCybercriminals focus on Cryptocurrency
Cybercriminals focus on Cryptocurrency
 

Último

An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxVishalSingh1417
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPoojaSen20
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 

Último (20)

An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

AAA Implementation

  • 1. AAA Implementation Presenter: Ahmad Ali Al Taweel Doctor: Kasem Ahmad
  • 2. Outline – Introduction of AAA – Identification of each A – Implementing Authentication – TACACS+ and RADIUS AAA Protocols – Authenticating Router Access – Configuring AAA for Cisco Routers – Troubleshooting AAA on Cisco Routers – Configuring AAA with Cisco SDM – Summary
  • 3. INTRODUCTION OF AAA  Sometimes referred to as “ triple-A” or just AAA,  A- Authentication  A- Authorization  A- Accounting Represent the big tree in terms of IP based network management & policy administration.
  • 4.  AUTHENTICATION  Authentication is a process that ensures & confirms a user’s identity.  Authentication begins when a user tries to access information.  The user must prove his access rights & identity.  This login combination, which must be assigned to each user, authenticates access.
  • 5.  AUTHORIZATION  Authorization is the process of granting or denying a user access to network resources once the user has been authenticated through the username & password.  The amount of information & the amount of services the user has access to depend on the user’s authorization level.
  • 6.  ACCOUNTING  Accounting is the process of keeping track of a user’s activity while accessing the network resources, including the amount of time spent in the network, the services accessed while there & the amount of data transferred during the session.  Accounting data is used for trend analysis, capacity planning, billing auditing & cost allocation.
  • 7. AAA MODEL—NETWORK SECURITY ARCHITECTURE • Authentication – Who are you? – “I am user student and my password validateme proves it.” • Authorization – What can you do? What can you access? – “User student can access host serverXYZ using Telnet.” • Accounting – What did you do? How long did you do it? How often did you do it? – “User student accessed host serverXYZ using Telnet for 15 minutes.”
  • 8. IMPLEMENTING AUTHENTICATION USING LOCAL SERVICES 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router authenticates the username and password in the local database. The user is authorized to access the network based on information in the local database. Perimeter Router Remote Client 1 2 3
  • 9. IMPLEMENTING AUTHENTICATION USING EXTERNAL SERVERS 1. The client establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router passes the username and password to the Cisco Secure ACS (server or engine). 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the router (administrative access) or the network based on information found in the Cisco Secure ACS database. Perimeter Router Remote Client Cisco Secure ACS for Windows Server Cisco Secure ACS Solution Engine 1 2 3 4
  • 10. TACACS+ AND RADIUS AAA PROTOCOLS • Two different protocols are used to communicate between the AAA security servers and authenticating devices. • Cisco Secure ACS supports both TACACS+ and RADIUS: – TACACS+ remains more secure than RADIUS. – RADIUS has a robust application programming interface and strong accounting. Cisco Secure ACS Firewall Router Network Access Server TACACS+ RADIUS Security Server
  • 11.
  • 12. Microsoft Windows dial-up networking connection: Username and Password fields Security Server Microsoft Windows Remote PC NAS Username and password (TCP/IP PPP) PSTN or ISDN
  • 13. PPP , ISDN , PSTN  Point-to-Point Protocol (PPP) is a data link (layer 2) protocol used to establish a direct connection between two nodes. It connects two routers directly without any host or any other networking device in between. It can provide connection authentication,transmission encryption (using E CP, RFC 1968), and compression.  Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data.  Public Switched Telephone Network (PSTN) is the world's collection of interconnected voice-oriented public telephone networks.
  • 14. AUTHENTICATING ROUTER ACCESS Telnet Host LAN Remote LAN Network Access Console Router Remote Router Administrative Access Internet
  • 15. ROUTER LOCAL AUTHENTICATION CONFIGURATION PROCESS Here are the general steps required to configure a Cisco router for local authentication: • Step 1: Secure access to privileged EXEC mode. • Step 2: Enable AAA globally on the perimeter router with the aaa new-model command. • Step 3: Configure AAA authentication lists. • Step 4: Configure AAA authorization for use after the user has passed authentication. • Step 5: Configure the AAA accounting options for how you want to write accounting records. • Step 6: Verify the configuration.
  • 16. ENABLE AAA GLOBALLY USING THE AAA NEW-MODEL COMMAND aaa new-model router(config)# router(config)# aaa new-model username username password password router(config)# router(config)# username Joe106 password 1MugOJava • Establishes AAA section in configuration file • Sets username and password aaa authentication login default local • Helps prevent administrative access lockout while configuring AAA router(config)#
  • 17. AAA AUTHENTICATION COMMANDS • These aaa authentication commands are available in Cisco IOS Releases 12.2 and later. • Each of these commands has its own syntax and options (methods). aaa authentication arap aaa authentication banner aaa authentication enable default aaa authentication fail-message aaa authentication local-override aaa authentication login aaa authentication nasi aaa authentication password-prompt aaa authentication ppp aaa authentication username-prompt router(config)#
  • 18. AAA authentication Login Command aaa authentication login {default | list-name} method1 [method2...] router(config)# router(config)# aaa authentication login default enable router(config)# aaa authentication login console-in local router(config)# aaa authentication login tty-in line
  • 19. AAA authentication PPP Command aaa authentication ppp {default | list-name} method1 [method2...] router(config)# router(config)# aaa authen ppp default local router(config)# aaa authen ppp dial-in local none
  • 20. AAA authentication Enable Default Command aaa authentication enable default method1 [method2...] router(config)# router(config)# aaa authentication enable default group tacacs+ enable none
  • 21. Apply Authentication Commands to Lines and Interfaces • Authentication commands can be applied to lines or interfaces. router(config)# line console 0 router(config-line)# login authentication console-in router(config)# int s3/0 router(config-if)# ppp authentication chap dial-in Note: It is recommended that you always define a default list for AAA to provide “last resort” authentication on all lines and interfaces protected by AAA.
  • 22. aaa authorization {network | exec | commands level | reverse-access | configuration} {default | list-name} method1 [method2...] router(config)# router(config)# aaa authorization commands 1 alpha local router(config)# aaa authorization commands 15 bravo local router(config)# aaa authorization network charlie local none router(config)# aaa authorization exec delta if-authenticated router(config)# aaa authorization commands 15 default local
  • 23. AAA ACCOUNTING COMMAND aaa accounting {auth-proxy | system | network | exec | connection | commands level} {default | list-name} [vrf vrf- name] {start-stop | stop-only | none} [broadcast] group groupname router(config)# router(config)# aaa accounting commands 15 default stop-only group tacacs+ router(config)# aaa accounting auth-proxy default start-stop group tacacs+
  • 24. TROUBLESHOOTING AAA USING DEBUG COMMANDS debug aaa authentication router# • Use this command to help troubleshoot AAA authentication problems debug aaa accounting router# • Use this command to help troubleshoot AAA accounting problems debug aaa authorization router# • Use this command to help troubleshoot AAA authorization problems
  • 25. router# debug aaa authentication 113123: Feb 4 10:11:19.305 CST: AAA/MEMORY: create_user (0x619C4940) user='' ruser='' port='tty1' rem_addr='async/81560' authen_type=ASCII service=LOGIN priv=1 113124: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): port='tty1' list='' action=LOGIN service=LOGIN 113125: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): using "default" list 113126: Feb 4 10:11:19.305 CST: AAA/AUTHEN/START (2784097690): Method=LOCAL 113127: Feb 4 10:11:19.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113128: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='(undef)') 113129: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETUSER 113130: Feb 4 10:11:26.305 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113131: Feb 4 10:11:26.305 CST: AAA/AUTHEN (2784097690): status = GETPASS 113132: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): continue_login (user='diallocal') 113133: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = GETPASS 113134: Feb 4 10:11:28.145 CST: AAA/AUTHEN/CONT (2784097690): Method=LOCAL 113135: Feb 4 10:11:28.145 CST: AAA/AUTHEN (2784097690): status = PASS
  • 26. router# debug aaa accounting 16:49:21: AAA/ACCT: EXEC acct start, line 10 16:49:32: AAA/ACCT: Connect start, line 10, glare 16:49:47: AAA/ACCT: Connection acct stop: task_id=70 service=exec port=10 protocol=telnet address=172.31.3.78 cmd=glare bytes_in=308 bytes_out=76 paks_in=45 paks_out=54 elapsed_time=14
  • 27. CONFIGURING AAA WITH CISCO SDM 1 2 3
  • 28.