SlideShare a Scribd company logo

Computer Security - CCNA Security - Lecture 2

Mohamed Loey
Mohamed Loey

We will discuss the following: Classical Security Methods, AAA, Authentication, Authorization, Accounting, AAA Characteristic, Local Based AAA, Server Based AAA, TACACS+ and RADIUS.

Education
1 of 52
Download to read offline
CCNA Security AAA
CCNA Security Chapter 1: Modern Network Security Threats Chapter 2: Securing Network Devices Chapter 3: Authentication, Authorization, and Accounting Chapter 4: Implementing Firewall Technologies Chapter 5: Implementing Intrusion Prevention Chapter 6: Securing the Local-Area Network Chapter 7: Cryptographic Systems Chapter 8: Implementing Virtual Private Networks Chapter 9: Implementing the Cisco Adaptive Security Appliance Chapter 10: Advanced Cisco Adaptive Security Appliance Chapter 11: Managing a Secure Network
CCNA Security
CCNA Security Classical Security Methods
CCNA Security  Uses a login and password combination on access lines  Easiest to implement, but most unsecure method  Vulnerable to brute-force attacks  Provides no accountability R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login Internet User Access Verification Password: cisco Password: cisco1 Password: cisco12 % Bad passwords Password-Only Method
CCNA Security  Creates individual user account/password on each device  Provides accountability  User accounts must be configured locally on each device  Provides no fallback authentication method Internet User Access Verification Username: Admin Password: cisco1 % Login invalid Username: Admin Password: cisco12 % Login invalid Local Database Method R1(config)# username Admin secret Str0ng5rPa55w0rd R1(config)# line vty 0 4 R1(config-line)# login local
CCNA Security AAA
CCNA Security Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary. These combined processes are considered important for effective network management and security.
CCNA Security AAA Authentication Authorization Accounting
CCNA Security Accounting What did you spend it on? Authentication Who are you? Authorization which resources the user is allowed to access and which operations the user is allowed to perform?
CCNA Security Authentication
CCNA Security  Authentication is the process that determines whether a client (a person, a device, or a software process) is a legal or valid user of the system. Cisco provides two common methods of implementing AAA services:  Local AAA Authentication  Server-Based AAA Authentication
CCNA Security Local AAA uses a local database for authentication. This method is sometimes known as self-contained authentication.
CCNA Security 1. The client establishes a connection with the router. 2. The AAA router prompts the user for a username and password. 3. The router authenticates the username and password using the local database and the user is authorized to access the network based on information in the local database. AAA RouterRemote Client 1 2 3
CCNA Security Server-based method, uses a server database for authentication. The router accesses a central AAA server, such as the Cisco Secure Access Control System (ACS).
CCNA Security 1. The client establishes a connection with the router. 2. The AAA router prompts the user for a username and password. 3. The router authenticates the username and password using a remote AAA server. 4. The user is authorized to access the network based on information on the remote AAA Server AAA Router Remote Client 1 2 4 Cisco Secure ACS Server 3
CCNA Security Authorization
CCNA Security  After the user is authenticated, Authorization is the process that determines which resources the user can access and which operations the user is allowed to perform.
CCNA Security 1.When a user has been authenticated, a session is established with an AAA server. 2.The router requests authorization for the requested service from the AAA server. 3.The AAA server returns a PASS/FAIL for authorization.
CCNA Security Accounting
CCNA Security  Accounting is the process of monitoring and recording a client's use of the network. Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used.
CCNA Security 1.When a user has been authenticated, the AAA accounting process generates a start message to begin the accounting process. 2.When the user finishes, a stop message is recorded ending the accounting process.
CCNA Security
CCNA Security Local Based AAA
CCNA Security Local AAA Authentication should be configured for smaller networks. Smaller networks are those networks that have one or two routers that provide access to a limited number of users. This method uses the local usernames and passwords stored on a router.
CCNA Security Configuring local AAA services to authenticate administrator access requires a few basic steps: 1. Add usernames and passwords to the local router database 2. Enable AAA globally 3. Configure AAA parameters on the router 4. Confirm and troubleshoot the AAA configuration
CCNA Security R1 R2 R1# conf t R1(config)# username JR-ADMIN secret Str0ngPa55w0rd R1(config)# username ADMIN secret Str0ng5rPa55w0rd R1(config)# aaa new-model R1(config)# aaa authentication login default local-case
CCNA Security The AAA authentication login command in the figure allows the ADMIN and JR-ADMIN users to log into the router via the console or vty terminal lines. R1# conf t R1(config)# username JR-ADMIN secret Str0ngPa55w0rd R1(config)# username ADMIN secret Str0ng5rPa55w0rd
CCNA Security To enable AAA, the aaa new-model global configuration command must first be configured. R1(config)# aaa new-model
CCNA Security The default keyword means that the authentication method applies to all lines, except those for which a specific line configuration overrides the default. R1(config)# aaa new-model R1(config)# aaa authentication login default local-case
CCNA Security The authentication is case-sensitive, indicated by the local- case keyword. This means that both the password and the username are case sensitive. R1(config)# aaa new-model R1(config)# aaa authentication login default local-case
CCNA Security Server Based AAA
CCNA Security Most corporate environments have multiple Cisco routers, switches, and other infrastructure devices, multiple router administrators, and hundreds or thousands of users needing access to the corporate LAN. Local implementations of AAA are acceptable in very small networks. However, local authentication does not scale well.
CCNA Security R2 R3 R1 Cisco Secure ACS Server Based AAA
CCNA Security 1. The user establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router passes the username and password to the Cisco Secure ACS (server or engine). 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the router (administrative access) or the network based on information found in the Cisco Secure ACS database. Perimeter Router Remote User Cisco Secure ACS for Windows Server 1 2 3 4
CCNA Security The Cisco Secure Access Control System (ACS) is a centralized solution that ties together an enterprise’s network access policy and identity strategy. Cisco Secure ACS supports both TACACS+ and RADIUS protocols
CCNA Security TACACS+ and RADIUS are both authentication protocols that are used to communicate with AAA servers. While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.
CCNA Security Protocol TACACS+ RADIUS Functionality Separates AAA according to the AAA architecture, allowing modularity of the security server implementation Combines authentication and authorization but separates accounting, allowing less flexibility in implementation than TACACS+. Standard Mostly Cisco supported Open/RFC standard Transport Protocol TCP UDP Protocol Support Multiprotocol support Not support Multiprotocol Confidentiality Entire packet encrypted Password encrypted Customization Provides authorization of router commands on a per-user or per-group basis. Has no option to authorize router commands on a per-user or per-group basis
CCNA Security RADIUS, developed by Livingston Enterprises, is an open IETF standard AAA protocol for applications such as network access or IP mobility. RADIUS is widely used by VoIP service providers.
CCNA Security  Works in both local and roaming situations  Uses UDP ports 1645 or 1812 for authentication and UDP ports 1646 or 1813 for accounting Username? JR-ADMIN Password? Str0ngPa55w0r d Access-Request (JR_ADMIN, “Str0ngPa55w0rd”) Access-Accept
CCNA Security TACACS+ is a Cisco enhancement to the original TACACS protocol. TACACS+ is an entirely new protocol that is incompatible with any previous version of TACACS. TACACS+ is supported by the Cisco family of routers and access servers.
CCNA Security Provides separate AAA services Utilizes TCP port 49 Connect Username prompt? Username? Use “Username” JR-ADMIN JR-ADMIN Password? Password prompt? “Str0ngPa55w0rd” Use “Password” Accept/Reject “Str0ngPa55w0rd”
CCNA Security  Step 1. Globally enable AAA to allow the use of all AAA elements.  Step 2. Specify the AAA Server (ex. Cisco Secure ACS) that will provide AAA services for the router.  Step 3. Configure the encryption key needed to encrypt the data transfer between the network access server.  Step 4. Configure the AAA authentication method list to refer to the TACACS+ or RADIUS server.
CCNA Security To enable AAA, the aaa new-model global configuration command must first be configured. R1(config)# aaa new-model
CCNA Security To configure a RADIUS server, use the radius server name command. This puts you into radius server configuration mode. R1(config)# radius server Server-R
CCNA Security RADIUS protocol has reserved ports 1812 for the RADIUS authentication port and 1813 for the RADIUS accounting port. R1(config)# address ipv4 192.168.1.100 auth-port 1812 acct-port 1813
CCNA Security  To configure the shared secret key for encrypting the password, use the key command. This key must be configured exactly the same way on the router and the RADIUS server. R1(config)# key RADIUS-Pa55w0rd
CCNA Security R1(config)# aaa new-model R1(config)# radius server Server-R R1(config)# address ipv4 192.168.1.100 auth-port 1812 acct-port 1813 R1(config)# key RADIUS-Pa55w0rd R1(config)# exit
CCNA Security How to Configure Server-Based AAA Authentication Using TACACS+ ?
CCNA Security  Use MS Word  Send me mail to mloey@live.com with email subject “AAA“  Put your name on Arabic with department and section on word and email body  Finally, press Send  Deadline Next Lecture
CCNA Security facebook.com/mloey mohamedloey@gmail.com twitter.com/mloey linkedin.com/in/mloey mloey@fci.bu.edu.eg mloey.github.io
CCNA Security www.YourCompany.com © 2020 Companyname PowerPoint Business Theme. All Rights Reserved. THANKS FOR YOUR TIME

Recommended

Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)Amit Kumar , Jaipur Engineers
 
Network commands
Network commandsNetwork commands
Network commandsDr. Mahadev Gawas
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 

Recommended

Radius vs. Tacacs+
Radius vs. Tacacs+Radius vs. Tacacs+
Radius vs. Tacacs+Netwax Lab
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)Amit Kumar , Jaipur Engineers
 
Network commands
Network commandsNetwork commands
Network commandsDr. Mahadev Gawas
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsn|u - The Open Security Community
 
NMAP - The Network Scanner
NMAP - The Network ScannerNMAP - The Network Scanner
NMAP - The Network Scannern|u - The Open Security Community
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)Joud Khattab
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNSThousandEyes
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Sécurité des applications web: attaque et défense
Sécurité des applications web: attaque et défenseSécurité des applications web: attaque et défense
Sécurité des applications web: attaque et défenseAntonio Fontes
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
DNS Record
DNS RecordDNS Record
DNS Recordkangting21
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Subnetting
SubnettingSubnetting
Subnettingswascher
 
SSL/TLS Présentation en Français.
SSL/TLS Présentation en Français.SSL/TLS Présentation en Français.
SSL/TLS Présentation en Français.Philippe Lhardy
 
IP security
IP securityIP security
IP securityshraddha mane
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
Network security
Network securityNetwork security
Network securityChristalin Nelson
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Simple Network Management Protocole
Simple Network Management ProtocoleSimple Network Management Protocole
Simple Network Management ProtocoleAmin Komeili
 
SSL
SSLSSL
SSLBadrul Alam bulon
 
Domain name system
Domain name systemDomain name system
Domain name systemDiwaker Pant
 
Dns security
Dns securityDns security
Dns securityDhaval Kapil
 
Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 

More Related Content

What's hot

Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)Joud Khattab
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3Irsandi Hasan
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control PresentationWajahat Rajab
 
Sécurité des applications web: attaque et défense
Sécurité des applications web: attaque et défenseSécurité des applications web: attaque et défense
Sécurité des applications web: attaque et défenseAntonio Fontes
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)akruthi k
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)Netwax Lab
 
Subnetting
SubnettingSubnetting
Subnettingswascher
 
SSL/TLS Présentation en Français.
SSL/TLS Présentation en Français.SSL/TLS Présentation en Français.
SSL/TLS Présentation en Français.Philippe Lhardy
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Simple Network Management Protocole
Simple Network Management ProtocoleSimple Network Management Protocole
Simple Network Management ProtocoleAmin Komeili
 
Domain name system
Domain name systemDomain name system
Domain name systemDiwaker Pant
 

What's hot (20)

Hash Function
Hash FunctionHash Function
Hash Function
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
 
Intro to DNS
Intro to DNSIntro to DNS
Intro to DNS
 
CCNA Security - Chapter 3
CCNA Security - Chapter 3CCNA Security - Chapter 3
CCNA Security - Chapter 3
 
Access Control Presentation
Access Control PresentationAccess Control Presentation
Access Control Presentation
 
Sécurité des applications web: attaque et défense
Sécurité des applications web: attaque et défenseSécurité des applications web: attaque et défense
Sécurité des applications web: attaque et défense
 
Wired equivalent privacy (wep)
Wired equivalent privacy (wep)Wired equivalent privacy (wep)
Wired equivalent privacy (wep)
 
IPS (intrusion prevention system)
IPS (intrusion prevention system)IPS (intrusion prevention system)
IPS (intrusion prevention system)
 
DNS Record
DNS RecordDNS Record
DNS Record
 
NMAP
NMAPNMAP
NMAP
 
Subnetting
SubnettingSubnetting
Subnetting
 
SSL/TLS Présentation en Français.
SSL/TLS Présentation en Français.SSL/TLS Présentation en Français.
SSL/TLS Présentation en Français.
 
IP security
IP securityIP security
IP security
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA Implementation
 
Network security
Network securityNetwork security
Network security
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Simple Network Management Protocole
Simple Network Management ProtocoleSimple Network Management Protocole
Simple Network Management Protocole
 
SSL
SSLSSL
SSL
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Dns security
Dns securityDns security
Dns security
 

Similar to Computer Security - CCNA Security - Lecture 2

Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overviewali raza
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAAAhmed Habib
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminarNilesh Sapariya
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Netgear Italia
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overviewali raza
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guideWilson Ospina
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusRassul Ismailov
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1milkux
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7Chaing Ravuth
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01slavenvvv
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)Azad Kaki
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Dân Chơi
 
Ccna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 AnswersCcna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 Answersccna4discovery
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationAxis Communications
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data centerCisco Canada
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 

Similar to Computer Security - CCNA Security - Lecture 2 (20)

Chapter 3 overview
Chapter 3 overviewChapter 3 overview
Chapter 3 overview
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.ppt
 
CCNA Security 06- AAA
CCNA Security 06- AAACCNA Security 06- AAA
CCNA Security 06- AAA
 
AAA server
AAA serverAAA server
AAA server
 
Wireless Security null seminar
Wireless Security null seminarWireless Security null seminar
Wireless Security null seminar
 
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
Webinar NETGEAR - Nuovi AP Professionali Prosafe WAC720 e WAC730
 
Chapter 6 overview
Chapter 6 overviewChapter 6 overview
Chapter 6 overview
 
8021x feature config_guide
8021x feature config_guide8021x feature config_guide
8021x feature config_guide
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
 
Student packet tracer manual v1.1
Student packet tracer manual v1.1Student packet tracer manual v1.1
Student packet tracer manual v1.1
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
 
Airheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la nsAirheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la ns
 
Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01Ciscorouterasavpnserver 100218045815-phpapp01
Ciscorouterasavpnserver 100218045815-phpapp01
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
 
Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011Ccna 3 chapter 7 v4.0 answers 2011
Ccna 3 chapter 7 v4.0 answers 2011
 
Ccna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 AnswersCcna 4 Chapter 5 V4.0 Answers
Ccna 4 Chapter 5 V4.0 Answers
 
IEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ ImplementationIEEE 802.1X and Axis’ Implementation
IEEE 802.1X and Axis’ Implementation
 
Simplifying the secure data center
Simplifying the secure data centerSimplifying the secure data center
Simplifying the secure data center
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 

More from Mohamed Loey

Lecture 6: Deep Learning Applications
Lecture 6: Deep Learning ApplicationsLecture 6: Deep Learning Applications
Lecture 6: Deep Learning ApplicationsMohamed Loey
 
Lecture 5: Convolutional Neural Network Models
Lecture 5: Convolutional Neural Network ModelsLecture 5: Convolutional Neural Network Models
Lecture 5: Convolutional Neural Network ModelsMohamed Loey
 
Lecture 4: Deep Learning Frameworks
Lecture 4: Deep Learning FrameworksLecture 4: Deep Learning Frameworks
Lecture 4: Deep Learning FrameworksMohamed Loey
 
Lecture 4: How it Works: Convolutional Neural Networks
Lecture 4: How it Works: Convolutional Neural NetworksLecture 4: How it Works: Convolutional Neural Networks
Lecture 4: How it Works: Convolutional Neural NetworksMohamed Loey
 
Lecture 3: Convolutional Neural Networks
Lecture 3: Convolutional Neural NetworksLecture 3: Convolutional Neural Networks
Lecture 3: Convolutional Neural NetworksMohamed Loey
 
Lecture 2: Artificial Neural Network
Lecture 2: Artificial Neural NetworkLecture 2: Artificial Neural Network
Lecture 2: Artificial Neural NetworkMohamed Loey
 
Lecture 1: Deep Learning for Computer Vision
Lecture 1: Deep Learning for Computer VisionLecture 1: Deep Learning for Computer Vision
Lecture 1: Deep Learning for Computer VisionMohamed Loey
 
Design of an Intelligent System for Improving Classification of Cancer Diseases
Design of an Intelligent System for Improving Classification of Cancer DiseasesDesign of an Intelligent System for Improving Classification of Cancer Diseases
Design of an Intelligent System for Improving Classification of Cancer DiseasesMohamed Loey
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Mohamed Loey
 
Algorithms Lecture 8: Pattern Algorithms
Algorithms Lecture 8: Pattern AlgorithmsAlgorithms Lecture 8: Pattern Algorithms
Algorithms Lecture 8: Pattern AlgorithmsMohamed Loey
 
Algorithms Lecture 7: Graph Algorithms
Algorithms Lecture 7: Graph AlgorithmsAlgorithms Lecture 7: Graph Algorithms
Algorithms Lecture 7: Graph AlgorithmsMohamed Loey
 
Algorithms Lecture 6: Searching Algorithms
Algorithms Lecture 6: Searching AlgorithmsAlgorithms Lecture 6: Searching Algorithms
Algorithms Lecture 6: Searching AlgorithmsMohamed Loey
 
Algorithms Lecture 5: Sorting Algorithms II
Algorithms Lecture 5: Sorting Algorithms IIAlgorithms Lecture 5: Sorting Algorithms II
Algorithms Lecture 5: Sorting Algorithms IIMohamed Loey
 
Algorithms Lecture 4: Sorting Algorithms I
Algorithms Lecture 4: Sorting Algorithms IAlgorithms Lecture 4: Sorting Algorithms I
Algorithms Lecture 4: Sorting Algorithms IMohamed Loey
 
Algorithms Lecture 3: Analysis of Algorithms II
Algorithms Lecture 3: Analysis of Algorithms IIAlgorithms Lecture 3: Analysis of Algorithms II
Algorithms Lecture 3: Analysis of Algorithms IIMohamed Loey
 
Algorithms Lecture 2: Analysis of Algorithms I
Algorithms Lecture 2: Analysis of Algorithms IAlgorithms Lecture 2: Analysis of Algorithms I
Algorithms Lecture 2: Analysis of Algorithms IMohamed Loey
 
Algorithms Lecture 1: Introduction to Algorithms
Algorithms Lecture 1: Introduction to AlgorithmsAlgorithms Lecture 1: Introduction to Algorithms
Algorithms Lecture 1: Introduction to AlgorithmsMohamed Loey
 
Convolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningConvolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningMohamed Loey
 
Deep Learning - Overview of my work II
Deep Learning - Overview of my work IIDeep Learning - Overview of my work II
Deep Learning - Overview of my work IIMohamed Loey
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSAMohamed Loey
 

More from Mohamed Loey (20)

Lecture 6: Deep Learning Applications
Lecture 6: Deep Learning ApplicationsLecture 6: Deep Learning Applications
Lecture 6: Deep Learning Applications
 
Lecture 5: Convolutional Neural Network Models
Lecture 5: Convolutional Neural Network ModelsLecture 5: Convolutional Neural Network Models
Lecture 5: Convolutional Neural Network Models
 
Lecture 4: Deep Learning Frameworks
Lecture 4: Deep Learning FrameworksLecture 4: Deep Learning Frameworks
Lecture 4: Deep Learning Frameworks
 
Lecture 4: How it Works: Convolutional Neural Networks
Lecture 4: How it Works: Convolutional Neural NetworksLecture 4: How it Works: Convolutional Neural Networks
Lecture 4: How it Works: Convolutional Neural Networks
 
Lecture 3: Convolutional Neural Networks
Lecture 3: Convolutional Neural NetworksLecture 3: Convolutional Neural Networks
Lecture 3: Convolutional Neural Networks
 
Lecture 2: Artificial Neural Network
Lecture 2: Artificial Neural NetworkLecture 2: Artificial Neural Network
Lecture 2: Artificial Neural Network
 
Lecture 1: Deep Learning for Computer Vision
Lecture 1: Deep Learning for Computer VisionLecture 1: Deep Learning for Computer Vision
Lecture 1: Deep Learning for Computer Vision
 
Design of an Intelligent System for Improving Classification of Cancer Diseases
Design of an Intelligent System for Improving Classification of Cancer DiseasesDesign of an Intelligent System for Improving Classification of Cancer Diseases
Design of an Intelligent System for Improving Classification of Cancer Diseases
 
Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1Computer Security - CCNA Security - Lecture 1
Computer Security - CCNA Security - Lecture 1
 
Algorithms Lecture 8: Pattern Algorithms
Algorithms Lecture 8: Pattern AlgorithmsAlgorithms Lecture 8: Pattern Algorithms
Algorithms Lecture 8: Pattern Algorithms
 
Algorithms Lecture 7: Graph Algorithms
Algorithms Lecture 7: Graph AlgorithmsAlgorithms Lecture 7: Graph Algorithms
Algorithms Lecture 7: Graph Algorithms
 
Algorithms Lecture 6: Searching Algorithms
Algorithms Lecture 6: Searching AlgorithmsAlgorithms Lecture 6: Searching Algorithms
Algorithms Lecture 6: Searching Algorithms
 
Algorithms Lecture 5: Sorting Algorithms II
Algorithms Lecture 5: Sorting Algorithms IIAlgorithms Lecture 5: Sorting Algorithms II
Algorithms Lecture 5: Sorting Algorithms II
 
Algorithms Lecture 4: Sorting Algorithms I
Algorithms Lecture 4: Sorting Algorithms IAlgorithms Lecture 4: Sorting Algorithms I
Algorithms Lecture 4: Sorting Algorithms I
 
Algorithms Lecture 3: Analysis of Algorithms II
Algorithms Lecture 3: Analysis of Algorithms IIAlgorithms Lecture 3: Analysis of Algorithms II
Algorithms Lecture 3: Analysis of Algorithms II
 
Algorithms Lecture 2: Analysis of Algorithms I
Algorithms Lecture 2: Analysis of Algorithms IAlgorithms Lecture 2: Analysis of Algorithms I
Algorithms Lecture 2: Analysis of Algorithms I
 
Algorithms Lecture 1: Introduction to Algorithms
Algorithms Lecture 1: Introduction to AlgorithmsAlgorithms Lecture 1: Introduction to Algorithms
Algorithms Lecture 1: Introduction to Algorithms
 
Convolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep LearningConvolutional Neural Network Models - Deep Learning
Convolutional Neural Network Models - Deep Learning
 
Deep Learning - Overview of my work II
Deep Learning - Overview of my work IIDeep Learning - Overview of my work II
Deep Learning - Overview of my work II
 
Computer Security Lecture 7: RSA
Computer Security Lecture 7: RSAComputer Security Lecture 7: RSA
Computer Security Lecture 7: RSA
 

Recently uploaded

Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataBabyAnnMotar
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWQuiz Club NITW
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDhatriParmar
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxDhatriParmar
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Projectjordimapav
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...DhatriParmar
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMr Bounab Samir
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQuiz Club NITW
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operationalssuser3e220a
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseCeline George
 

Recently uploaded (20)

Measures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped dataMeasures of Position DECILES for ungrouped data
Measures of Position DECILES for ungrouped data
 
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptxINCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
INCLUSIVE EDUCATION PRACTICES FOR TEACHERS AND TRAINERS.pptx
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
Mythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITWMythology Quiz-4th April 2024, Quiz Club NITW
Mythology Quiz-4th April 2024, Quiz Club NITW
 
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptxDecoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
Decoding the Tweet _ Practical Criticism in the Age of Hashtag.pptx
 
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptxMan or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
Man or Manufactured_ Redefining Humanity Through Biopunk Narratives.pptx
 
Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"Mattingly "AI & Prompt Design: Large Language Models"
Mattingly "AI & Prompt Design: Large Language Models"
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
ClimART Action | eTwinning Project
ClimART Action | eTwinning ProjectClimART Action | eTwinning Project
ClimART Action | eTwinning Project
 
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
Beauty Amidst the Bytes_ Unearthing Unexpected Advantages of the Digital Wast...
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
MS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdfMS4 level being good citizen -imperative- (1) (1).pdf
MS4 level being good citizen -imperative- (1) (1).pdf
 
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITWQ-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
Q-Factor HISPOL Quiz-6th April 2024, Quiz Club NITW
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
Expanded definition: technical and operational
Expanded definition: technical and operationalExpanded definition: technical and operational
Expanded definition: technical and operational
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
How to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 DatabaseHow to Make a Duplicate of Your Odoo 17 Database
How to Make a Duplicate of Your Odoo 17 Database
 

Computer Security - CCNA Security - Lecture 2

  • 2. CCNA Security Chapter 1: Modern Network Security Threats Chapter 2: Securing Network Devices Chapter 3: Authentication, Authorization, and Accounting Chapter 4: Implementing Firewall Technologies Chapter 5: Implementing Intrusion Prevention Chapter 6: Securing the Local-Area Network Chapter 7: Cryptographic Systems Chapter 8: Implementing Virtual Private Networks Chapter 9: Implementing the Cisco Adaptive Security Appliance Chapter 10: Advanced Cisco Adaptive Security Appliance Chapter 11: Managing a Secure Network
  • 5. CCNA Security  Uses a login and password combination on access lines  Easiest to implement, but most unsecure method  Vulnerable to brute-force attacks  Provides no accountability R1(config)# line vty 0 4 R1(config-line)# password cisco R1(config-line)# login Internet User Access Verification Password: cisco Password: cisco1 Password: cisco12 % Bad passwords Password-Only Method
  • 6. CCNA Security  Creates individual user account/password on each device  Provides accountability  User accounts must be configured locally on each device  Provides no fallback authentication method Internet User Access Verification Username: Admin Password: cisco1 % Login invalid Username: Admin Password: cisco12 % Login invalid Local Database Method R1(config)# username Admin secret Str0ng5rPa55w0rd R1(config)# line vty 0 4 R1(config-line)# login local
  • 8. CCNA Security Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary. These combined processes are considered important for effective network management and security.
  • 10. CCNA Security Accounting What did you spend it on? Authentication Who are you? Authorization which resources the user is allowed to access and which operations the user is allowed to perform?
  • 12. CCNA Security  Authentication is the process that determines whether a client (a person, a device, or a software process) is a legal or valid user of the system. Cisco provides two common methods of implementing AAA services:  Local AAA Authentication  Server-Based AAA Authentication
  • 13. CCNA Security Local AAA uses a local database for authentication. This method is sometimes known as self-contained authentication.
  • 14. CCNA Security 1. The client establishes a connection with the router. 2. The AAA router prompts the user for a username and password. 3. The router authenticates the username and password using the local database and the user is authorized to access the network based on information in the local database. AAA RouterRemote Client 1 2 3
  • 15. CCNA Security Server-based method, uses a server database for authentication. The router accesses a central AAA server, such as the Cisco Secure Access Control System (ACS).
  • 16. CCNA Security 1. The client establishes a connection with the router. 2. The AAA router prompts the user for a username and password. 3. The router authenticates the username and password using a remote AAA server. 4. The user is authorized to access the network based on information on the remote AAA Server AAA Router Remote Client 1 2 4 Cisco Secure ACS Server 3
  • 18. CCNA Security  After the user is authenticated, Authorization is the process that determines which resources the user can access and which operations the user is allowed to perform.
  • 19. CCNA Security 1.When a user has been authenticated, a session is established with an AAA server. 2.The router requests authorization for the requested service from the AAA server. 3.The AAA server returns a PASS/FAIL for authorization.
  • 21. CCNA Security  Accounting is the process of monitoring and recording a client's use of the network. Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used.
  • 22. CCNA Security 1.When a user has been authenticated, the AAA accounting process generates a start message to begin the accounting process. 2.When the user finishes, a stop message is recorded ending the accounting process.
  • 25. CCNA Security Local AAA Authentication should be configured for smaller networks. Smaller networks are those networks that have one or two routers that provide access to a limited number of users. This method uses the local usernames and passwords stored on a router.
  • 26. CCNA Security Configuring local AAA services to authenticate administrator access requires a few basic steps: 1. Add usernames and passwords to the local router database 2. Enable AAA globally 3. Configure AAA parameters on the router 4. Confirm and troubleshoot the AAA configuration
  • 27. CCNA Security R1 R2 R1# conf t R1(config)# username JR-ADMIN secret Str0ngPa55w0rd R1(config)# username ADMIN secret Str0ng5rPa55w0rd R1(config)# aaa new-model R1(config)# aaa authentication login default local-case
  • 28. CCNA Security The AAA authentication login command in the figure allows the ADMIN and JR-ADMIN users to log into the router via the console or vty terminal lines. R1# conf t R1(config)# username JR-ADMIN secret Str0ngPa55w0rd R1(config)# username ADMIN secret Str0ng5rPa55w0rd
  • 29. CCNA Security To enable AAA, the aaa new-model global configuration command must first be configured. R1(config)# aaa new-model
  • 30. CCNA Security The default keyword means that the authentication method applies to all lines, except those for which a specific line configuration overrides the default. R1(config)# aaa new-model R1(config)# aaa authentication login default local-case
  • 31. CCNA Security The authentication is case-sensitive, indicated by the local- case keyword. This means that both the password and the username are case sensitive. R1(config)# aaa new-model R1(config)# aaa authentication login default local-case
  • 33. CCNA Security Most corporate environments have multiple Cisco routers, switches, and other infrastructure devices, multiple router administrators, and hundreds or thousands of users needing access to the corporate LAN. Local implementations of AAA are acceptable in very small networks. However, local authentication does not scale well.
  • 34. CCNA Security R2 R3 R1 Cisco Secure ACS Server Based AAA
  • 35. CCNA Security 1. The user establishes a connection with the router. 2. The router prompts the user for a username and password. 3. The router passes the username and password to the Cisco Secure ACS (server or engine). 4. The Cisco Secure ACS authenticates the user. The user is authorized to access the router (administrative access) or the network based on information found in the Cisco Secure ACS database. Perimeter Router Remote User Cisco Secure ACS for Windows Server 1 2 3 4
  • 36. CCNA Security The Cisco Secure Access Control System (ACS) is a centralized solution that ties together an enterprise’s network access policy and identity strategy. Cisco Secure ACS supports both TACACS+ and RADIUS protocols
  • 37. CCNA Security TACACS+ and RADIUS are both authentication protocols that are used to communicate with AAA servers. While both protocols can be used to communicate between a router and AAA servers, TACACS+ is considered the more secure protocol.
  • 38. CCNA Security Protocol TACACS+ RADIUS Functionality Separates AAA according to the AAA architecture, allowing modularity of the security server implementation Combines authentication and authorization but separates accounting, allowing less flexibility in implementation than TACACS+. Standard Mostly Cisco supported Open/RFC standard Transport Protocol TCP UDP Protocol Support Multiprotocol support Not support Multiprotocol Confidentiality Entire packet encrypted Password encrypted Customization Provides authorization of router commands on a per-user or per-group basis. Has no option to authorize router commands on a per-user or per-group basis
  • 39. CCNA Security RADIUS, developed by Livingston Enterprises, is an open IETF standard AAA protocol for applications such as network access or IP mobility. RADIUS is widely used by VoIP service providers.
  • 40. CCNA Security  Works in both local and roaming situations  Uses UDP ports 1645 or 1812 for authentication and UDP ports 1646 or 1813 for accounting Username? JR-ADMIN Password? Str0ngPa55w0r d Access-Request (JR_ADMIN, “Str0ngPa55w0rd”) Access-Accept
  • 41. CCNA Security TACACS+ is a Cisco enhancement to the original TACACS protocol. TACACS+ is an entirely new protocol that is incompatible with any previous version of TACACS. TACACS+ is supported by the Cisco family of routers and access servers.
  • 42. CCNA Security Provides separate AAA services Utilizes TCP port 49 Connect Username prompt? Username? Use “Username” JR-ADMIN JR-ADMIN Password? Password prompt? “Str0ngPa55w0rd” Use “Password” Accept/Reject “Str0ngPa55w0rd”
  • 43. CCNA Security  Step 1. Globally enable AAA to allow the use of all AAA elements.  Step 2. Specify the AAA Server (ex. Cisco Secure ACS) that will provide AAA services for the router.  Step 3. Configure the encryption key needed to encrypt the data transfer between the network access server.  Step 4. Configure the AAA authentication method list to refer to the TACACS+ or RADIUS server.
  • 44. CCNA Security To enable AAA, the aaa new-model global configuration command must first be configured. R1(config)# aaa new-model
  • 45. CCNA Security To configure a RADIUS server, use the radius server name command. This puts you into radius server configuration mode. R1(config)# radius server Server-R
  • 46. CCNA Security RADIUS protocol has reserved ports 1812 for the RADIUS authentication port and 1813 for the RADIUS accounting port. R1(config)# address ipv4 192.168.1.100 auth-port 1812 acct-port 1813
  • 47. CCNA Security  To configure the shared secret key for encrypting the password, use the key command. This key must be configured exactly the same way on the router and the RADIUS server. R1(config)# key RADIUS-Pa55w0rd
  • 48. CCNA Security R1(config)# aaa new-model R1(config)# radius server Server-R R1(config)# address ipv4 192.168.1.100 auth-port 1812 acct-port 1813 R1(config)# key RADIUS-Pa55w0rd R1(config)# exit
  • 49. CCNA Security How to Configure Server-Based AAA Authentication Using TACACS+ ?
  • 50. CCNA Security  Use MS Word  Send me mail to mloey@live.com with email subject “AAA“  Put your name on Arabic with department and section on word and email body  Finally, press Send  Deadline Next Lecture
  • 52. CCNA Security www.YourCompany.com © 2020 Companyname PowerPoint Business Theme. All Rights Reserved. THANKS FOR YOUR TIME