Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
Authentication Services In today's lesson we look at RADIUS. We define what RADIUS is, how it's used, and discuss the different types of RADIUS authentication types for the type of user requesting access. We take a deeper look at specific types of authentication such as LDAP, Kerberos, and explore what their purposes are, as well as their relationship to the protocol stack they engage. [toggle_content title="Transcript"] We start by looking at RADIUS, RADIUS is the remote authentication that user system this allows for authenticating remote users. Periodically we might have remote users working from home, working from another client location and they need access to internal systems and resources. These people have to be authenticated properly, via solutions like RADIUS. RADIUS is often used in dial-up user connections if you do dial-up networking connecting to the internet using telephone lines and enterprise grid wireless authentication setups. RADIUS allows for authenticating our users, with internal computers and resources and other network devices. RADIUS is very important because it facilitates authentication of users that are connecting remotely to internal network devices. Next we look at TACACS+. TACACS+ is a completely re-written version of TACACS it provides support for multi factor or strong factor authentication; it works similarly to the RADIUS system. TACACS+ also is built on TCP and encrypts all information exchanged between the client and the server. We also have Kerberos, Kerberos is the authentication standard it employs the Key Distributions Centre the KDC, the Ticket Granting Service the TGS and it uses tickets to prevent replay of credentials. These tickets are usually time stamped so that once they are presented to the servers; the servers are able to track the use of tickets to prevent a replay attack. Kerberos uses the symmetric key – cryptography was designed to provide single synonym in a client server network environment. Single synonym earlier discussed in the previous video where our users only provide only one set of credentials to log on to every system they need access to on the system that is supported by Kerberos. It is the primary authentication mechanism in both UNIX and Windows environment, Kerberos supports mutual authentication between systems and users. For mutual authentication, two entities must authenticate to each other before communication proceeds. So say for example a user is trying to access a server the user would authenticate to the server and the server authenticates to the user. A lot of banks carry out mutual authentication these days; the user is made to select an image on the server. An image they like to see every time they log on to the serve. This is the way by which the server authenticates to the user. So once the user provides their log on, they see that image next they provide their credentials. So the server also authenticated to the user and the user authenticates to the server, so this way they can be no man in the middle. Mutual authentication ensures no man in the middle, because both entities now know they are communicating to each other and not a man in the middle. The last item we discuss for section 5.1 is LDAP - Lightweight Directive Access Protocol. This is the protocol that is used to query database. In the very early days the phone companies developed these protocols so that they could query databases to find out you know what the content of the database is. Usually our network these days are created in active directory and within active directory we have objects that could be within the active directory design. Our objects could include users, printers, groups and computers. So we use the Lightweight Directive Access Protocol to query the directories finding where users reside, objects like printers reside, and other systems reside within every domain. [/toggle_content]
CISSP CISM CISA CHFI CSXF CEH, Cyber Security Specialist & Trainer
Subscribe to become an Insider Pro and get access to premium content such as: