- Access Control List (ACL): a clearly defined list of permissions that specify what an authenticated user may perform on a shared resource
- ACL Access Models;
- mandatory
- discretionary
- role based
- Mandatory Access Control (MAC): every resource is assigned a label that defines its secuiryt level
- used to define what privileges programs have to other programs stored in RAM
- oldest and least common of the three ACL access models
- Discretionary Access Control(DAC): based on the idea that a resource has an owner who may at his or her discretion assign access to that resource
- Role-based Access Control (RBAC): defines a user's access to a resource based on the roles that the user plays in the network environment
- creates groups
PPP
- Point-to-Point Protocol (PPP): enables two point-to-point devices to connect, authenticate with a user name and password, and negotiate the network protocol the two devices will use
- is not Ethernet but still can support TCP/IP
- Five distinct phases to a PPP connection:
- Link Dead: Means that the modem is turned off. Link control Protocol(LCP) will start the connection.
- Link Establishment: LCP will establish a connection
- Authentication
- Network layer Protocol: LCP uses network control Protocol (NCP) to make the proper connections for the protocol.
- Termination: LCP will timeout and terminate
- Initiator: the side asking for the connection
- Authenticator: the side with the list of user names and passwords
- PPP came with two ways to authenticate a user name and password:
- Password Authentication Protocol (PAP): transmits the user name and password over the connection in plaintext
- anyone who can tap the connection can learn the user name and password
- Challenge Handshake Authentication Protocol (CHAP): relies on hashes based on a shared secret, usually a password both ends know
- periodically repats the entire authentication process
- prevents man-in-the-middle attacks
AAA
- Authentication, Authorization, and Accounting (AAA): designed for port authentication
Radius
- Radius Authentication Dial-In User Service (RADIUS): was created to support ISPs with to connect modems to computers to a single central database
- Consists of three devices:
- the server that has access to a database of user names and passwords
- Network Access Servers (NASs)
- a group of systems that dial into the network
- a single server can support multiple NASs and provide a complete PPP connection from the requesting system
Hello admin I read the blog about "Chapter 11: Security TCP/IP Pg 375 - 382". The information you provide in this blog is really good because it is simple and easy to understand.
ReplyDeleteKnowledgeadventure.com Games
I was looking for someone who can explain everything meaning what the concept of the talk is.
ReplyDeleteThat quality i can see in your blog which is short and also contain the essential information.
gomovies