Chapter Review
Chapter Review
Remote dial-up connections to the corporate network are made up of several dial-in technologies, including modem and ISDN connections, as well as virtual connections via the Internet. Access control is the process of controlling who can access the network and what resources they’re allowed to use. Cisco’s Authentication, Authorization, and Accounting (AAA) network security services configured on a router or network server implement this access control.
The three security components of AAA are designed to let you define and configure the type of authentication, authorization, and accounting in a detailed and consistent manner through the use of method lists, and then apply those method lists to specific services or interfaces according to your security plan. Method lists define a sequence of implementation processes that allow backup methods in case the initial method fails.
Authentication is the process of identifying users through user name and password verification methods that allow only approved individuals to access the network.
Authorization is the process of matching authenticated users with the permissions or privileges to use network resources
Accounting is the process of tracking or logging the different types of resources or services the remote users are accessing. This data can then be analyzed for auditing, troubleshooting, network management, and network planning client billing. The AAA databases can be remotely stored on one or more TACACS+ or RADIUS servers. Authentication and authorization databases can be stored locally on the access server.
AAA benefits include
-
Scalability
-
Flexibility and granularity
-
Multiple implementation methods, which provide redundancy
-
Support of standard authentication methods, such as RADIUS, TACACS+, and Kerberos
Questions
|
1.? |
Which of the following is not one of the three components of AAA?
|
|
|
2.? |
Which one of the following is the process of determining what devices, features, or services a specific remote user has permission to access in the network, such as network resources or services?
|
|
|
3.? |
Which of the following is a term for the router with interfaces designed to service the remote users of the company?
|
|
|
4.? |
Which one of the following is not one of the three security protocols to control dial-up access into networks supported by AAA?
|
|
|
5.? |
Which of the following security protocols is considered legacy and is supported for those organizations already implementing it?
|
|
|
6.? |
Which of the following is a security protocol developed by Livingston Enterprises, Inc., now a division of Lucent Technologies?
|
|
|
7.? |
Which of the following is a security protocol developed by MIT?
|
|
|
8.? |
Which of the following is a security protocol developed by Cisco and submitted to IETF as a proposed standard?
|
|
|
9.? |
Which of the following is not an advantage of TACACS+ over RADIUS?
|
|
|
10.? |
Which command enables the AAA access control model on the router?
|
|
|
11.? |
Which command identifies the TACACS+ server host to be used for authentication?
|
|
|
12.? |
In the following command, what is the first authentication method? aaa authentication login XYZ-access group tacacs+ enable none
|
|
|
13.? |
Which of the following combines the authentication and authorization into a single database?
|
|
|
14.? |
Which command verifies network connectivity between the NAS and the AAA server?
|
|
|
15.? |
Which of the following is not an AAA benefit?
|
|
Answers
|
1.? |
B. Acknowledgement |
|
2.? |
C. Authorization |
|
3.? |
B. NAS |
|
4.? |
D. ASICS |
|
5.? |
B. Kerberos |
|
6.? |
C. RADIUS |
|
7.? |
B. Kerberos |
|
8.? |
A. TACACS+ |
|
9.? |
D. Supports server-based security databases (They both support this feature.) |
|
10.? |
C. aaa new-model |
|
11.? |
C. Rtr1(config)#tacacs-server host Seattle |
|
12.? |
B. TACACS+ |
|
13.? |
C. RADIUS |
|
14.? |
B. show tacacs |
|
15.? |
B. Automatic installation and configuration. |
