Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

More documents

Recommendations

Info

134 CHAPTER 8 Security Standards and Services Client Requests Authorization Client Internet RADIUS Client Remote Server queries central repository RADIUS Server FIGURE 8.5 RADIUS authentication process Remote Server’s Response RADIUS Server responds with either an allow or deny In a distributed RADIUS environment, a RADIUS server forwards the authentication request to an enterprise RADIUS server using a protocol called proxy RADIUS. RADIUS may be vulnerable to buffer overflow attacks. The RADIUS authentication process is depicted in Figure 8.5. Biometric devices can provide a higher level of authentication than, for example, a username/password combination. KERBEROS Kerberos is a network protocol designed to centralize the authentication information for the user or service requesting the resource. This allows authentication of the entity requesting access (user, machine, service, or process) by the host of the resource being accessed through the use of secure and encrypted keys and tickets (authentication tokens) from the authenticating key distribution center (KDC). Characteristics of Kerberos are as follows: ■ It allows for cross-platform authentication. ■ It centralizes the processing of credentials for authentication. ■ Kerberos uses time stamping of its tickets to help ensure that they are not compromised by other entities. It uses an overall structure of control that is called a realm. ■ In a Kerberos realm, the Key Distribution Server (KDC) acts as both an authentication server and as a ticket granting server. ■ Kerberos uses a time stamp to limit the possibility of replay or spoofing of credentials. Microsoft’s Kerberos implementation has a 5-min. time delta. If clocks are not synchronized between the systems, the credentials (tickets) will not be granted if the time differential exceeds the established limits. LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL Directory services are used to store, retrieve, and manage information about objects, such as user accounts, computer accounts, mail accounts, and information on resources available on the network. Some of the directory services that are produced by vendors include the following: ■ Active Directory was developed by Microsoft for networks running Windows 2000 Server, Windows 2003 Server, or Windows 2008.
Network Access Security 135 ■ eDirectory was developed by Novell for Novell NetWare networks. Previous versions for Novell NetWare 4.x and 5.x were called Novell Directory Services (NDS). ■ OpenLDAP was developed by Apple for networks running Mac OS X Servers. Lightweight Directory Access Protocol (LDAP) is a protocol that enables clients to access information within a directory service, allowing the directory to be searched and objects to be added, modified, and deleted. ■ ■ ■ ■ Characteristics of LDAP are as follows: ■ LDAP was created after the X.500 specification that uses the Directory Access Protocol (DAP). ■ LDAP directories follow a hierarchy using a tree-like structure, where the top of the hierarchy is called the root. The root server is used to create the structure of the directory, with organizational units (OU) and the objects branching out from the root. ■ Parts of the directory structure may exist on different servers. Segmenting the tree based on organization or division and storing each branch on separate directory servers increases the security of the LDAP information. ■ The topmost level of the hierarchy generally uses the DNS namespace to identify the tree. Characteristics of the OU are as follows: ■ OUs are used to identify different branches of the organization or network. ■ To identify the OUs, each has a name that must be unique in its place in the hierarchy. ■ Each OU can be nested in other OUs. ■ You can’t have two OUs with the same name in the same parent OU. ■ You can have OUs with the same name in different areas of the hierarchy. Objects and Attributes: ■ The name given to each object is referred to as a common name, which identifies the object but doesn’t show where it resides in the hierarchy. ■ You can’t have two objects with the same name in an OU. ■ A distinguished name is used to identify the object’s place in the hierarchy. ■ The distinguished name is a unique identifier for the object and is made up of several attributes of the object. It consists of the relative distinguished name, which is constructed from some attribute(s) of the object, followed by the distinguished name of the parent object. Schema and Classes: ■ The schema defines the object classes and the attribute types. ■ Object classes define what the object represents (that is, user, computer, and so forth) and a list of what attributes are associated with the object. ■ Each of the attributes associated with an object is defined in the schema. ■ Because LDAP is binary, to view the attributes of an object, the information can be represented in LDAP Data Interchange Format (LDIF).
Page 2 and 3:
Syngress is an imprint of Elsevier
Page 4 and 5:
xii About the Authors Technical Edi
Page 6 and 7:
2 CHAPTER 1 Network Fundamentals Ne
Page 8 and 9:
4 CHAPTER 1 Network Fundamentals re
Page 10 and 11:
6 CHAPTER 1 Network Fundamentals
Page 12 and 13:
8 CHAPTER 1 Network Fundamentals Wh
Page 14 and 15:
10 CHAPTER 1 Network Fundamentals d
Page 16 and 17:
12 CHAPTER 1 Network Fundamentals
Page 18 and 19:
14 CHAPTER 1 Network Fundamentals T
Page 20 and 21:
16 CHAPTER 1 Network Fundamentals T
Page 22 and 23:
18 CHAPTER 1 Network Fundamentals I
Page 24 and 25:
20 CHAPTER 2 Network Media DID YOU
Page 26 and 27:
22 CHAPTER 2 Network Media Table 2.
Page 28 and 29:
24 CHAPTER 2 Network Media ■ Perf
Page 30 and 31:
26 CHAPTER 2 Network Media Table 2.
Page 32 and 33:
28 CHAPTER 2 Network Media LAN TECH
Page 34 and 35:
30 CHAPTER 2 Network Media CONNECTO
Page 36 and 37:
32 CHAPTER 2 Network Media EXAM WAR
Page 38 and 39:
34 CHAPTER 2 Network Media problems
Page 40 and 41:
36 CHAPTER 2 Network Media electrom
Page 42 and 43:
38 CHAPTER 3 Network Devices Table
Page 44 and 45:
40 CHAPTER 3 Network Devices some o
Page 46 and 47:
42 CHAPTER 3 Network Devices ■
Page 48 and 49:
44 CHAPTER 3 Network Devices ■
Page 50 and 51:
46 CHAPTER 3 Network Devices EXAM W
Page 52 and 53:
48 CHAPTER 3 Network Devices ■ Du
Page 54 and 55:
50 CHAPTER 3 Network Devices Proxy
Page 56 and 57:
52 CHAPTER 3 Network Devices Top Fi
Page 58 and 59:
54 CHAPTER 3 Network Devices the co
Page 60 and 61:
56 CHAPTER 4 Wireless Networking
Page 62 and 63:
Page 64 and 65:
60 CHAPTER 4 Wireless Networking Ta
Page 66 and 67:
62 CHAPTER 4 Wireless Networking WE
Page 68 and 69:
64 CHAPTER 4 Wireless Networking Th
Page 70 and 71:
66 CHAPTER 4 Wireless Networking us
Page 72 and 73:
Page 74 and 75:
70 CHAPTER 4 Wireless Networking si
Page 76 and 77:
72 CHAPTER 4 Wireless Networking co
Page 78 and 79:
74 CHAPTER 5 The OSI Model and Netw
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87: 82 CHAPTER 5 The OSI Model and Netw
Page 94 and 95: 90 CHAPTER 6 TCP/IP and Routing ■
Page 96 and 97: 92 CHAPTER 6 TCP/IP and Routing For
Page 98 and 99: 94 CHAPTER 6 TCP/IP and Routing UND
Page 100 and 101: 96 CHAPTER 6 TCP/IP and Routing ■
Page 102 and 103: 98 CHAPTER 6 TCP/IP and Routing Sub
Page 104 and 105: 100 CHAPTER 6 TCP/IP and Routing co
Page 106 and 107: 102 CHAPTER 6 TCP/IP and Routing
Page 108 and 109: 104 CHAPTER 6 TCP/IP and Routing al
Page 110 and 111: CHAPTER 7 Wide Area Networking 107
Page 112 and 113: WAN Protocols and Properties 109 In
Page 114 and 115: WAN Protocols and Properties 111 Cr
Page 116 and 117: Internet Access Methods 113 EXAM WA
Page 118 and 119: Internet Access Methods 115 Wireles
Page 120 and 121: Internet Access Methods 117 Top Fiv
Page 122 and 123: Internet Access Methods 119 with th
Page 124 and 125: 122 CHAPTER 8 Security Standards an
Page 146 and 147: 144 CHAPTER 9 Network Management
Page 148 and 149: 146 CHAPTER 9 Network Management Wi
Page 150 and 151: 148 CHAPTER 9 Network Management Cr
Page 152 and 153: 150 CHAPTER 9 Network Management
Page 154 and 155: 152 CHAPTER 9 Network Management An
Page 156 and 157: 154 CHAPTER 9 Network Management Lo
Page 158 and 159: 156 CHAPTER 10 Network Troubleshoot
Page 178 and 179: Glossary 177 Access Determines who
Page 180 and 181: Glossary 179 Extensible Authenticat
Page 182 and 183: Glossary 181 Oscilloscope A cable t
Page 184 and 185: Glossary 183 Wireless Network A net
Page 186 and 187:
186 Index Data link layer, 74-75 fu
Page 188 and 189:
188 Index Network troubleshooting,
show all

Syngress - Eleventh Hour Network+ Exam N10-004 Study Guide (11 ...

Create successful ePaper yourself

Delete template?

Save as template?