Home > Articles > Certification > Cisco Certification

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Summary

This section summarizes the main points of this chapter:

  • Authentication methods range from the use of no username or password; to static usernames and passwords, aging usernames and passwords, and the S/Key one-time password system; to the strongest authentication, one-time passwords using token cards and server systems.

  • CHAP authentication includes a periodic three-way handshake to verify the authenticity of the CHAP client.

  • Authorization controls access to network services and destinations.

  • Accounting tracks user data in the network access server or the security server.

  • In AAA with a local security database, the network access server performs AAA services and contains a user database.

  • In AAA with a remote security database, the security server performs AAA, enabling centralized management of multiple network access servers.

  • TACACS+ separates authentication, authorization, and accounting services.

  • RADIUS accounting is made more powerful with the use of extensible vendor-specific attribute-value pairs.

  • Kerberos works with a key distribution center. Servers must be "Kerberized" to support Kerberos services.

  • Cisco offers three remote security database products: CiscoSecure ACS for Windows NT, CiscoSecure ACS for UNIX, and CiscoSecure Global Roaming Server.

  • + Share This
  • 🔖 Save To Your Account