৬৬৬৭৬-অধ্যায়-৩

অধ্যায়ঃ ০৩
Network Security Protocols
সিলেবাস
3.1 Define authentication, authorization and accounting.
3.2 Describe authentication, authorization and accounting of AAA Server.
3.3 Define TACACS+ and RADIUS
3.4 Mention the encryption technology overview.
3.5 State DES, 3DES, AES, MD5, SHA, IPsec protocols.
3.6 Describe Diffie- Hellmantechnique
প্রশ্নব্যাংক
১। Authentication কাকে বলে?
২। Authorization কাকে বলে?
৩। Accounting কাকে বলে?
৪। AAA Server এর Authentication, authorization এবং accounting বর্ণনা কর।
৫। TACACS+ বলতে কী বুঝ?
৬। RADIUS কাকে বলে?
৭। Encryption technology overview বর্ণনা কর।
৮। DES, 3DES, AES, MD5, SHA, IPsec protocols বর্ণনা কর।
৯। Diffie- Hellman technique বর্ণনা কর।
১। Authentication কাকে বলে?

Authentication is the process of recognizing a user’s identity. It is the mechanism of
associating an incoming request with a set of identifying credentials. The credentials
provided are compared to those on a file in a database of the authorized user’s
information on a local operating system or within an authentication server.
২। Authorization কাকে বলে?

Authorization is a security mechanism to determine access levels or user/client privileges
related to system resources including files, services, computer programs, data and
application features. This is the process of granting or denying access to a network
resource which allows the user access to various resources based on the user's identity.
৩। Accounting কাকে বলে?

The final piece in the AAA framework is accounting, which monitors the resources a user
consumes during network access. This can include the amount of system time or the
amount of data sent and received during a session.
Accounting is carried out by logging session statistics and usage information. It is used
for authorization control, billing, trend analysis, resource utilization, and planning for the
data capacity required for business operations.

AAA stands for authentication, authorization, and accounting.
AAA is a framework for intelligently controlling access to computer resources, enforcing
policies, auditing usage, and providing the information necessary to bill for services.
These processes working in concert are important for effective network management and
security.
Authentication
Authentication provides a method of identifying a user, typically by having the user enter
a valid username and password before access to the network is granted. Authentication is
based on each user having a unique set of login credentials for gaining network access.
The AAA server compares a user's authentication credentials with other user credentials
stored in a database; in this case, that database is Active Directory. If the user's login
credentials match, the user is granted access to the network. If the credentials don't
match, authentication fails and network access is denied.

Authorization
Following authentication, a user must gain authorization for doing certain tasks. After
logging in to a system, for instance, the user may try to issue commands. The
authorization process determines whether the user has the authority to issue such
commands.
Simply put, authorization is the process of enforcing policies—determining what types or
qualities of activities, resources, or services a user is permitted. Usually authorization
occurs within the context of authentication. After you have authenticated a user, they may
be authorized for different types of access or activity.
As it relates to network authentication via RADIUS and 802.1x, authorization can be
used to determine what VLAN, Access Control List (ACL), or user role that the user
belongs to.

Accounting
The final piece in the AAA framework is accounting, which monitors the resources a user
consumes during network access. This can include the amount of system time or the
amount of data sent and received during a session.
Accounting is carried out by logging session statistics and usage information. It is used
for authorization control, billing, trend analysis, resource utilization, and planning for the
data capacity required for business operations.
ClearPass Policy Manager functions as the accounting server and receives accounting
information about the user from the Network Access Server (NAS). The NAS must be
configured to use ClearPass Policy Manager as an accounting server, and it is up to the
NAS to provide accurate accounting information to ClearPass Policy Manager.

TACACS (Terminal Access Controller Access Control System) is an older authentication
protocol common to UNIX networks that allows a remote access server to forward a
user's logon password to an authentication server to determine whether access can be
allowed to a given system. TACACS is an encryption protocol and therefore less secure
than the later TACACS+ and Remote Authentication Dial-In User Service protocols.


• Remote Authentication Dial-In User Service (RADIUS) is a networking protocol,
operating on ports 1812 and 1813, that provides centralized Authentication,
Authorization, and Accounting (AAA or Triple A) management for users who connect
and use a network service. RADIUS was developed by Livingston Enterprises, Inc. in
1991 as an access server authentication and accounting protocol and later brought into
the Internet Engineering Task Force (IETF) standards. RADIUS is a client/server
protocol that runs in the application layer, and can use either TCP or UDP as transport
. Network access servers, the gateways that control access to a network, usually
contain a RADIUS client component that communicates with the RADIUS server.[1]
RADIUS is often the back-end of choice for 802.1X authentication as well.[2]
• http: port 80
• https: 443


Network encryption implements one or more encryption algorithms, processes and
standards to encrypt the data/message/packet sent over the network. The encryption
services are generally provided by encryption software or through an integrated
encryption algorithm on network devices and/or in software.
The three major encryption types are DES, AES, and RSA.
DES Data Encryption Standard encryption
Accepted as a standard of encryption in the 1970s, DES encryption is no longer
considered to be safe on its own. It encrypts just 56-bits of data at a time and it was found
to be easily hacked not long after its introduction. It has, however, served as the standard
upon which future, more-secure encryption tools were based.

3DES
A more modern 3DES is a version of block cipher used today. Triple Data Encryption
Standard (3DES) works as its name implies. Instead of using a single 56-bit key, it uses
three separate 56-bit keys for triple protection.
The drawback to 3DES is that it takes longer to encrypt data. Also, the shorter block
lengths are encrypted three times, but they can still be hacked. Banks and businesses still
rely on it at this point in time, but newer forms may soon phase out this version.

Diffie Hellman (DH) key exchange algorithm is a method for securely exchanging
cryptographic keys over a public communications channel. Keys are not actually
exchanged – they are jointly derived. It is named after their inventors Whitfield Diffie
and Martin Hellman.

৬৬৬৭৬-অধ্যায়-৩

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

৬৬৬৭৬-অধ্যায়-৩

Uploaded by

Copyright:

Available Formats

অধ্যায়ঃ ০৩

Network Security Protocols

১। Authentication কাকে বলে?

২। Authorization কাকে বলে?

৩। Accounting কাকে বলে?

৪। AAA Server এর Authentication, authorization এবং accounting বর্ণনা কর।

৪। AAA Server এর Authentication, authorization এবং accounting বর্ণনা কর।

৪। AAA Server এর Authentication, authorization এবং accounting বর্ণনা কর।

৫। TACACS+ বলতে কী বুঝ?

৫। TACACS+ বলতে কী বুঝ?

৬। RADIUS কাকে বলে?

৬। RADIUS কাকে বলে?

৭। Encryption technology overview বর্ণনা কর।

৭। Encryption technology overview বর্ণনা কর।

৯। Diffie- Hellman technique বর্ণনা কর।

৯। Diffie- Hellman technique বর্ণনা কর।

You might also like