CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
3. Page 3
– Function and purpose of authentication
services.
– Authentication services.
PACE-IT
5. Page 5
A best practice in network
security is to require
authorization when access is
desired either to the network
or resources on the network.
Authentication services are basically the first step in the
authorization process. Authentication services require requesters
to prove that they are who they say they are by the submission of
some type of credentials (e.g., usernames and passwords). The
service then examines the credentials against a database.
The database will contain information on which credentials the
authentication service will accept. If accepted, one of two things
occurs—the authorization is granted or the authentication service
passes the approved credentials to an authorization service.
Summary of authentication services.
7. Page 7
Authentication services may be
part of an AAA (Authentication,
Authorization and Accounting)
protocol.
AAA protocols will validate the credentials of the requester
(authentication), grant access to the resource (authorization), and
then log the requestor’s activity (accounting). All of these
separate functions can be combined into a single protocol.
In other cases, the individual services (i.e., authentication,
authorization, and accounting) are actually separated. In this
situation, the services will be set up in a manner in which they will
pass information back and forth in order to form a holistic, secure
environment.
Summary of authentication services.
8. Page 8
– RADIUS (Remote Authentication Dial-In
User Service).
» A remote access service that is used to authenticate remote
users and grant them access to authorized network resources.
» It is a popular AAA protocol used to help ensure that only
authenticated end users are using the network resources they
are authorized to use.
• The accounting features are very robust.
» Only the requester’s (the end user’s) password is encrypted.
– TACACS+ (Terminal Access Controller
Access-Control System Plus).
» A remote access service that is used to authenticate remote
devices and grant them access to authorized network
resources.
» It is a popular AAA protocol used to help ensure that only
authenticated remote network devices are using the network
resources they are authorized to use.
• The accounting features are not as robust as those of
RADIUS.
» All transmissions between devices are encrypted.
Summary of authentication services.
9. Page 9
– Kerberos.
» Authentication protocol, which uses TCP or UDP port 88.
» A system of authentication and authorization that works well in
environments that have a lot of clients.
» The Key Distribution Center (KDC) is the main component.
» The KDC has two parts—the authentication server (AS) and
the Ticket-Granting Service (TGS).
» When a user logs in, a hash of his or her username and
password is sent to the AS; if the AS likes the hash, it responds
with a ticket granting ticket (TGT) and a timestamp.
» The client sends the TGT with timestamp to the TGS.
» The TGS responds with a service ticket (can also be called an
access token or just a token).
» The service ticket (token) authorizes the user to access specific
resources.
» As long as the TGT is still valid, the TGS will grant
authorization by issuing a new service ticket.
Summary of authentication services.
10. Page 10
– LDAP (Lightweight Directory Access
Protocol).
» A directory service protocol that can be used to authenticate
clients.
• LDAP requests are sent over TCP port 389.
» Applications that are LDAP compliant will validate
(authenticate) the client and then retrieve the requested
information stored in the directory.
– Secure LDAP.
» Encrypted version of LDAP using SSL (Secure Socket Layer)
over TCP port 636.
• All communication between the client and LDAP is secure.
– SAML (Security Assertion Markup
Language).
» An XML (Extensible Markup Language) standard that is used to
allow systems to exchange authentication and authorization
information.
Summary of authentication services.
11. Page 11
Summary of authentication services.
Authentication services are the first step in the authorization process.
Authentication services check to ensure that requesters are who they claim
to be through a process of validating the requesters’ credentials (e.g.,
usernames and passwords) against information contained in a database. If
the credentials are accepted, they are then passed onto the authorization
service. If the credentials are rejected, so is the requester.
Topic
Function and purpose of
authentication services.
Summary
Authentication services may form part of an AAA protocol. AAA protocols
will perform authentication, authorization, and accounting services for
networks and network resources. Popular authentication services include:
RADIUS, TACACS+, Kerberos, LDAP, Secure LDAP, and SAML.
Authentication services.
13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.