Monday, November 16, 2009

Networking?

How do authentications protocols function?


such as RADIUS, TACACS, Kerberous, PAP, CHAP, MS-CHAP?





ALSO, CAN YOU EXPLAIN WEP and WPA and 802.11i





thank you

Networking?
Remote Authentication Dial In User Service (RADIUS) is an AAA (authentication, authorization, and accounting) protocol for controlling access to network resources. RADIUS is commonly used by ISPs and corporations managing access to the internet or internal networks across an array of access technologies, including modems, DSL, wireless and VPNs.





Terminal Access Controller Access-Control System (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network.





TACACS allows a client to accept a username and password and send a query to a TACACS authentication server, sometimes called a TACACS daemon or simply TACACSD. This server was normally a program running on a host. The host would determine whether to accept or deny the request and send a response back. The TIP would then allow access or not, based upon the response. In this way, the process of making the decision is "opened up" and the algorithms and data used to make the decision are under the complete control of whoever is running the TACACS daemon.





Kerberos is the name of a computer network authentication protocol, which allows individuals communicating over a non-secure network to prove their identity to one another in a secure manner. It is also a suite of free software published by Massachusetts Institute of Technology (MIT) that implements this protocol. Its designers aimed primarily at a client-server model, and it provides mutual authentication — both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.





Kerberos builds on symmetric key cryptography and requires a trusted third party. Extensions to Kerberos can provide for the use of public-key cryptography during certain phases of authentication.





Password Authentication Protocol, sometimes abbreviated PAP, is a simple authentication protocol used to authenticate a user to a network access server used for example by internet service providers. PAP is used by Point to Point Protocol. Authentication is a process of validating a user before accessing the resources. Almost all network operating system remote servers support PAP.





PAP transmits unencrypted ASCII passwords over the network and is therefore considered insecure. It is used as a last resort when the remote server does not support a stronger authentication protocol, like CHAP or EAP (while the last is actually a framework).





CHAP is an authentication scheme used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake. This happens at the time of establishing the initial link, and may happen again at any time afterwards. The verification is based on a shared secret (such as the client user's password).





MS-CHAP is the Microsoft version of the Challenge-handshake authentication protocol, CHAP. The protocol exist in two versions, MS-CHAPv1 (defined in RFC 2433) and MS-CHAPv2 (defined in RFC 2759). MS-CHAPv2 was introduced with Windows 2000. Windows Vista drops support for MS-CHAPv1.





Compared with CHAP, MS-CHAP:





* is enabled by negotiating CHAP Algorithm 0x80 (0x81 for MS-CHAPv2) in LCP option 3, Authentication Protocol


* provides an authenticator-controlled password change mechanism


* provides an authenticator-controlled authentication retry mechanism


* defines failure codes returned in the Failure packet message field





MS-CHAPv2 provides mutual authentication between peers by piggybacking a peer challenge on the Response packet and an authenticator response on the Success packet.





Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio, so are more susceptible to eavesdropping than wired networks. When introduced in 1999, WEP was intended to provide confidentiality comparable to that of a traditional wired network.





Wi-Fi Protected Access (WPA and WPA2) is a class of systems to secure wireless (Wi-Fi) computer networks. It was created in response to several serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was prepared. WPA is specifically designed to also work with pre-WPA wireless network interface cards (through firmware upgrades), but not necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards.[
Reply:wikipedia is ur friend http://en.wikipedia.org/wiki/RADIUS
Reply:In regard to WEP and WPA, WEP is extremely vulnerable to hacking. It is quite easy, as explained step-by-step at http://n00bhacker.blogspot.com .

dental care
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)