Menu
Welcome to Exam Notes by CertBlaster! This is our free study guide for Network plus 4.2. In this edition, we will cover objective 4.2 “Explain authentication and access controls.”
The three major elements of network access are known as AAA. This stands for Authentication, Authorization, and Accounting. AAA answers the following questions anytime a user is validated for network access.
The answers to these questions can be provided through several access control technologies. These will be discussed next.
RADIUS (Remote Authentication Dial-In User Service) is the most popular service that centralizes resource management and conforms to AAA functions. RADIUS is an open source standard that can run on a dedicated device, called a RADIUS server, or it can run as software on a server which provides other network services. With regards to security, RADIUS only encrypts passwords making it less secure than TACACS+.
TACACS+ (Terminal Access Controller Access Control System Plus) is a proprietary AAA protocol designed by Cisco in order to run on routers or switches. TACACS+ encrypts all transmissions and provides separation in the protocols used for AAA. Its design allows protocols such as Kerberos to be used for authentication while TACACS+ provides the authorization and accounting service.
Kerberos is the default authentication protocol for Active Directory. Key encryption is used for client verification and communication. Kerberos uses SSO (Single sign-on) authentication which allows a user to sign on once and conveniently access multiple resources, eliminating the need to sign into each resource individually. In AD, Kerberos is the default authentication protocol but is not the only one supported. LDAP (Lightweight Directory Access Protocol) serves as a common model for accessing the existing directory structure. AD and LDAP can run concurrently.
Local authentication describes an AAA model where all processes are performed on the local device.
Certificates are used to authenticate users. In Certificate-Based Authentication, an authentication request is sent that contains the user’s public key that is then used to validate its authenticity.
Multifactor authentication provides greater security by requiring multiple authorization components from two of the five factors presented below. Here is how CompTIA defines them:
Something you know – This is a password or PIN.
Something you have – This can be a smart card, smartphone, or a digital key fob.
Something you are – Stored physical data is used for authentication. The geometry of your face, your fingerprint, and your iris all represent something you are.
Somewhere you are – This method requires your location to match the stored data.
Something you do – This represents the individual aspects of the way you enter data. Speech recognition allows your speech pattern to be compared with the sample. Even the speed at which you type can be used.
The 802.1x standard was developed in order to allow wired and wireless users to access the LAN. EAPoL (EAP over LAN) is used for this process.
NAC (Network access control) uses network policies in order to control and set the appropriate type and level of access for each device. Access control lists are an example of access control policy.
Port security is the practice of securing ports against unauthorized access using software or hardware. MAC address filtering is used to block unauthorized traffic based on the source MAC address and an updateable address table. The switch-port can be easily disabled.
Captive portal is generally configured in order to provide the Wi-Fi Guest account settings for a network. The user is brought to a log on page that will usually require consent to the terms of use and connection related information such as privacy and security.
That’s all for objective 4.2. See you in 4.3!
Here is a short video showing a performance-based question in our Network+ Exam Simulator:
By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.