AAA

Synopsis

A two-day seminar dealing with the myriad protocols making up Authentication, Authorization and Accounting: Focusing on the common protocols and implementations of Active Directory (LDAP/Kerberos), NIS, RADIUS, Diameter, as well as legacy methods likely to be supported in various enterprise deployments. A primer on encryption is discussed as well, along with packet level dumps and analyses.

Target Audience

Developers wishing to understand how authentication protocols work; Network engineers who need to debug protocols at the packet level.

Prerequisites

Objectives

Explain the evolution of AAA mechanisms, from local authentication to distributed authentication
Explain the leading authentication schemes, notably Active Directory
Explain how encryption integrates into AAA schemes to provide security

Exercises

This course is an instructor-led presentation. Instructor provides many demonstrations, though generally there are no exercises.

Modules

1.	AAA(A): Introduction
	2 hours

Explanation of the key tenets of AAA, as well as the elusive fourth "A": Auditing. Topics covered include:

AAA - broken down to its constituents
Auditing
AAA deployments: Push
AAA deployments: Pull
AAA in roaming deployments
Single Sign On
Multi-Factor Authentication
AAA elements and building blocks

2.	Cryptography: A primer
	2 hours

Basic foundations of cryptogrpahy used in AAA - symmetric and assymetric encryption and authentication

Encryption algorithms: Stream and Block ciphers
Hash functions
Symmetric Encryption algorithms as authenticators
Asymmetric (PKI) Encryption - Diffie Hellman and RSA
Asymmetric encryption algorithms as authenticators

3.	Legacy Authentication: UNIX
	1 hours

Discussing the evolution of UNIX authentication, from the venerable /etc/passwd file, through the shadow file, culminating in NIS and PAM. Topics include:

/etc/passwd - world readable, DES encryption
/etc/shadow - better security, better encrypion
Distributed authentication through YP and NIS
Pluggable Authentication Module
PAM Modules - deployment and configuration

4.	Legacy Authentication: Windows
	1 hours

Discussing the evolution of Windows authentication, from the old and insecure protocols of LAN Manager to NTLMv2.

Windows Security Accounts Manager (SAM) database
The Windows Registry
Encrypting passwords
The Lan Manager Hash
NTLM and NTLMv2
NTLM over HTTP

Day 2

5.	Kerberos
	1 hours

Explaining the ideas behind Kerberos (RFC1534) and its Windows implementation. Topics include:

Centralized security
Kerberos Authentication Servers
Tokens and Tickets
Kerberos at the packet level

6.	LDAP
	2 hours

Explaining the need for centralized directories, and the implementations of DAP and LDAP, down to the packet level

LDAP fundamentals
RFCs: 4510 through 4518 and X.500
Accessing directories
LDAP Tools
LDAP at the packet level
LDAP + Kerberos = AD

6.	RADIUS and Diameter
	2 hours

Explaining the authentication frameworks of the Remote Authentication Dial-In Users Service (RADIUS) and its successor, DIAMETER

7.	EAP
	1 hours

The Extensible Authentication Protocol, and its various sub protocols:

Extending Authentication
EAP-MD5
EAP-TLS
EAP and RADIUS interoperability
PEAP
EAPoL: 802.1x

Home

Training

Consulting

Products (NEW)

Contact Us