Importance of Netwrok Security
Importance of Netwrok Security
Importance of Netwrok Security
EAP-MD-5 (Message Digest) Challenge is an EAP authentication type that provides base-level
EAP support. EAP-MD-5 is typically not recommended for Wi-Fi LAN implementations because it
may allow the user's password to be derived. It provides for only one-way authentication - there's
no mutual authentication of Wi-Fi client and the network. And very importantly it doesn't provide a
means to derive dynamic, per session wired equivalent privacy (WEP) keys.
EAP-TLS (Transport Layer Security) provides for certificate-based and mutual authentication of
the client and the network. It relies on client-side and server-side certificates to perform
authentication and can be used to dynamically generate user-based and session-based WEP keys
to secure subsequent communications between the WLAN client and the access point. One
drawback of EAP-TLS is that certificates must be managed on both the client and server side. For
a large WLAN installation, this could be a very cumbersome task.
EAP-TTLS (Tunneled Transport Layer Security) was developed by Funk Software* and
Certicom*, as an extension of EAP-TLS. This security method provides for certificate-based, mutual
authentication of the client and network through an encrypted channel (or tunnel), as well as a
means to derive dynamic, per-user, per-session WEP keys. Unlike EAP-TLS, EAP-TTLS requires
only server-side certificates.
EAP-FAST (Flexible Authentication via Secure Tunneling) was developed by Cisco*. Instead
of using a certificate to achieve mutual authentication. EAP-FAST authenticates by means of a
PAC (Protected Access Credential) which can be managed dynamically by the authentication
server. The PAC can be provisioned (distributed one time) to the client either manually or
automatically. Manual provisioning is delivery to the client via disk or a secured network distribution
method. Automatic provisioning is an in-band, over the air, distribution.
a. Data breaches
b. Weak identity, credential and access management
c. Insecure interfaces and APIs
d. System and application vulnerability
e. Account hijacking
f. Malicious insiders
g. Advanced persistent threats
h. Data loss
i. Insufficient due diligence
Task 2(Discussion board): In no less than 250 words, explain why a network engineer
would enable IEEE802.1X on a Cisco switch port. Give a scenario where this would be
relevant. Also write down the IOS configuration to enable it on a switchport.
802.1X offers phenomenal perceivability and secure, character based access control at the system edge.
With the suitable plan and well-picked parts, you can address the issues of your security arrangement while
limiting the effect to your foundation and end clients.
The requirement for secure system get to has never been more noteworthy. Experts, contractual workers,
and visitors currently expect access to organize assets over an indistinguishable LAN associations from
standard representatives, who may themselves bring unmanaged gadgets into the working environment.
As information systems turn out to be progressively crucial in everyday business activities, the likelihood
that unapproved individuals or gadgets will access controlled or secret data additionally increments. The
best and most secure answer for powerlessness at the entrance edge is to use the insight of the system.
802.1X is an IEEE standard for media-level (Layer 2) get to control, offering the capacity to allow or deny
organize network in view of the character of the end client or gadget.
• Visibility—802.1X gives more prominent perceivability into the system on the grounds that the verification
procedure gives an approach to connect a username with an IP address, MAC address, switch, and port.
This perceivability is helpful for security reviews, organize crime scene investigation, arrange utilize insights,
and investigating.
• Security—802.1X is the most grounded technique for validation and ought to be utilized for overseen
resources that help a 802.1X supplicant. 802.1X acts at Layer 2 in the system, enabling you to control
arrange access at the entrance edge.
• Transparency—In numerous cases, 802.1X can be sent in a way that is straightforward to the end client.
• User and gadget verification—802.1X can be utilized to verify gadgets and clients.
Switch(config)# interface gig0/2
Switch(config-if)#end