Compatia Security + Authentication Services
Comparing Authentication Services
Kerberos
Kerberos is a network authentication protocol within a Microsoft Windows Active Directory domain or Unix realm. It uses a database of objects such as active directory and KDC (or TGT server) to issue time stamped tickets that expire after a certain time period.LDAP
LDAP is based on an earlier version of x.500 Windows active directory domains and Unix Realms use LDAP to identify objects in query strings with codes such as CN=users and DC=oscar.com Secure LDAP encrypts transmissions with SSL or TLS.SSO
SSO enhances security by requiring users to use and remember only one set of credentials for authentication. Once signed on using SSO, this one set of credentials is used throughout a user's entire session. SSO can provide central authentication against a federated database for different operating systems. SSO does not support authorization. SSO only supports Identification and Authentication.SALM
SALM is an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides SSO for web-based applications.Authenticating RAS Clients
PAP authentication uses a password or a PIN. Its weakness is that PAP sends the information across a network in cleartext, making it susceptible to sniffing attacks. CHAP is more secure than PAP because passwords are not sent over the network in cleartext. BOTH PAP and CHAP use PPP.
Radius provides centralized authentication. Diameter is an improvement over RADIUS, and it supports many additional capabilities, including securing transmission with EAP.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.