Security+: Installing and Configuring Identity and Access Services

Introduction

Identity and Access Services are important components to an effective Information Security environment. These services are also important parts of the CompTIA Security+ certification exam.

This article will detail what Identity and Access Services are covered on the exam as well as what you need to know. This article should serve as a brief review for this portion of the Security+ exam and not as a sole means of preparation.

Identity and Access Services Terms to Know

LDAP

Lightweight Directory Access Protocol, or LDAP, is part of the TCP/IP suite and is used for accessing and changing directory services data at the application level. LDAP is the protocol that controls directory services, including Active Directory. The default open port is 389, but organizations who want to employ Secure LDAP, or LDAPS, will have to use port 636.

Kerberos

A commonly-used authentication protocol, Kerberos enables computers to securely prove their identity. Many organizations that use a client-server environment use this method for computer authentication between the client and server, known as mutual authentication.

A domain controller in the network will serve as a Key Distribution Center, or KDC, which will handle authentication requests for the computers in the network. The KDC domain controller will need to have inbound port 88 open for login requests from client computers.

TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is an authentication, authorization and accounting (AAA) protocol service. This client/server model (where the client is normally a router or firewall) protocol uses default port 49. TACACS+ is considered more reliable than other authentication protocols because it runs off TCP (instead of UDP) and encrypts the entirety of the original access request packet.

CHAP

CHAP stands for Challenge-Handshake Authentication Protocol. This point-to-point protocol (PPP) is the authentication protocol of choice for dial-up connections.

CHAP (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/dTBNjX4354g/