Network Security FAQ: Remote Access
Q1. What does AAA stand for, and what is its function?
Answer: AAA stands for authentication, authorization, and accounting and provides security to Cisco IOS routers and network devices.
Q2. What is authentication used for?
Answer: By requiring the user’s username and password, authentication enables administrators to identify who can connect to a router.
Q3. What is authorization used for?
Answer: Authorization allows administrators to control the level of access users have after they have successfully gained access to a device.
Q4. What is accounting used for?
Answer: Accounting allows administrators to collect information about users. More specifically, administrators can track which user logged in to which router, which Cisco IOS commands a user issued, and how many bytes were transferred during a user’s session.
Q5. What are the three types of authentication servers supported by Cisco IOS?
Answer: The three types of authentication servers supported by Cisco IOS are TACACS+, RADIUS, and Kerberos.
Q6. List three characteristics of the TACACS+ protocol.
Answer: Three characteristics of the TACACS+ protocol are as follows:
- Packets sent between client/server are TCP.
- TCP port is 49.
- There is packet encryption.
Q7. List three characteristics of the RADIUS protocol.
Answer: Three characteristics of the RADIUS protocol are as follows:
- Packets sent between client/server are UDP.
- UDP port is 1812.
- There is password encryption.
Q8. What Cisco IOS command is used to enable AAA on a router?
Answer: The Cisco IOS command to enable AAA on a Cisco IOS device is aaa new-model.
Q9. What is the Cisco IOS lock-and-key feature?
Answer: The lock-and-key feature uses dynamic access lists to create specific, temporary openings in the network in response to a user’s successful authentication.
Q10. Give an example of two-factor identification.
Answer: One example of two-factor identification is as follows: When retrieving money from an account at an ATM, a customer needs both a PIN number and the magnetic-strip card.
