Join Mike Chapple for an in-depth discussion in this video Password authentication protocols, part of CompTIA Security+ (SY0-401) Cert Prep: Access Control and Identity Management.
- Many access control systems rely upon…password-based mechanisms to implement…something-you-know security.…One of the most common applications of password security…is to secure virtual private networks,…and other remote access technologies.…Let's take a look at the protocols used to implement…remote access password security.…The Password Authentication Protocol, or PAP,…is the earliest of these protocols.…In this protocol, the client wishes…to authenticate to a sever.…And both the client and server know the user's password.…
The client simply transmits the…username and password to the server…and the server validates the password.…That's about as simple as it gets…and successfully implements password authentication.…But there's one major flaw to this protocol.…PAP does not use any encryption…to protect this communication.…Anyone able to eavesdrop on the connection…can read the username and password right off the network.…For this reason, PAP should not be used…except under circumstances where the…transmission is encrypted by other means.…
Author Mike Chapple, an IT leader with over 15 years experience, introduces identification methods such as usernames and biometrics, as well as authentication methods to verify users, including multifactor authentication, password authentication, and single sign-on. He also discusses authorization concepts such as mandatory and discretionary access controls, which can help you restrict access to sensitive parts of your network. The course also covers best practices for ongoing account management, such as establishing a good password policy, managing user roles, and monitoring accounts, and what to do when you need to suspend or terminate access.
NOTE: We are now a CompTIA Content Publishing Partner. Our training prepares members to pass CompTIA certification exams and become qualified IT professionals. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Setting policies for usernames and access cards
- Implementing biometrics
- Combining authentication factors for multifactor authentication
- Using a Kerberos access control system
- Using access control lists such as Windows NTFS file permissions
- Role-based authorization
- Implementing account and password policies
Skill Level Intermediate
Q: This course was updated on 04/14/2016. What changed?
A: We updated one tutorial to address the November 2015 security update to Kerberos.