SlideShare ist ein Scribd-Unternehmen logo

At8000 s configurando_aaa

NetPlus
NetPlus
Technologie
1 von 59
Downloaden Sie, um offline zu lesen
AAA - Authentication, Authorization and Accounting AT - 8000S
AAA Services  Authentication  Authorization  Accounting
The Need for AAA services • In present day networks many tools are available to access and configure devices, locally or remotely (Terminal, Telnet, EWS, SSH etc) • It is desirable and useful to be able to limit who can view/change settings of the system • Verification is needed for: – User authentication – will user have (any) device access? – User authorization – once user has access, what level of access will he has?
AAA services • AAA security services - using usernames and/or password to Authenticate user’s identity and access (authorization) level and to record what user has done. • The AT - 8000S switches implement the Authentication and Authorization.
Secure Switch Management Local Authentication Data Flow Device Database UserID: bob Password: ge55gep attributes: xxxx Device UserID: bob Password: ge55gep Access-Accept User Telnet to the Switch User Console to the Switch User SSH to the Switch
Secure Switch Management Authentication Data Flow User Database UserID: bob Select UserID=bob Device Password: ge55gep Device-ID: 207.12.4.1 Bob password=ge55gep UserID: bob Access-Accept Timeout=3600 Password: ge55gep User-Name=bob RADIUS [other attributes] [other attributes] Server User Telnet to the Switch User Console to the Switch User SSH to the Switch
RADIUS Basics • Defined by IETF standard RFC2138 & RFC2139 http://www.faqs.org/rfcs/rfc2138.html http://www.faqs.org/rfcs/rfc2139.html • Requires Clients (normally a NAS, in our case a Switch) and servers (often called RADIUS servers)
Switches AAA Implementation AT - 8000S
AAA – Databases • Access security (AAA) services on the AT - 8000S uses the following databases (or methods) for username and Password validation: – Local – Device database with the following fields: Username, Password and Level of privilege (access) – Enable - Device general password list for gaining privileged (high) level access – Line – Device password list for each specific line (console, telnet and SSH) for gaining access – RADIUS server – External database with the following fields: Username, Password and Level of privilege (access) – TACACS + - A security application that provides centralized validation of users to gain access to a device (router or an access server). To be addressed in a separate presentation – (None) – no database is used (username and PW not needed)
AAA – Management interfaces • Access security (AAA) services on the device can be configured on 5 management interfaces: – Console (ASCII terminal), telnet & SSH – • Have their own line command mode. • Lookup using any of the methods • Are associated with one or more lookup methods using method lists – or lists of databases • Separate method lists for authentication and authorization – HTTP & HTTPS • Do not have a line command mode • Lookup using only in local, RADIUS, TACACS+ or “none” methods • Associated directly to one or more methods (not through a list) • Lookup only for authentication (includes authorization lookup) • One more interface is the 802.1x which is an access (not management) control – This issue will be covered in separate presentation.
AAA – Methods Lists • Methods lists contain one or more databases (methods) • Methods lists are defined separately for Authentication and Authorization verification • User can define many lists for each type • Each method list is assigned a list-name. • “Default” method list is a unique list which exists on the device. This list can be configured by user like any other list (but not removed). • Console, Telnet and SSH are associated separately to one authentication method-list and one authorization method- list
AAA – Methods Lists • Authentication methods lists can contain one or more of the following methods: enable, line, local, RADIUS, TACACS+ and “none”. • Authorization methods list can contain one or more of the following methods: enable, line, RADIUS, TACACS+ and “none” (but not local database)
AAA – “Default” Method List • System has 2 method lists named “default”: one for login and one for enable (authorization) • This is the method list which applies to the lines – unless user defines otherwise. • At system startup the default method list is different for console or network (telnet, SSH) connections: – For login default method list is: • Console_Default : None • Network_Default : Local – For enable default method list is: • Console_Default : Enable None • Network_Default : Enable – http : Local – https : Local – dot1x : • If user modifies the “default” list (via CLI) the same method list applies for both console and network connections. Via web management both defaults can be changed separately
AAA – Method Rules • Method lists containing only 1 method: – If username and/or PW are verified by DB - user is granted access or the level of access required – If the method specified is “none” - user is granted access or the level of access required without having to provide a Username or PW. – If username and/or PW are not accepted by DB – access or access level is denied – If database is unavailable (or not configured) - access or access level is denied
AAA – Method Rules • Method lists containing a list of methods: – If username and/or PW are verified by current DB - user is granted access or the level of access required – If username and/or PW do not exist on current DB – access or access level is denied (does not check next DB) – even if “none” is the next method on the list – If current methods is unavailable (or not configured) – verification process is attempted on next methods on list – If all methods are unavailable (checked one by one) - access or access level is denied, unless “none” method is part of the list
AAA Configuration • When using separate security server, the device has to be configured with the RADIUS/TACACS+ server parameters and attributes • Configure the databases (on device or RADIUS/TACACS server) with the relevant Username and/or PW • Define the method lists for authentication and authorization using AAA commands • Apply the method lists to a particular line (line command mode), if required • If needed, apply the methods directly to the HTTP/HTTPS services
AAA Process • When a particular line attempts to access the device, user authentication (or access level) is performed by checking the method list attached to that line. • User authentication and authorization occurs in the order the methods are listed in the relevant list • User will be authenticated by the first method on the list, and only if the first option cannot be reached - by next methods listed. • If the first (or current) methods is functioning properly – but user is not authenticated (entry does not exit), next methods are not used
AAA 1. Creating passwords (and users) databases • Local, enable, line, RADIUS, TACACS+, none 2. Assign databases to methods • One or more database to each method (or none) 3. Attaching methods to line Console Local Pwd Regis login Enable Pwd rating telnet Method Line Pwd the enable system ssh Radius Pwd None http https
AAA (1) DataBase console(config)# username XXX password YYY level 15 User name password level local: Local1 loc1 1 Local15 loc15 15 console(config)# enable password level 15 YYY User name password level enable: ----- en1 1 ----- en15 15 console(config)# line console/telnet/ssh console(config-line)# password YYY line: User name password level ----- linec (for console) ----- ----- linet (for telnet) ----- ----- lines (for ssh) -----
AAA cont’ Assign database to methods: console(config)# aaa authentication login log_tel enable none login/enable method name Database in use login log_cons line none login log_tel enable none login log_ssh local console(config)# aaa authentication enable en_cons local login/enable method name Database in use enable en_cons local enable en_tel line enable en_ssh Radius enable none
AAA cont’ • Attaching methods to line: console(config)# line console console(config-line)# login authentication log_cons console(config-line)# enable authentication en_cons console(config-line)# console(config)# line telnet console(config-line)# login authentication log_tel console(config-line)# enable authentication en_tel console(config-line)# console(config)# line ssh console(config-line)# login authentication log_ssh console(config-line)# enable authentication en_ssh console(config-line)# console(config)# console(config)# ip http authentication local none console(config)# ip https authentication radius local
AAA cont’ • console# show authentication methods DB – local User name password level • Login Authentication Method Lists • ------------------------------------------- Local1 loc1 1 • Console_Default : None Local15 loc15 15 • Network_Default : Local • log_ssh : Local • log_tel : Enable None • log_cons : Line None DB – enable User name password level • Enable Authentication Method Lists ----- en1 1 • ---------------------------------- • Console_Default : Enable None ----- en15 15 • Network_Default : Enable • en_ssh : Radius Enable None • en_tel : Line DB – line • en_cons : Enable None User password level name • Line Login Method List Enable Method List ---- linec (for console) ----- • ---------- ------------------------ ----------------- -- ---- linet (for telnet) ----- • Console log_cons en_cons • Telnet log_tel en_tel ---- lines (for ssh) ----- • SSH log_ssh en_ssh • http : Local None • https : Radius Local
AAA CLI Configuration AT - 8000S
AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
AT - 8000S – Line Mode • Use the following Global Mode command to enter the command line mode of console/telnet/ssh: line {console | telnet | ssh} Example – entering telnet line mode: console# con console(config)# line telnet console(config-line)#
AT - 8000S – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
AAA – Line Password • Use the following Line Configuration Mode command to specify a password for a line. To remove the password, use the no form of this command: password password [encrypted] no password encrypted - Encrypted password you enter, copied from another device configuration.
AAA – Line Password • Notes: – Each line (console, telnet, ssh) is configured with its own password and only that PW will apply for that line. – Each line has only 1 PW – entering a new PW will cancel previous one – There is no “show” command to view line PW
AT - 8000S – Line PW Example • Example – configuring a PW for each of the lines (console; telnet and SSH) console(config)# line console console(config-line)# password PW_Console console(config-line)# exit console(config)# line telnet console(config-line)# password PW_Telnet console(config-line)# exit console(config)# line SSH console(config-line)# password PW_SSH console(config-line)#
AAA – Enable Password • Use the following Global Mode command to set a local password for different privilege levels. Use the no form of this command to remove the password requirement. enable password [ level level ] password [encrypted] no enable password [ level level ] • level - Level for which the password applies. If not specified the level is 15. • Encrypted - Encrypted password you enter, copied from another device configuration
AAA – Enable Password • Notes: – Only 1 PW can be defined for each level (new PW settings for a level will erase previous entry) – Only levels 15 and 1 are implemented in current version – There is no “show” command to view enable PW – If enable is the method used for login (authentication), the user must enter the PW for level 1. If user will use PW for level 15 – access will be denied.
AAA – Local User Name • Use the following Global Mode command to establish a username-based authentication system. Use the no form to remove a user name: username name [password password] [Level level] [encrypted] no username name • name & password - The name and authentication password of the user. • level - Specifies the user level. If not specified the privilege level is 15.
Enable & User Example • Example – Configuring enable PW level 15 and level 1 – Configuring local DB user name and PW console(config)# console(config)# enable password level 15 high console(config)# enable password level 1 low console(config)# username david password david level 15 console(config)# username george password george level 1 console(config)#
AAA - RADIUS Server • Use the following Global Mode command to specify a RADIUS server host. To delete the specified host, use the no form of command: radius-server host ip-address [auth-port auth-port-number] [timeout timeout] [retransmit retries] [deadtime deadtime] [key key-string] [source source] [priority priority] [usage type] no radius-server host ip-address
RADIUS – Global Parameters • Each of the parameters in the radius server host command can be used as individual commands to configure Global Radius configuration (Applied to a server if host command did not include this parameter): radius-server key radius-server retransmit (default 3) radius-server source-ip (default 0.0.0.0) radius-server timeout (default 3) radius-server deadtime (default 0) • “no” form of command can be used with each command type to return value to default
AT - 8000S - Radius Example • Example – Configuring a radius server with IP 10.1.1.100 port 1645 and priority 1 – Defining Global retransmit value of 5 console(config)# console(config)# radius-server host 10.1.1.100 auth-port 1645 priority 1 console(config)# radius-server retransmit 5
AT - 8000S – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
Login Authentication Method • Use the following Global Mode command to define authentication methods lists at login. use the no form of this command to erase defined name aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} • default - The device’s default list of methods. Using the “no” option on “default” returns it to the device default • list-name - name of a (user defined) list of authentication methods which can be activated when a user logs in.
Login Authentication Method • method1 [method2...] - at least one of the following:
Login Authentication Method • The additional methods in a list (if such were defined) are used only if the previous method returns an error, not if it denies login. To ensure that the login succeeds even if all methods return an error (but not if they denied access), specify none as the final method. • The default and optional list names defined with the aaa authentication login command are attached to a line using the login authentication command (line mode)
Enable Authentication Method • Use the following Global Mode command to set Authorization when the user attempts to access a higher privilege level. To remove a list (or return “default” list to original setting) use the no form of this command: aaa authentication enable {default | list-name} method1 [method2...] no aaa authentication enable {default | list-name}
Enable Authentication Method method1 [method2...] - At least one of the following:
Enable Authen. Method • The additional methods on a list (if such were defined) are used only if the previous method returns an error, not if it authentication fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method • All aaa authentication enable requests sent by the router to a RADIUS or TACACS server include the username "$enabx$.", where x is the requested privilege level (15 for the highest) • The default and optional list names that you define with the aaa authentication enable command are applied to a line with the enable authentication (line configuration mode) command.
Method Lists - Example • Example – Configuring 3 different login method lists – Changing login “default” method list – Configuring 3 different enable method lists console(config)# aaa authentication login log1 local none console(config)# aaa authentication login log2 radius enable console(config)# aaa authentication login log3 line console(config)# aaa authentication login default line console(config)# aaa authentication enable en1 enable none console(config)# aaa authentication enable en2 line console(config)# aaa authentication enable en3 radius none
AT - 8000S – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
Assigning Login Authentication-list to Line • Use the following Line Configuration Mode command to specify login authentication method list. To return to the default list use the no form of this command: login authentication {default | list-name} no login authentication • default / list-name – as specified in the Global Mode aaa authentication login command. • Command is applied separately to each line (console, telnet, SSH) via its own command line
Assigning Enable Authentication-list to a Line • Use the following Line Configuration Mode command to specify an autherization method list when the user requests to access a higher privilege level. To return to the default list use the no form of this command. enable authentication {default | list-name} no enable authentication • default / list-name – as specified in the Global Mode aaa authentication enable command. • Command is applied separately to each line (console, telnet, SSH) via its own command line
Method Lists - Example • Example - Assigning login and enable method lists to lines (assign default list to console login) console(config)# line console console(config-line)# login authentication default console(config-line)# enable authentication en1 console(config-line)# exit console(config)# line telnet console(config-line)# login authentication log2 console(config-line)# enable authentication en2 console(config-line)# exit console(config)# line telnet console(config-line)# login authentication log3 console(config-line)# enable authentication en3
AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
HTTP Authentication List • Use the following Global Mode command to specify authentication method(s) for http server users. To return to the default (local), use the no form of this command: ip http authentication method1 [method2...] no ip http authentication • method1 [method2...] - At least one from: Local, Radius, TACACS, None. • Default method is “local”
HTTPS Authentication List • Use the following Global Mode command to specify authentication methods for https server users. To return to the default (local), use the no form of this command: ip https authentication method1 [method2...] no ip https authentication • method1 [method2...] - At least one from: Local, Radius, TACACS, None. • Default method is “local”
HTTP/HTTPS AAA - Example • Example: – Apply radius method on HTTPS for AAA services – Apply TACACS method on HTTP for AAA services console(config)# console(config)# ip https authentication radius console(config)# ip http authentication tacacs
AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
AAA – Show commands • Use the following EXEC mode command to display information about the authentication methods show authentication methods • The command will show: – Login method list – Enable method list – Line – method list association – HTTP/HTTPS/dot1x-method association
AAA – Show commands console# sh authentication methods Login Authentication Method Lists ---------------------------------- Default : Enable logm : Enable Enable Authentication Method Lists ---------------------------------- Default : Enable enm : Enable … See next slide
AAA – Show commands …from previous slide Line Login Method List Enable Method List ------- ----------------- ------------------- Console logm enm Telnet Default Default SSH Default Default http : Local https : Local dot1x :
Show RADIUS Server • Use the following EXEC mode command to display the RADIUS servers settings: show radius-servers console# sh radius-servers IP address Auth. TimeOut Retran. DeadTime source IP Prio. Usage --------------- ----- ------- ------- -------- --------------- ----- ----- 9.1.1.1 1812 Global Global Global Global 0 all Global values -------------- TimeOut : 3 Retransmit : 3 Deadtime : 0 Source IP : 0.0.0.0 console#
Thank You!!!

Empfohlen

Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xMohamed Gamel
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
Access control list
Access control listAccess control list
Access control listNarendra Kumar
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 

Empfohlen

Ieee 802.1 x
Ieee 802.1 xIeee 802.1 x
Ieee 802.1 xMohamed Gamel
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
Access control list
Access control listAccess control list
Access control listNarendra Kumar
 
AAA Implementation
AAA ImplementationAAA Implementation
AAA ImplementationAhmad El Tawil
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
010 sa302 aaa+ldap
010 sa302 aaa+ldap010 sa302 aaa+ldap
010 sa302 aaa+ldapBabaa Naya
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyDisobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and Privacy
Disobey 2024: Karri Huhtanen: Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Security tools
Security toolsSecurity tools
Security toolsGreater Noida Institute Of Technology
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and SwitchingReza Farahani
 
Cisco ise jun os and ios xr - tacacs+ integration
Cisco ise jun os and ios xr - tacacs+ integrationCisco ise jun os and ios xr - tacacs+ integration
Cisco ise jun os and ios xr - tacacs+ integrationArunKumar Subbiah
 
New Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideNew Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideHBaseCon
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02Ravi Ranjan
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop EcosystemDataWorks Summit
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx seriesMuhammad Denis Iqbal
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Dr. P. Mohana Priya
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedBMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedWes Moskal-Fitzpatrick
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Cache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentCache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentInterSystems Corporation
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410omardabbas
 
Securing Data in Hadoop at Uber
Securing Data in Hadoop at UberSecuring Data in Hadoop at Uber
Securing Data in Hadoop at UberDataWorks Summit
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 
Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesNetPlus
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portuguesNetPlus
 

Weitere ähnliche Inhalte

Ähnlich wie At8000 s configurando_aaa

Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data planeNetProtocol Xpert
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and SwitchingReza Farahani
 
Cisco ise jun os and ios xr - tacacs+ integration
Cisco ise jun os and ios xr - tacacs+ integrationCisco ise jun os and ios xr - tacacs+ integration
Cisco ise jun os and ios xr - tacacs+ integrationArunKumar Subbiah
 
New Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideNew Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideHBaseCon
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesSam Bowne
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop EcosystemDataWorks Summit
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx seriesMuhammad Denis Iqbal
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Dr. P. Mohana Priya
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedBMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedWes Moskal-Fitzpatrick
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Xavier Ashe
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyKarri Huhtanen
 
Cache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentCache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentInterSystems Corporation
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410omardabbas
 
Securing Data in Hadoop at Uber
Securing Data in Hadoop at UberSecuring Data in Hadoop at Uber
Securing Data in Hadoop at UberDataWorks Summit
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.pptveracru1
 

Ähnlich wie At8000 s configurando_aaa (20)

Security tools
Security toolsSecurity tools
Security tools
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Basic Security in Routing and Switching
Basic Security in Routing and SwitchingBasic Security in Routing and Switching
Basic Security in Routing and Switching
 
Cisco ise jun os and ios xr - tacacs+ integration
Cisco ise jun os and ios xr - tacacs+ integrationCisco ise jun os and ios xr - tacacs+ integration
Cisco ise jun os and ios xr - tacacs+ integration
 
New Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's GuideNew Security Features in Apache HBase 0.98: An Operator's Guide
New Security Features in Apache HBase 0.98: An Operator's Guide
 
Ch 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS VulnerabilitesCh 8: Desktop and Server OS Vulnerabilites
Ch 8: Desktop and Server OS Vulnerabilites
 
Iuwne10 S02 L02
Iuwne10 S02 L02Iuwne10 S02 L02
Iuwne10 S02 L02
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
CNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS VulnerabilitesCNIT 123: 8: Desktop and Server OS Vulnerabilites
CNIT 123: 8: Desktop and Server OS Vulnerabilites
 
Securing the Hadoop Ecosystem
Securing the Hadoop EcosystemSecuring the Hadoop Ecosystem
Securing the Hadoop Ecosystem
 
High availability deep dive high-end srx series
High availability deep dive high-end srx seriesHigh availability deep dive high-end srx series
High availability deep dive high-end srx series
 
Introduction to Web Application Security Principles
Introduction to Web Application Security Principles Introduction to Web Application Security Principles
Introduction to Web Application Security Principles
 
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys LimitedBMC Discovery (ADDM) Cheat Sheet by Traversys Limited
BMC Discovery (ADDM) Cheat Sheet by Traversys Limited
 
Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016Lateral Movement - Phreaknik 2016
Lateral Movement - Phreaknik 2016
 
Wi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and PrivacyWi-Fi Roaming Security and Privacy
Wi-Fi Roaming Security and Privacy
 
Cache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure EnvironmentCache Security- Configuring a Secure Environment
Cache Security- Configuring a Secure Environment
 
MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410MCSA Installing & Configuring Windows Server 2012 70-410
MCSA Installing & Configuring Windows Server 2012 70-410
 
Securing Data in Hadoop at Uber
Securing Data in Hadoop at UberSecuring Data in Hadoop at Uber
Securing Data in Hadoop at Uber
 
CCNA_Security_03.ppt
CCNA_Security_03.pptCCNA_Security_03.ppt
CCNA_Security_03.ppt
 

Mehr von NetPlus

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesNetPlus
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portuguesNetPlus
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portuguesNetPlus
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portuguesNetPlus
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portuguesNetPlus
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesNetPlus
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesNetPlus
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesNetPlus
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesNetPlus
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesNetPlus
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portuguesNetPlus
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portuguesNetPlus
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portuguesNetPlus
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesNetPlus
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesNetPlus
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixNetPlus
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixNetPlus
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixNetPlus
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixNetPlus
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixNetPlus
 

Mehr von NetPlus (20)

Cameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portuguesCameras sd 5500 speed domes portugues
Cameras sd 5500 speed domes portugues
 
Camera re q359 portugues
Camera re q359 portuguesCamera re q359 portugues
Camera re q359 portugues
 
Camera re h2035 c portugues
Camera re h2035 c portuguesCamera re h2035 c portugues
Camera re h2035 c portugues
 
Camera re h2025 c portugues
Camera re h2025 c portuguesCamera re h2025 c portugues
Camera re h2025 c portugues
 
Camera re h2015 r portugues
Camera re h2015 r portuguesCamera re h2015 r portugues
Camera re h2015 r portugues
 
Camera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portuguesCamera re h1020 l -lhshi portugues
Camera re h1020 l -lhshi portugues
 
Camera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portuguesCamera re h1020 l -lh - lsh portugues
Camera re h1020 l -lh - lsh portugues
 
Camera re b9020 lc - lch portugues
Camera re b9020 lc - lch portuguesCamera re b9020 lc - lch portugues
Camera re b9020 lc - lch portugues
 
Camera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portuguesCamera re b9020 lai - lahi - lahdi portugues
Camera re b9020 lai - lahi - lahdi portugues
 
Camera re b9020 la - lah portugues
Camera re b9020 la - lah portuguesCamera re b9020 la - lah portugues
Camera re b9020 la - lah portugues
 
Camera re b9018 lr portugues
Camera re b9018 lr portuguesCamera re b9018 lr portugues
Camera re b9018 lr portugues
 
Camera re b9016 l portugues
Camera re b9016 l portuguesCamera re b9016 l portugues
Camera re b9016 l portugues
 
Camera re b6018 lr portugues
Camera re b6018 lr portuguesCamera re b6018 lr portugues
Camera re b6018 lr portugues
 
Camera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portuguesCamera re 8020 lnci - lnshi - lnshdi portugues
Camera re 8020 lnci - lnshi - lnshdi portugues
 
Camera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portuguesCamera re 8020 lnc - lnsh portugues
Camera re 8020 lnc - lnsh portugues
 
DVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 DotixDVR Stand Alone DR-0162 Dotix
DVR Stand Alone DR-0162 Dotix
 
DVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 DotixDVR Stand Alone DR-082 Dotix
DVR Stand Alone DR-082 Dotix
 
DVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 DotixDVR Stand Alone DR-042 Dotix
DVR Stand Alone DR-042 Dotix
 
DVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV DotixDVR Stand Alone DE-2416HV Dotix
DVR Stand Alone DE-2416HV Dotix
 
DVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV DotixDVR Stand Alone DE-1816HV Dotix
DVR Stand Alone DE-1816HV Dotix
 

Kürzlich hochgeladen

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Kürzlich hochgeladen (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

At8000 s configurando_aaa

  • 1. AAA - Authentication, Authorization and Accounting AT - 8000S
  • 2. AAA Services  Authentication  Authorization  Accounting
  • 3. The Need for AAA services • In present day networks many tools are available to access and configure devices, locally or remotely (Terminal, Telnet, EWS, SSH etc) • It is desirable and useful to be able to limit who can view/change settings of the system • Verification is needed for: – User authentication – will user have (any) device access? – User authorization – once user has access, what level of access will he has?
  • 4. AAA services • AAA security services - using usernames and/or password to Authenticate user’s identity and access (authorization) level and to record what user has done. • The AT - 8000S switches implement the Authentication and Authorization.
  • 5. Secure Switch Management Local Authentication Data Flow Device Database UserID: bob Password: ge55gep attributes: xxxx Device UserID: bob Password: ge55gep Access-Accept User Telnet to the Switch User Console to the Switch User SSH to the Switch
  • 6. Secure Switch Management Authentication Data Flow User Database UserID: bob Select UserID=bob Device Password: ge55gep Device-ID: 207.12.4.1 Bob password=ge55gep UserID: bob Access-Accept Timeout=3600 Password: ge55gep User-Name=bob RADIUS [other attributes] [other attributes] Server User Telnet to the Switch User Console to the Switch User SSH to the Switch
  • 7. RADIUS Basics • Defined by IETF standard RFC2138 & RFC2139 http://www.faqs.org/rfcs/rfc2138.html http://www.faqs.org/rfcs/rfc2139.html • Requires Clients (normally a NAS, in our case a Switch) and servers (often called RADIUS servers)
  • 8. Switches AAA Implementation AT - 8000S
  • 9. AAA – Databases • Access security (AAA) services on the AT - 8000S uses the following databases (or methods) for username and Password validation: – Local – Device database with the following fields: Username, Password and Level of privilege (access) – Enable - Device general password list for gaining privileged (high) level access – Line – Device password list for each specific line (console, telnet and SSH) for gaining access – RADIUS server – External database with the following fields: Username, Password and Level of privilege (access) – TACACS + - A security application that provides centralized validation of users to gain access to a device (router or an access server). To be addressed in a separate presentation – (None) – no database is used (username and PW not needed)
  • 10. AAA – Management interfaces • Access security (AAA) services on the device can be configured on 5 management interfaces: – Console (ASCII terminal), telnet & SSH – • Have their own line command mode. • Lookup using any of the methods • Are associated with one or more lookup methods using method lists – or lists of databases • Separate method lists for authentication and authorization – HTTP & HTTPS • Do not have a line command mode • Lookup using only in local, RADIUS, TACACS+ or “none” methods • Associated directly to one or more methods (not through a list) • Lookup only for authentication (includes authorization lookup) • One more interface is the 802.1x which is an access (not management) control – This issue will be covered in separate presentation.
  • 11. AAA – Methods Lists • Methods lists contain one or more databases (methods) • Methods lists are defined separately for Authentication and Authorization verification • User can define many lists for each type • Each method list is assigned a list-name. • “Default” method list is a unique list which exists on the device. This list can be configured by user like any other list (but not removed). • Console, Telnet and SSH are associated separately to one authentication method-list and one authorization method- list
  • 12. AAA – Methods Lists • Authentication methods lists can contain one or more of the following methods: enable, line, local, RADIUS, TACACS+ and “none”. • Authorization methods list can contain one or more of the following methods: enable, line, RADIUS, TACACS+ and “none” (but not local database)
  • 13. AAA – “Default” Method List • System has 2 method lists named “default”: one for login and one for enable (authorization) • This is the method list which applies to the lines – unless user defines otherwise. • At system startup the default method list is different for console or network (telnet, SSH) connections: – For login default method list is: • Console_Default : None • Network_Default : Local – For enable default method list is: • Console_Default : Enable None • Network_Default : Enable – http : Local – https : Local – dot1x : • If user modifies the “default” list (via CLI) the same method list applies for both console and network connections. Via web management both defaults can be changed separately
  • 14. AAA – Method Rules • Method lists containing only 1 method: – If username and/or PW are verified by DB - user is granted access or the level of access required – If the method specified is “none” - user is granted access or the level of access required without having to provide a Username or PW. – If username and/or PW are not accepted by DB – access or access level is denied – If database is unavailable (or not configured) - access or access level is denied
  • 15. AAA – Method Rules • Method lists containing a list of methods: – If username and/or PW are verified by current DB - user is granted access or the level of access required – If username and/or PW do not exist on current DB – access or access level is denied (does not check next DB) – even if “none” is the next method on the list – If current methods is unavailable (or not configured) – verification process is attempted on next methods on list – If all methods are unavailable (checked one by one) - access or access level is denied, unless “none” method is part of the list
  • 16. AAA Configuration • When using separate security server, the device has to be configured with the RADIUS/TACACS+ server parameters and attributes • Configure the databases (on device or RADIUS/TACACS server) with the relevant Username and/or PW • Define the method lists for authentication and authorization using AAA commands • Apply the method lists to a particular line (line command mode), if required • If needed, apply the methods directly to the HTTP/HTTPS services
  • 17. AAA Process • When a particular line attempts to access the device, user authentication (or access level) is performed by checking the method list attached to that line. • User authentication and authorization occurs in the order the methods are listed in the relevant list • User will be authenticated by the first method on the list, and only if the first option cannot be reached - by next methods listed. • If the first (or current) methods is functioning properly – but user is not authenticated (entry does not exit), next methods are not used
  • 18. AAA 1. Creating passwords (and users) databases • Local, enable, line, RADIUS, TACACS+, none 2. Assign databases to methods • One or more database to each method (or none) 3. Attaching methods to line Console Local Pwd Regis login Enable Pwd rating telnet Method Line Pwd the enable system ssh Radius Pwd None http https
  • 19. AAA (1) DataBase console(config)# username XXX password YYY level 15 User name password level local: Local1 loc1 1 Local15 loc15 15 console(config)# enable password level 15 YYY User name password level enable: ----- en1 1 ----- en15 15 console(config)# line console/telnet/ssh console(config-line)# password YYY line: User name password level ----- linec (for console) ----- ----- linet (for telnet) ----- ----- lines (for ssh) -----
  • 20. AAA cont’ Assign database to methods: console(config)# aaa authentication login log_tel enable none login/enable method name Database in use login log_cons line none login log_tel enable none login log_ssh local console(config)# aaa authentication enable en_cons local login/enable method name Database in use enable en_cons local enable en_tel line enable en_ssh Radius enable none
  • 21. AAA cont’ • Attaching methods to line: console(config)# line console console(config-line)# login authentication log_cons console(config-line)# enable authentication en_cons console(config-line)# console(config)# line telnet console(config-line)# login authentication log_tel console(config-line)# enable authentication en_tel console(config-line)# console(config)# line ssh console(config-line)# login authentication log_ssh console(config-line)# enable authentication en_ssh console(config-line)# console(config)# console(config)# ip http authentication local none console(config)# ip https authentication radius local
  • 22. AAA cont’ • console# show authentication methods DB – local User name password level • Login Authentication Method Lists • ------------------------------------------- Local1 loc1 1 • Console_Default : None Local15 loc15 15 • Network_Default : Local • log_ssh : Local • log_tel : Enable None • log_cons : Line None DB – enable User name password level • Enable Authentication Method Lists ----- en1 1 • ---------------------------------- • Console_Default : Enable None ----- en15 15 • Network_Default : Enable • en_ssh : Radius Enable None • en_tel : Line DB – line • en_cons : Enable None User password level name • Line Login Method List Enable Method List ---- linec (for console) ----- • ---------- ------------------------ ----------------- -- ---- linet (for telnet) ----- • Console log_cons en_cons • Telnet log_tel en_tel ---- lines (for ssh) ----- • SSH log_ssh en_ssh • http : Local None • https : Radius Local
  • 23. AAA CLI Configuration AT - 8000S
  • 24. AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 25. AT - 8000S – Line Mode • Use the following Global Mode command to enter the command line mode of console/telnet/ssh: line {console | telnet | ssh} Example – entering telnet line mode: console# con console(config)# line telnet console(config-line)#
  • 26. AT - 8000S – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 27. AAA – Line Password • Use the following Line Configuration Mode command to specify a password for a line. To remove the password, use the no form of this command: password password [encrypted] no password encrypted - Encrypted password you enter, copied from another device configuration.
  • 28. AAA – Line Password • Notes: – Each line (console, telnet, ssh) is configured with its own password and only that PW will apply for that line. – Each line has only 1 PW – entering a new PW will cancel previous one – There is no “show” command to view line PW
  • 29. AT - 8000S – Line PW Example • Example – configuring a PW for each of the lines (console; telnet and SSH) console(config)# line console console(config-line)# password PW_Console console(config-line)# exit console(config)# line telnet console(config-line)# password PW_Telnet console(config-line)# exit console(config)# line SSH console(config-line)# password PW_SSH console(config-line)#
  • 30. AAA – Enable Password • Use the following Global Mode command to set a local password for different privilege levels. Use the no form of this command to remove the password requirement. enable password [ level level ] password [encrypted] no enable password [ level level ] • level - Level for which the password applies. If not specified the level is 15. • Encrypted - Encrypted password you enter, copied from another device configuration
  • 31. AAA – Enable Password • Notes: – Only 1 PW can be defined for each level (new PW settings for a level will erase previous entry) – Only levels 15 and 1 are implemented in current version – There is no “show” command to view enable PW – If enable is the method used for login (authentication), the user must enter the PW for level 1. If user will use PW for level 15 – access will be denied.
  • 32. AAA – Local User Name • Use the following Global Mode command to establish a username-based authentication system. Use the no form to remove a user name: username name [password password] [Level level] [encrypted] no username name • name & password - The name and authentication password of the user. • level - Specifies the user level. If not specified the privilege level is 15.
  • 33. Enable & User Example • Example – Configuring enable PW level 15 and level 1 – Configuring local DB user name and PW console(config)# console(config)# enable password level 15 high console(config)# enable password level 1 low console(config)# username david password david level 15 console(config)# username george password george level 1 console(config)#
  • 34. AAA - RADIUS Server • Use the following Global Mode command to specify a RADIUS server host. To delete the specified host, use the no form of command: radius-server host ip-address [auth-port auth-port-number] [timeout timeout] [retransmit retries] [deadtime deadtime] [key key-string] [source source] [priority priority] [usage type] no radius-server host ip-address
  • 35. RADIUS – Global Parameters • Each of the parameters in the radius server host command can be used as individual commands to configure Global Radius configuration (Applied to a server if host command did not include this parameter): radius-server key radius-server retransmit (default 3) radius-server source-ip (default 0.0.0.0) radius-server timeout (default 3) radius-server deadtime (default 0) • “no” form of command can be used with each command type to return value to default
  • 36. AT - 8000S - Radius Example • Example – Configuring a radius server with IP 10.1.1.100 port 1645 and priority 1 – Defining Global retransmit value of 5 console(config)# console(config)# radius-server host 10.1.1.100 auth-port 1645 priority 1 console(config)# radius-server retransmit 5
  • 37. AT - 8000S – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 38. Login Authentication Method • Use the following Global Mode command to define authentication methods lists at login. use the no form of this command to erase defined name aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} • default - The device’s default list of methods. Using the “no” option on “default” returns it to the device default • list-name - name of a (user defined) list of authentication methods which can be activated when a user logs in.
  • 39. Login Authentication Method • method1 [method2...] - at least one of the following:
  • 40. Login Authentication Method • The additional methods in a list (if such were defined) are used only if the previous method returns an error, not if it denies login. To ensure that the login succeeds even if all methods return an error (but not if they denied access), specify none as the final method. • The default and optional list names defined with the aaa authentication login command are attached to a line using the login authentication command (line mode)
  • 41. Enable Authentication Method • Use the following Global Mode command to set Authorization when the user attempts to access a higher privilege level. To remove a list (or return “default” list to original setting) use the no form of this command: aaa authentication enable {default | list-name} method1 [method2...] no aaa authentication enable {default | list-name}
  • 42. Enable Authentication Method method1 [method2...] - At least one of the following:
  • 43. Enable Authen. Method • The additional methods on a list (if such were defined) are used only if the previous method returns an error, not if it authentication fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method • All aaa authentication enable requests sent by the router to a RADIUS or TACACS server include the username "$enabx$.", where x is the requested privilege level (15 for the highest) • The default and optional list names that you define with the aaa authentication enable command are applied to a line with the enable authentication (line configuration mode) command.
  • 44. Method Lists - Example • Example – Configuring 3 different login method lists – Changing login “default” method list – Configuring 3 different enable method lists console(config)# aaa authentication login log1 local none console(config)# aaa authentication login log2 radius enable console(config)# aaa authentication login log3 line console(config)# aaa authentication login default line console(config)# aaa authentication enable en1 enable none console(config)# aaa authentication enable en2 line console(config)# aaa authentication enable en3 radius none
  • 45. AT - 8000S – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 46. Assigning Login Authentication-list to Line • Use the following Line Configuration Mode command to specify login authentication method list. To return to the default list use the no form of this command: login authentication {default | list-name} no login authentication • default / list-name – as specified in the Global Mode aaa authentication login command. • Command is applied separately to each line (console, telnet, SSH) via its own command line
  • 47. Assigning Enable Authentication-list to a Line • Use the following Line Configuration Mode command to specify an autherization method list when the user requests to access a higher privilege level. To return to the default list use the no form of this command. enable authentication {default | list-name} no enable authentication • default / list-name – as specified in the Global Mode aaa authentication enable command. • Command is applied separately to each line (console, telnet, SSH) via its own command line
  • 48. Method Lists - Example • Example - Assigning login and enable method lists to lines (assign default list to console login) console(config)# line console console(config-line)# login authentication default console(config-line)# enable authentication en1 console(config-line)# exit console(config)# line telnet console(config-line)# login authentication log2 console(config-line)# enable authentication en2 console(config-line)# exit console(config)# line telnet console(config-line)# login authentication log3 console(config-line)# enable authentication en3
  • 49. AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 50. HTTP Authentication List • Use the following Global Mode command to specify authentication method(s) for http server users. To return to the default (local), use the no form of this command: ip http authentication method1 [method2...] no ip http authentication • method1 [method2...] - At least one from: Local, Radius, TACACS, None. • Default method is “local”
  • 51. HTTPS Authentication List • Use the following Global Mode command to specify authentication methods for https server users. To return to the default (local), use the no form of this command: ip https authentication method1 [method2...] no ip https authentication • method1 [method2...] - At least one from: Local, Radius, TACACS, None. • Default method is “local”
  • 52. HTTP/HTTPS AAA - Example • Example: – Apply radius method on HTTPS for AAA services – Apply TACACS method on HTTP for AAA services console(config)# console(config)# ip https authentication radius console(config)# ip http authentication tacacs
  • 53. AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 54. AT - 8000S AAA – CLI Configuration • Entering Line configuration mode • Configuring databases • Creating method lists • Applying method lists to lines • Applying methods to HTTP/HTTPS • Show commands
  • 55. AAA – Show commands • Use the following EXEC mode command to display information about the authentication methods show authentication methods • The command will show: – Login method list – Enable method list – Line – method list association – HTTP/HTTPS/dot1x-method association
  • 56. AAA – Show commands console# sh authentication methods Login Authentication Method Lists ---------------------------------- Default : Enable logm : Enable Enable Authentication Method Lists ---------------------------------- Default : Enable enm : Enable … See next slide
  • 57. AAA – Show commands …from previous slide Line Login Method List Enable Method List ------- ----------------- ------------------- Console logm enm Telnet Default Default SSH Default Default http : Local https : Local dot1x :
  • 58. Show RADIUS Server • Use the following EXEC mode command to display the RADIUS servers settings: show radius-servers console# sh radius-servers IP address Auth. TimeOut Retran. DeadTime source IP Prio. Usage --------------- ----- ------- ------- -------- --------------- ----- ----- 9.1.1.1 1812 Global Global Global Global 0 all Global values -------------- TimeOut : 3 Retransmit : 3 Deadtime : 0 Source IP : 0.0.0.0 console#