Here we would be discussing some of today’s most widely used technologies that would be enabling the network administrators so as to ensure that sensitive data is secure from unauthorized sources. Standards like the IPSec (IP Security) as well as encryption standards are going to be covered, as are all the fundamental foundation topics you need to understand so as to master the topics which would be covered in the CCIE Security.
CCIE Security Protocols Include:
- Remote Authentication Dial-In User Service (RADIUS)
- Terminal Access Controller Access Control System Plus (TACACS Plus)
- Advanced Encryption Standard (AES)
- EAP, PEAP, TKIP, TLS
- Data Encryption Standard (DES)
- Triple DES (3DES)
- IP Security (IPSec)
- Internet Key Exchange (IKE)
- Certificate Enrollment Protocol (CEP)
- Point-to-Point Tunneling Protocol (PPTP)
- Layer 2 Tunneling Protocol (L2TP)
We would be discussing some of the topics in here, but if you wish to gain all the information in detail, you should join the courses offered by the SPOTO.
Remote Authentication Dial-In User Service:
Remote Authentication Dial-In User Service or shortly known as RADIUS is a client/server-based system that would be securing a Cisco network against intruders. As implemented in IOS of Cisco, RADIUS sends authentication requests to a RADIUS server. RADIUS is the creation of Livingston Enterprises and is now defined as RFCs 2865/2866. A RADIUS server is considered as a device that has the RADIUS daemon or application installed. RADIUS must be used with AAA to enable the authorization, authentication, as well as accounting of remote users when utilizing the Cisco IOS routers.
Terminal Access Controller Access Control System Plus:
Cisco IOS is going to support three versions of TACACS, which are TACACS, Extended TACACS, and TACACS+. All three methods would be authenticating users and denying access to users who don’t have a valid username or password pairing. TACACS+ is Cisco proprietary, whereas RADIUS is considered as an open standard originally created by Livingston Enterprises.
Encryption Technology Overview:
When well-known Internet sites, like CNN, are exposed to security threats, the news reaches all parts of the globe. Ensuring that data crossing any IP network is considered secure as well as not vulnerable to threats is one of today’s most challenging tasks in the IP storage arena so much that Cisco would be releasing an entirely new CCIE for the storage networking certification track.
Certificate Enrollment Protocol:
Certificate Enrollment Protocol or shortly known as CEP is a protocol jointly developed by Cisco and VeriSign, Inc. CEP is an early implementation of CRS (Certificate Request Syntax), a proposed standard to the IETF. CEP would be specifying about how a device communicates with the CA, how to retrieve the CA’s public key, and about how to enroll a device with the CA. CEP would be utilizing PKCS (Public Key Cryptography Standards).
Extensible Authentication Protocol:
Extensible Authentication Protocol or shortly known as EAP would be enabling the dynamic selection of the authentication mechanism at authentication time which would be based on information transmitted in the Access-Request. PPP would be also supporting the EAP during the link establishment phase.
Virtual Private Dial-Up Networks (VPDN)
A Virtual Private Dial-Up Networks or shortly known as VPDN is considered as a network that would be extending remote access dialup clients to a private network. VPDN tunnels would be utilized either Layer 2 Tunnel Protocol (L2TP) or Layer 2 Forwarding (L2F). Cisco would be introducing L2F in RFC 2341. It would be also utilizing in order to forward PPP sessions for Multichassis Multilink PPP.
If you wish to have more information regarding the Security Protocols, you could have in through the preparation courses offered by the SPOTO.