Acknowledgments — About the Author — About This Book
Chapter 1 — User Identification and Authentication Concepts
- 1.1 Security Landscape
- 1.2 Authentication, Authorization, and Accounting
- 1.2.1 Identification and Authentication
- 1.2.2 Authorization
- 1.2.3 User Logon Process
- 1.2.4 Accounting
- 1.3 Threats to User Identification and Authentication
- 1.3.1–1.3.16 (Bypassing, Brute Force, Sniffing, MITM, Session Hijacking, etc.)
- 1.4 Authentication Credentials
- 1.4.1 Password Authentication
- 1.4.2 Asymmetric Keys and Certificate-Based Credentials
- 1.4.3 Biometric Credentials
- 1.4.4 Ticket-Based Hybrid Authentication Methods
- 1.5 Enterprise User Identification and Authentication Challenges
- 1.6 Authenticating Access to Services and the Infrastructure
- 1.7 Delegation and Impersonation
- 1.8 Cryptology, Cryptography, and Cryptanalysis
Chapter 2 — UNIX User Authentication Architecture
- 2.1 Users and Groups
- 2.2 Simple User Credential Stores
- 2.3 Name Services Switch (NSS)
- 2.4 Pluggable Authentication Modules (PAM)
- 2.5 The UNIX Authentication Process
- 2.6 User Impersonation
- 2.7 Case Study: User Authentication against LDAP
- 2.8 Case Study: Using Hesiod for User Authentication in Linux
Chapter 3 — Windows User Authentication Architecture
- 3.1 Security Principals
- 3.2 Stand-Alone Authentication
- 3.3 Windows Domain Authentication
- 3.4 Federated Trusts
- 3.5 Impersonation
Chapter 4 — Authenticating Access to Services and Applications
- 4.1 Security Programming Interfaces (GSS-API, SSPI)
- 4.2 Authentication Protocols (NTLM, Kerberos, SASL)
- 4.3 Transport Layer Security (TLS/SSL)
- 4.4–4.10 Telnet, FTP, HTTP, POP3/IMAP, SMTP, LDAP, SSH Authentication
- 4.11–4.14 Sun RPC, SMB/CIFS, NFS, MS RPC Authentication
- 4.15–4.17 MS SQL, Oracle, MS Exchange MAPI Authentication
- 4.18 SAML, WS-Security, and Federated Identity
Chapter 5 — Authenticating Access to the Infrastructure
- 5.1 User Authentication on Cisco Routers and Switches
- 5.2 Authenticating Remote Access (PAP, CHAP, MS-CHAP, EAP)
- 5.3 Port-Based Access Control (802.1X, EAPOL)
- 5.4 Wireless Authentication (WEP, WPA/WPA2)
- 5.5 IPSec, IKE, and VPN Client Authentication
- 5.6 Centralized Authentication (RADIUS, TACACS)
Appendices
- A — References
- B — Lab Configuration
- C — Indices of Tables and Figures
- Book Index