Authentication Flashcards by Big Effot

Three key elements of security

AUthenticaion
AUthorization
Accounting

How well did you know this?

Not at all

Perfectly

It relates to access control

Authentication

How well did you know this?

Not at all

Perfectly

__ is the process by which
resources or services are granted or denied

Access Control

How well did you know this?

Not at all

Perfectly

The presentation of credentials or identification

Identification

How well did you know this?

Not at all

Perfectly

The verification of credentials to ensure that they are genuine and not fabricated

Authentication

How well did you know this?

Not at all

Perfectly

Granting permission for admittance

Authorization

How well did you know this?

Not at all

Perfectly

__ is the right to use specific resources

Access

How well did you know this?

Not at all

Perfectly

WHat is AAA?

Authentication
Authorization
Accounting

How well did you know this?

Not at all

Perfectly

AAA

provides a way of
identifying a user, typically with a password

Authentication

How well did you know this?

Not at all

Perfectly

AAA

determines whether the user
has the authority to carry out certain tasks

Authorization

How well did you know this?

Not at all

Perfectly

AAA

___ measures the resources a user “consumes” during each network session

Accounting

How well did you know this?

Not at all

Perfectly

Uses of Accounting DATA

TO find billing problems
for billing
for planning

How well did you know this?

Not at all

Perfectly

These are dedicated to performing AAA functions and can provide significant advantages in a network

AAA servers

How well did you know this?

Not at all

Perfectly

___ are something you have,
something you are, or something you know

Credentials

How well did you know this?

Not at all

Perfectly

Types of authentication credentials

Passwords
One-time passwords
Standard biometrics
Behavioral biometrics
Cognitive biometrics

How well did you know this?

Not at all

Perfectly

Passwords

Dyanmic passwords that change frequently

One-time passwords

How well did you know this?

Not at all

Perfectly

Passwords

How well did you know this?

Not at all

Perfectly

Most common type of OTP

time-synchronized OTP

How well did you know this?

Not at all

Perfectly

Passwords

used in junction with a token

Time-synchronized OTP

How well did you know this?

Not at all

Perfectly

PASSWORDS

Authentication server displays a _____ (_____) to the user

challenge, random number

How well did you know this?

Not at all

Perfectly

Passwords

Uses a person’s unique characteristics for authentication (what he is)

Standard Biometrics

How well did you know this?

Not at all

Perfectly

PASSWORDS

Types of fingerprint scanners

static
dynamic

How well did you know this?

Not at all

Perfectly

PASSWORDS

Disadvantages of Standard Biometrics

costs
readers are not always foolproof
how can you change your password if it’s your fingerprint?

How well did you know this?

Not at all

Perfectly

PASSWORDS

Authentciates by normal actions that the user performs

Behavioral Biometrics

How well did you know this?

Not at all

Perfectly

PASSWORDS: Behavioral Attempts to recognize user's unique typing rhythm

Keystroke Dynamics, Behavioral Biometrics

PASSWORDS: Behavioral Keystroke dynamics uses two unique typing variables

- dwell time - flight time

PASSWORDS: Behavioral Uses charactieristics of a person's voice

voice recognition

PASSWORDS: Behavioral speaking two words together in a way that one word "bleeds" into the next word and becomes part of user's speech pattern

Phonetic cadence, voice recognition

PASSWORDS: Behavioral When and from where a user normally accesses a system

Computer footprint

PASSWORDS: Behavioral a simple form of two-factor authentication and is REQUIRED by the US now

Computer Footprinting

PASSWORDS Related to the perception, thought, process, and understanding of the user

Cognitive Biometrics

PASSWORDS Easier for the user to remember because it is based on the user’s life experiences

Cognitive Biometrics

PASSWORDS: Cognitive examples of cognitive biometrics

requires user to identify specific faces

AUTHENTICATION MODELS

- One-factor - two-factor - three-factor

AUTHENTICATION MODELS Uses only one authentication credential, such as a password

One-factor

AUTHENTICATION MODEL Enhances security, particularly if different types of authentication methods are used (Password and token)

two-factor

AUTHENTICATION MODEL Requires that a user present three different types of authentication credentials

three-factor

AUTHENTICATION MODEL Using a single authenticated ID to be shared across multiple networks

Identitiy management

AUTHENTICATION MODEL When those networks are owned by different organizations

Federated Identity Management (FIM)

AUTHENTICATION MODEL Using one authentication to access multiple accounts or applicants

single sign-on

Originally introduced in 1999 as .NET Passport

Windows Live ID

Once authenticated, the user is given an encrypted time-limited “global” cookie

Windows Live ID

Never became widely used

Windows Live ID

Users control digital identities with digital ID cards

Windows CardSpace

WINDOWS CARDSPACE Types of cards

- Managed cards - Personal cards

A decentralized open source FIM

OpenID

Does not require specific software to be installed on the desktop

OpenID

An ___ identity is only a URL backed up by a username and password. ___ provides a means to prove that the user owns that specific URL

OpenID

Not very secure--dependent on DNS

OpenID

Authentication can be provided on a network by a dedicated AAA or ___

Authentication servers

Types of AAA servers

- RADIUS - Kerberos - TACACS+ - Generic servers built on the Lightweight Directory Access Protocol (LDAP)

AAA SERVER Developed in 1992, Industry standard with widespread support

Remote Authentication Dial in User Service (RADIUS)

AAA SERVER Suitable for what are called “high-volume service control applications”

RADIUS

AAA SERVERS A RADIUS client is typically a device such as a ___ or wireless _____

dial=up server, access point

AAA SERVER An authentication system developed by the Massachusetts Institute of Technology (MIT)

Kerberos

AAA SERVER server issues a ticket to the user >> user presents ticket to the network or service >> service examines the ticket to verify identity of user

Kerberos

AAA SERVER -Developed by Cisco to replace RADIUS -More secure and reliable than RADIUS

Terminal Access Control Access Control System (TACACS+)

AAA SERVER - A database stored on the network itself that contains information about users and network devices - Can be used with RADIUS

Lightweight Directory Access Protocol

AAA SERVER LDAP: Standard for directory services. Created by ISO

X.500

AAA SERVER LDAP: Capability to look up information by name

White-pages service

AAA SERVER LDAP: brows and search for information by category

Yellow-pages service

AAA SERVER LDAP: info is held in a ___

directory information base (DIB)

AAA SEVER LDAP: entries in DIB are arranged in a tree structure called ____

Directory information tree (DIT)

AAA SERVER Protocol for a client application to access an X.500 directory

Directory Access Protocol

AAA SERVER sometimes called X.500 Lite

LDAP

AAA SERVER is an open protocl

LDAP

AAA SERVER simpler subset of DAP

LDAP

the "envelope" that carries data used for authentication

EXTENDED AUTHENTICATION PROTOCOLS

EXTENDED AUTHENTICATION PROTOCOLS thre categories

- Authentication legacy protocols - EAP weak protocols - EAP strong protocols

EXTENDED AUTHENTICATION PROTOCOLS No longer extensively used for authentication

Authentication Legacy Protocol

EXTENDED AUTHENTICATION PROTOCOLS Legacy: Sends passwords in the clear

Password Authentication Protocol (PAP)

EXTENDED AUTHENTICATION PROTOCOLS Legacy: safer than PAP, but vulnerable

Challenge-Handshake AUthentication Protocol

EXTENDED AUTHENTICATION PROTOCOLS still used but has vulnerabilities

EAP Weak Protocols

EXTENDED AUTHENTICATION PROTOCOLS Weak: vulnerable to offline dictionary attacks

EAP MD5

EXTENDED AUTHENTICATION PROTOCOLS Weak: also vulnerable to offline dictionary attacks. Can be tracked faster than WEP

Lightweight EAP

EXTENDED AUTHENTICATION PROTOCOLS Strong: uses certifications for client and server. Uses large windows networks

EAP with transport layer security

EXTENDED AUTHENTICATION PROTOCOLS Strong: no client-side certificate. Easier to implement than EAP-TLS

EAP with tunneled TLS and Protected EAP

Transmissions are routed through networks or devices that the organization does not manage and secure

Remote Authentication and Security

remote authentication and security usually includes:

- using remote access services - installing a virtual private network - maintaining a consistent remote access policy

Any combination of hardware and software that enables access to remote users to a local internal network

Remote Access Services

RAS One of the most common types of RAS

Virtual Private Network

RAS Uses an unsecured public network, such as the Internet, as if it were a secure private network

VPN

RAS: VPN types of VPN

- remote access VPN/ VPN private dial-up network - site-to-site VPN

RAS __ transmissions are achieved through communicating with endpoints

VPN

RAS end of the tunnel between VPN devices

Endpoint

RAS Aggregates hundred or thousands of multiple connections

VPN concentrator

RAS: VPN __ offer the most flexibility in how network traffic is managed

Software-based VPN

RAS: VPN __ generally tunnel all traffic they handle regardless of the protocol

Hardware-based VPN

RAS: recommendations for remote access policies:

- consistent - responsibility of IT dept - create a standard that all depts agree to

Authentication Flashcards

(90 cards)