10: Single Sign On (SSO) Flashcards
What is a single sign-on
A use authentication service that permits a user to use on set of login credentials to access multiple applications.
Advantages of SSO
Multiple passwords not required. This encourages user to select a stronger password.
· Improves administrator’s ability to manage user’s accounts.
· Reduces administrative overhead cost in resetting passwords due to lower number of IT help
desk calls about passwords.
· Reduces time taken by users to log into multiple applications.
Disadvantages of SSO
· SSO acts as a single authentication point for multiple applications which constitute risk of
single point of failure.
· Support of all major operating system environments is difficult.
What is Reduced Sign on
users need to sign in individually for each application (with same user ID & password)
Kerberos
Kerberos is an authentication service used to validate services and users in distributed computing environment (DCE).
Major risks of SSO in order
1 - SSO acts as a single point of failure (best choice)
2- SSO acts as single authentication point for multiple applications.
What is the most important control for SSO
The implementation of strong policy
(1) An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems .A major risk of using single sign-on (SSO) is that it:
A. acts as a single authentication point for multiple applications.
B. acts as a single point of failure.
C. acts as a bottleneck for smooth administration.
D. leads to a lockout of valid users in case of authentication failure.
Answer A. acts as a single authentication point for multiple applications.
Explanation:
SSO acts as a single authentication point for multiple applications which constitute risk of single
point of failure. The primary risk associated with single sign-on is the single authentication point. A Single point of failure provides a similar redundancy to the single authentication point. However, failure can be due to any other reasons also. So more specific answer to this question is option A.
(2)An organization is introducing a single sign-on (SSO) system. In SSO, unauthorized access:
A. will have minor impact.
B. will have major impact.
C. is not possible.
D. is highly possible.
Answer: B. will have major impact.
Explanation:
Single sign-on (SSO) is a user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. This constitutes risk of single
point of failure. The impact will be greater since the hacker needs to know only one password to gain access to all the related applications and therefore, cause greater concerns than if only the password to one of the systems is known. Introduction of SSO will not have any relevance on possibility (higher or lower) of unauthorized access.
(3)An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will
be required to enter only one user ID and password for access to all application systems .A major risk of using single sign-on (SSO) is that:
A. It increases security administrator work load.
B. It reduces administrator’s ability to manage user’s accounts.
C. It increases time taken by users to log into multiple applications.
D. Unauthorized password disclosure can have greater impact
Answer: D. Unauthorized password disclosure can have greater impact.
Explanation:
Single sign-on (SSO) is a user authentication service that permits a user to use one set of login
credentials (e.g., name and password) to access multiple applications. This constitutes risk of single
point of failure. The impact will be greater since the hacker needs to know only one password to
gain access to all the related applications and therefore, cause greater concerns than if only the
password to one of the systems is known.SSO improves the administrator’s ability to manage user’s
accounts. SSO reduces time taken by users to log into multiple applications and work load of
security administration.
(4)An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. To prevent unauthorized access, the MOST important action is to:
A. to monitor all failed attempts.
B. regular review of log files.
C. implement a strong password policy.
D. to deactivate all unused accounts.
Answer: C. implement a strong password policy.
Explanation:
A strong password policy is better preventive control. Other options are good practice but may not able address the risk of unauthorized access if password is compromised
(5)Which following is most important benefit of Single Sign On?
A. Easier administration of password management.
B. It can avoid a potential single point of failure issue
C. Maintaining SSO is easy as it is not prone to human errors
D. It protects network traffic
Answer: A. Easier administration of password management.
Explanation:
Easier administration of changing or deleting passwords is the major advantage of implementing
SSO. The advantages of SSO include having the ability to use stronger passwords, easier administration of changing or deleting the passwords, and requiring less time to access resources
(6)Risk of unauthorized access can be best control by:
A. Before-image/after-image logging
B. Vitality detection
C. Multimodal biometrics
D. Kerberos
Answer: D. Kerberos
Explanation:
Kerberos is a network authentication protocol for client-server applications that can be used to restrict access to the database to authorized users. Vitality detection and multimodal biometrics are controls against spoofing and mimicry attacks. Before-image/after-image logging of database transactions is a detective control, as opposed to Kerberos, which is a preventative control.
