2.4 Authentication & Authorization Flashcards

1
Q

Define Federation

A

Using a third-party to provide authentication and then trusting that authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Attestation

A

Verifying that the hardware being used to connect to your network is the hardware provided to the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define TOTP for authentication

A

Time-based One Time Password - a numeric token is generated every x seconds that must be provided when logging in
Examples RSA Key Fob or Google Authenticator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define HOTP for authentication

A

HMAC-based One Time Password - similar to TOTP, the number comes from a pre-generated list of numbers and each one is only used once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define SMS authentication and vulnerability

A

A code is sent via text message that is provided to login, SMS messages are vulnerable to interception or a device can easily impersonate another device to receive the code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define static codes authentication

A

A static code, i.e. password or PIN is used to authenticate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define authentication applications (2 examples)

A

Applications that assist with providing login codes, such as an application that tells you the next code when using HMAC-based One Time Passwords for login
OR application that receives push-notifications you must respond to in order to login

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define Push-Notifications authentication and vulnerability

A
  1. An application is installed on a device that receives push-notifications when logging in (i.e. our GSPN login at work)
  2. Can be a vulnerability if the notifications are not strongly encrypted but generally more secure than SMS or phone call authentication.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define Phone call authentication and vulnerability

A
  1. When logging in, the user receives a phone call with an access code that must be provided
  2. Same weaknesses as SMS authentication since phone numbers can be easily spoofed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define Smart Card authentication

A

A card using either a chip, RFID, or NFC, and containing a certificate used to login. Usually in conjunction with other authentication methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How are biometrics used for authentication?

A

Various biometric features, such face, gait, retina, veins, are unique to each of us and can be analyzed to prove identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define False Acceptance Rate (FAR) relative to biometric authentication

A

allowing when person should be denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can False Acceptance Rate (FAR) be reduced?

A

By increasing the sensitivity of the biometric reader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Define False Rejection Rate (FRR) relative to biometric authentication

A

denying a user who should be allowed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How can False Rejection Rate (FRR) be remedied?

A

By decreasing the sensitivity of the biometric reader

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Define Crossover Error Rate (CER) relative to biometric authentication

A

the ideal spot where sensitivity and error rates meet to create the desired level of security

17
Q

Define MFA

A

Multi-factor Authentication

18
Q

Define 3 Factors of MFA

A
  1. Something you know
  2. Something you have
  3. Something you are
19
Q

2 Examples of Something you Know

A

Password, PIN

20
Q

3 Examples of Something you Have

A
  1. Smart card
  2. token on USB thumb-drive
  3. phone to receive code via SMS or voice call
21
Q

Example of Something you Are

A

Biometrics

22
Q

Define 4 Attributes of MFA

A
  1. Somewhere you are
  2. Something you can do
  3. Something you exhibit
  4. Someone you know
23
Q

Example of somewhere you are

A

Geographic location, such as country, state, city

24
Q

Example of something you can do

A

Signature

25
Q

Example of something you exhibit

A

Way you walk aka gait

26
Q

Example of someone you know

A

Digital signature or certificates

27
Q

Define AAA

A

Authentication, Authorization, Accounting

28
Q

Define Authentication

A

proving your identity

29
Q

Define Authorization

A

whether or not you have access to something

30
Q

Define Accounting

A

logging who has logged in and what has been accessed

31
Q

2 Models (locations) to provide AAA

A

Cloud-based or on-premises