3.8 Flashcards
What are password keys
Hardware-based authentication
Helps prevent unauthorized logins and account takeovers
Password vaults
Password managers create unique passwords and store them. All the credentials are encrypted.
A specification for cryptographic functions. Has a cryptographic processor and comes with unique keys burned in during production of the product.
TPM
What is a hardware security module (HSM)
High end cryptographic hardware that can be a plug in card or separate hardware device
Key backup
Has Cryptographic accelerators
Used in large environments
What uses personal knowledge as an authentication factor
Knowledge-based authentication (KBA)
Differences between Static KBA and Dynamic KBA
Static KBA
-PRe-configured shared secrets
Dynamic KBA
- Questions are based on an identity verification service
A basic authentication method that is used in legacy systems.
Password Authentication Protocol (PAP)
Is an encrypted challenge sent over the network
Challenge-Handshake Authentication Protocol
Describe the three way handshake that takes place in CHAP
- After link is established, server sends a challenge
- Client responds with a password hash calculated from the challenge and the password
- Server compares received hash with stored hash
What is MS-Chap
Microsoft’s implementation of CHAP
Used commonly on Microsoft’s Point-to-Point Tunneling Protocol (PPTP)
What is one of the most common AAA protocols that is centralized authentication for users
RADIUS
Remote Authentication Dial-in User Service
What provides a remote authentication protocol and is created to control access to dial-uplines to ARPANET
TACACS
What is the difference between XTACACS and TACACS+
XTACS
- is a Cisco created version of TACACS (proprietary)
TACACS+
- has more authentication requests and response codes (open source)
This network authentication protocol only needs to be authenticated one time. Also includes mutual authentication between the server and the client
Kerberos
This is a port based Network Access Control (NAC). Prevents access tot the network until the authentication succeeds.
IEEE 802.1X