3.8 Flashcards
What are password keys
Hardware-based authentication
Helps prevent unauthorized logins and account takeovers
Password vaults
Password managers create unique passwords and store them. All the credentials are encrypted.
A specification for cryptographic functions. Has a cryptographic processor and comes with unique keys burned in during production of the product.
TPM
What is a hardware security module (HSM)
High end cryptographic hardware that can be a plug in card or separate hardware device
Key backup
Has Cryptographic accelerators
Used in large environments
What uses personal knowledge as an authentication factor
Knowledge-based authentication (KBA)
Differences between Static KBA and Dynamic KBA
Static KBA
-PRe-configured shared secrets
Dynamic KBA
- Questions are based on an identity verification service
A basic authentication method that is used in legacy systems.
Password Authentication Protocol (PAP)
Is an encrypted challenge sent over the network
Challenge-Handshake Authentication Protocol
Describe the three way handshake that takes place in CHAP
- After link is established, server sends a challenge
- Client responds with a password hash calculated from the challenge and the password
- Server compares received hash with stored hash
What is MS-Chap
Microsoft’s implementation of CHAP
Used commonly on Microsoft’s Point-to-Point Tunneling Protocol (PPTP)
What is one of the most common AAA protocols that is centralized authentication for users
RADIUS
Remote Authentication Dial-in User Service
What provides a remote authentication protocol and is created to control access to dial-uplines to ARPANET
TACACS
What is the difference between XTACACS and TACACS+
XTACS
- is a Cisco created version of TACACS (proprietary)
TACACS+
- has more authentication requests and response codes (open source)
This network authentication protocol only needs to be authenticated one time. Also includes mutual authentication between the server and the client
Kerberos
This is a port based Network Access Control (NAC). Prevents access tot the network until the authentication succeeds.
IEEE 802.1X
True or False does EAP integrate with 802.1X
True
What are some examples of databases 802.1X is used in conjunction with
RADIUS, LDAP, TACACS+
What does federation do
Provides network access by the use of a third party to authenticate and authorize between two organizations
Secuirty Assertion Markup (SAML)
Open standard for authentication and authorization. Not originally designed for mobile apps
This is an Authorization framework that will determine what resources a user will be able to access but is not an authentication protocol
OAuth
Name the two aspects of Access control and what do they do
Authorization - The process of ensuring authorized rights are exercised User received rights - based on access control models - The correct business needs
What is Mandatory Access Control
Operating system limits the operation on an object
True or False Discretionary Access Control is an access control that grants or restricts access via an access policy determined by an object’s owner group
True
This Access control is based on the role you have in your corporation
Role-based access control (RBAC)
Attribute-based access control (ABAC)
Access control that considers many parameters such as: Resource information, IP address, Roll in the company, and etc.
True or False Rule based access control is determined by users. Also is the rule associated with the object? Lastly is there any conditions associated besides who you know?
False Rule-based control is determined by system administrators. Yes and Yes
Name some attributes for the File system security
File system handles encryption and decryption. Can access information via: Access control list, Group/user rights and permissions, can be centrally administered and/ or users can manage files they own
