AAA and Authentication 4.1 Flashcards

1
Q

AAA Framework

A

Authentication, Authorization, Accounting

This is the foundation of network security. This is to prove that we are who we say we are.

Identification = Username
Authentication = Password/Other Factors
Authorization = What level of access
Accounting = Login time, data sent/received, logout time
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Multi-Factor Authentication

A
Somewhere you are
Something you are
Something you have
Something you know
Something you do

These additional authentication factors can be expensive and require specialized hardware. Can also be inexpensive. Smartphone apps for example.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Something You Are

A

Biometric Authentication. Fingerprint, iris scan, voiceprint. Usually stores a mathematic representation of your biometric. Your actual fingerprint isn’t usually saved. These are difficult to change. Used in very specific situations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Something You Have

A

Something you carry with you. Smart card, usually combined with a PIN. USB token with a certificate on the device. Also can generate a pseudo-random authentication code. Mobile phone can receive an SMS code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Something You Know

A

A password, string of characters, or a PIN. On your phone it could be the swipe pattern.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Somewhere You Are

A

Details based on geographical location. Authentication only works if you are there. Can use an IPv4 address in some cases, but is not a perfect method. However, mobile phones are good for this because they give geographic location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Something You Do

A

This is something unique to the way you do something. Handwriting for example. Typing pattern can also be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Federation

A

You can authentication through organization. Your Google or Facebook logins for example. This is a third-party established relationship of trust.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Single Sign-On (SSO)

A

This is when you login one time and you’re pretty much always logged in. There are a lot of complexities going on here that the user does not see.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Transitive Trust

A

One-Way Trust - One domain may trust the other domain, but not the other way around.

Two-Way Trust - Trust each other equally

Non-Transitive Trust - A trust specifically created and applies only to that domain.

Transitive Trust - If A trusts B, and B Trusts C, then A must trust C.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly