AAA and Authentication 4.1 Flashcards
AAA Framework
Authentication, Authorization, Accounting
This is the foundation of network security. This is to prove that we are who we say we are.
Identification = Username Authentication = Password/Other Factors Authorization = What level of access Accounting = Login time, data sent/received, logout time
Multi-Factor Authentication
Somewhere you are Something you are Something you have Something you know Something you do
These additional authentication factors can be expensive and require specialized hardware. Can also be inexpensive. Smartphone apps for example.
Something You Are
Biometric Authentication. Fingerprint, iris scan, voiceprint. Usually stores a mathematic representation of your biometric. Your actual fingerprint isn’t usually saved. These are difficult to change. Used in very specific situations.
Something You Have
Something you carry with you. Smart card, usually combined with a PIN. USB token with a certificate on the device. Also can generate a pseudo-random authentication code. Mobile phone can receive an SMS code.
Something You Know
A password, string of characters, or a PIN. On your phone it could be the swipe pattern.
Somewhere You Are
Details based on geographical location. Authentication only works if you are there. Can use an IPv4 address in some cases, but is not a perfect method. However, mobile phones are good for this because they give geographic location.
Something You Do
This is something unique to the way you do something. Handwriting for example. Typing pattern can also be used.
Federation
You can authentication through organization. Your Google or Facebook logins for example. This is a third-party established relationship of trust.
Single Sign-On (SSO)
This is when you login one time and you’re pretty much always logged in. There are a lot of complexities going on here that the user does not see.
Transitive Trust
One-Way Trust - One domain may trust the other domain, but not the other way around.
Two-Way Trust - Trust each other equally
Non-Transitive Trust - A trust specifically created and applies only to that domain.
Transitive Trust - If A trusts B, and B Trusts C, then A must trust C.