Access Control and Identity Management Flashcards
What is EAL?
Evaluation Assurance Level
In combination with CC (Common Criteria)
When using hard drive encryption, why is automatic unlock not ideal?
Credentials are cached on the computer
What is an HSM?
Hardware Security Module
What is SCADA?
Supervisory Control and Data Aquisition
What is a TCP wrapper?
Intercepts requests to determine whether service is authorised to execute, should be used in conjunction with firewall
What is a TLS/SSL wrapper?
Intercepts requests to determine whether service is authorised to execute based on TLS/SSL session
What is AAA?
Authentication
Authorisation
Accounting (auditing)
What port does RADIUS use?
UDP
1812/1645 (Authentication)
1813/1646 (Accounting)
What port does TACACS+ use?
TCP
49
What is RADIUS?
Remote Authentication Dial-in User Service
Encrypts password credentials
What is TACACS?
Terminal Access Controller Access Control System
Encrypts entire packet
What is the KDC in Kerberos?
Key Distribution Center Contains TGS (Ticket Granting Service)
What kind of encryption does Kerberos use?
Symmetrical Encryption
Same key used to encrypt and decrypt
What port does Kerberos use?
88
What is X.500?
A protocol used by LDAP
Encrypted or unencrypted authentication
What port is used by LDAP?
389
What port is used by secure LDAP?
636
uses TLS/SSL
What is SAML?
Security Association Markup Language
SSO
How does SAML concept work?
Principal authenticates with Identity Provider who passes credentials to service provider(s)
What is TOTP?
Time-based One Time Password
What is FRR vs FAR for authentication?
False Rejection Rate (Type 1)
False Acceptance Rate (Type 2)
Cross Error Rate - point at which both are equal
What is HOTP?
Hash-based One Time Password
based on events
What is PAP?
Password Authentication Protocol
Type of PPP
What is CHAP?
Challenge Handshake Authentication Protocol
Type of PPP