Authentication Flashcards
1
Q
Service-Oriented Architecture (SOA)
A
- Is an older messaging protocol that uses XML over HTTP to enable clients to invoke processes on a remote host in a platform-agnostic way
- Uses a message envelope that defines the messages that are allowed and how they are to be processed by the recipient, as well as a set of encoding rules used to define data types
- Includes conventions on what remote procedures can be called and how to interpret their responses between applications- Software design that provides services to components of a system or service via communication protocols on a network
- Intent of a SOA design is to allow loosely coupled components to communicate in a standardized way, allowing them to consume and provide data to other components
- Three Primary Roles:
- Service provider creates and publishes a web service in a broker or repository
- Service requestors or consumers use web services after finding entries describing it in the service broker’s catalog
2
Q
Simple Object Access Protocol (SOAP)
A
- Is an XML-based messaging protocol that was frequently used for web services
- Defines how messages should be formatted and exchanged, how transport of the messages occurs, as well as models for processsing them
- XML documents that contain an envelope that identifies the document as a SOAP message, a header and body that contain information and a fault element that contains error messages and status information as necessary
3
Q
RESTful HTTP
A
- Architectural style, with six principles - not rules
- Client/Server
- The REST architecture style follows a model in which a client queries a server for particular resources, communicated over HTTP
- Stateless
- Client/Server
- No client information is stored on the server, and each client must contain all of the information necessary for the server to interpret the request
- Cacheable
- In some cases, it may not be necessary for the client to query the server for a request that has already occurred
- If marked as such, a client may store a servers response for reuse later on
- Uniform Interface
- Simplicity is a guiding principle for the architectural style and is realized with several constraints
- Identification of resources
- Manipulation of resources through representations
- Self-Descriptive messages
- Hypermedia as the engine of application state
- Layered System
- A client will not be able to tell if it’s connected directly to the end server, an intermediary along the way, proxies or load balancers
- This means that security can be strongly applied based on system restrictions and that the server may respond in whatever manner it deems most efficient
- Code on Demand
- REST enables client functionality to be extended by enabling servers to respond to applets or scripts that can be executed client-side
4
Q
SAML
A
- Defines two key roles: SP and IdP
- User who wants to access a service requests access from the SP. SP redirects the user to the IdP for authentication. The IdP authenticates the user and redirects back to SP.
5
Q
STIX
A
- Standard used for describing cyber threat information
- Developed so it can be shared, stored and otherwise used in a consistent manner that facilitates automation and human assisted analysis
6
Q
TAXII
A
- Protocol used to transfer threat intelligence
- Used to support STIX information, by defining an API that aligns with common sharing methods
7
Q
eFuse
A
- eFuse is a single bit of nonvolatile memory that, once set to 1, can never be reverted to 0.
- It relies on a special compound that normally conducts electricity, but if you apply a specific amount of power, its chemical composition changes and it becomes a resistor instead
- Once an eFuse is programmed or blown, it cannot be reverted to its unprogrammed state.
- Two main security applications
- Disable access to certain functionality on a chip
- Store data
8
Q
Domain Generated Algorithm (DGA)
A
- Creates procedurally generated domain names for malware C2 hosts
- Sets of instructions designed to generate domain names in rapid, seemingly random fashion to ensure that C2 instructions can be exchanged as defenders block and take down malicious domains
- Tools are used as part of a malware package to generate domain names from a known seed
- Bot controls infrastructure then dynamically generates domain names knowing that bots will use the same seed to know where to send their traffic
- Are used by malware to avoid detection and sanction of domains used for command-and-control networks
- These algorithms generate nonsensical domain names, having high entropy, or randomness, in an attempt to confuse analysts and obfuscate block domains
9
Q
DomainKeys Identified Mail (DKIM)
A
- Allows organizations to add content to messages to identify them as being from their domain
- Email senders to provide a method for recipients to verify messages using a pair of private and public keys to sign and verify messages
- Signs both the body of the message and elements of the header, helping to ensure that the message is actually from the organization it claims to be from
10
Q
Sender Policy Framework (SPF)
A
- Email authentication technique that allows organizations to publish a list of their authorized email servers
- Enables domain owners to prevent email spoofing by specifying the authorized mail servers in its DNS records
- Records are added to the DNS information for your domain and they specify which systems are allowed to send email from that domain
- Systems not listed in SPF will be rejected
11
Q
Domain-Based Messaged Authentication, Reporting and Conformance (DMARC)
A
- Is a protocol that uses SPF and DKIM to determine if an email message is authentic
- Same as DKIM and SPF, records are published in DNS, but unlike them DMARC can be used to determine if you should accept a message from a sender
12
Q
SaaS Problems
A
- ) Visibility - too many applications compared to what is actually being used
- ) IAM - Great for controlling data access, risk increases for a misconfiguration or failure to implement a critical control
- ) Data Flow - Sharing data across the organization and trusted partners is normal. Increases risk, need for technical controls from keeping it leaving the network
13
Q
PaaS Problems
A
- ) Have to secure own source code. Protecting admin access to the PaaS infrastructure helps organizations avoid loss of control and potential massive impacts to an organizations development process and bottom line
- ) Physical security of infrastructure
14
Q
IaaS Problems
A
- ) All issues with SaaS and PaaS also exist with IaaS
2. ) Any vulnerabilities that could take advantage of flaws in hard disks, RAM, CPU cahces and GPUs can affect IAAS