Authentication Flashcards
Use of two or more authentication factors to prove a user’s identity
* Knowledge
* Ownership
* Characteristic
* Location
* Action
Multi-factor Authentication
- A password is computed from a shared secret and current time
Time based one time password (TOTP)
A password is computed from a shared secret and is synchronized
between the client and the server
HMAC-based one Time Password (HOTP)
Process to check the user’s or system’s attributed or characteristics prior
to allowing it to connect
Context aware Authentication
A default user profile for each user is created and linked with all of the
resources needed
Sing sign on (SSO)
A single identity is created for a user and shared with all of the
organizations in a federation
Federated Identity Management (FIdM)
Utilizes a web of trust between organizations where each one
certifies others in the federation
Cross Certificatioin
Organizations are able to place their trust in a single third-party
(also called the bridge model)
Trusted Third-Party
Attestation model built upon XML used to share federated
identity management information between systems
Security Assertion Markup Language
An open standard and decentralized protocol that is used to
authenticate users in a federated identity management system
OpenID
Standardized framework used for port-based authentication on wired
and wireless networks
802.1x
A framework of protocols that allows for numerous methods of
authentication including passwords, digital certificates, and public key
infrastructure
Extensible Authentication Protocol (EAP)
Provides flexible authentication via secure tunneling (FAST) by using a
protected access credential instead of a certificate for mutual
authentication
EAP-FAST
Supports mutual authentication by using server certificates and
Microsoft’s Active Directory to authenticate a client’s password
Protected EAP
A database used to centralize information about clients and objects on
the network
Lightweight Directory Access Protocol (LDAP)
An authentication protocol used by Windows to provide for two-way
(mutual) authentication using a system of tickets port 88
Kerberos
Microsoft’s proprietary protocol that allows administrators and users to
remotely connect to another computer via a GUI
Remote Desktop Protocol (RDP)
Cross-platform version of the Remote Desktop Protocol for remote user
GUI access
Virtual NEtwork Computing (VNC)
Used to provide authentication but is not considered secure since it
transmits the login credentials unencrypted (in the clear)
Password Authentication Protocol (PAP)
Used to provide authentication by using the user’s password to encrypt a
challenge string of random numbers
Challenge Handshake Authentication Protocol (CHAP)
Allows end users to create a tunnel over an untrusted network and
connect remotely and securely back into the enterprise network
Virtual Private Network(VPN)
Specialized hardware device that allows for hundreds of simultaneous
VPN connections for remote workers
VPN Concentrator
A remote worker’s machine diverts internal traffic over the VPN but
external traffic over their own internet connection
Split Tunneling
Provides centralized administration of dial-up, VPN, and wireless
authentication services for 802.1x and the Extensible Authentication
Protocol (EAP)
Remote Authentication Dial-In Service (RADIUS)