Authentication Flashcards
What is 802.1x?
Standard for port based network access control - data link layer authentication technology used to connect devices on a LAN
What is LDAP?
Protocol for accessing and modifying directory services data. Application layer
What layer of the OSI model is 802.1x?
Data Link
What layer of the OSI model is LDAP?
Application
What is Kerberos?
Ticket based authentication protocol in windows used to identify clients to a server
What is RAS?
Remote Access Services - enables dial up and vpn connections to occur from remote clients
What is CHAP?
Challenge Handshake Protocol
What is RADIUS?
Remote Authentication Dial In User Service - used to make connections between computers and provides authentication, authorization, and accounting. Encrypts the password, uses UDP for speed.
What is TACACS + ?
Cisco Proprietary version of RADIUS - provides authentication and authorization. More secure than RADIUS due to TCP
Which is more secure RADIUS or TACACS+ ?
TACACS+ due to the use of TCP
What are the two primary VPN protocols?
L2TP and PTP
What is PAP?
Password Authentication Protocol - used to provide authentication but is not secure due to its transmission of unencrypted credentials
Why is PAP not secure?
Because it transmits credentials unencrypted
What is RDP?
Remote Desktop Protocol - port 3389 - Microsoft proprietary protocol that allows remote access to another computer via GUI
What is VNC?
Virtual Network Computing - cross platform version of RDP for non windows. Port 5900
What is EAP?
Extensible Authentication Protocol - framework of protocols that allows numerous methods of authentication including passwords, digital certificates and PKI
What is LEAP?
Cisco proprietary version of EAP
What is SSO?
Single Sign On - default user profile for each user is created and linked with all of the software/resources needed for that user to access when signing on - using one password for everything
What is the risk of SSO?
Since it uses only one password for everything, if that password is compromised, it can cause a major security breach.
What is the Context Aware authentication model?
Process to check user or system attributes prior to allowing it to connect
Restricting authentication due to factors such as time of day or location
What is FIDM?
Federated Identity Management - single identity is created for a user and shared with all of the organizations in a federation
What is SAML?
Security Assertion Markup Language - Attestation model built on XML used to share federated identity management info between systems
What is TOTP?
Time based one time password - password that is computed from a shared secret and current time
What is HOTP?
HMAC-based one-time password is a one-time password algorithm based on HMAC
What is HMAC?
Hash Based Message Authentication Code - cryptographic authentication technique that uses a hash function and a secret key.
What is FAR?
False Acceptance Rate - rate of false positives
What is FRR?
False Rejection Rate - rate of false negatives
What is CER?
Crossover Error Rate - type of metric used for evaluation of a biometric security system’s accuracy?
What are three attributes of HOTP?
Valid for one session, Based on cryptographic hash function/secret key, not vulnerable to replay attacks
What are three attributes of TOTP?
Valid for one session, not vulnerable to replay attacks, based on secret key and current time
A type of hierarchical database structure used in Windows Server environments that enables centralized management of users, devices and resources on a network is known as:
Active Directory
