Authentication Flashcards
1.2 Summarize fundamental security concepts. Confidentiality, Integrity, and Availability (CIA) Non-repudiation Authentication, Authorization, and Accounting (AAA) Authenticating people Authenticating systems Authorization models Gap analysis Zero trust Control plane Adaptive identity Threat scope reduction Policy-driven access control Policy Administrator Policy Engine Data plane Implicit trust zones Subject/System Policy enforcement point 2.5 Explain the purpose of mitigation techniques used t
In Kerberos, a token issued to an authenticated account to allow access to authorized application servers.
Ticket Granting Ticket (TGT)
In a federated network, the service that holds the user account and performs authentication.
Identity provider (IdP)
A framework for implementing authentication providers in Linux.
Pluggable authentication module (PAM)
Authentication token generated by a cryptoprocessor on a dedicated hardware device. As the token is never transmitted directly, this implements an ownership factor within a multi-factor authentication scheme.
Hard authentication token
A process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems.
Federation
A collection of attributes that define a unique identifier for any given resource within an X.500-like directory.
Distinguished name (DN)
uses a public/private key pair to register each account, avoiding the need to communicate a shared secret, a weakness of HOTP and TOTP. The private key is locked to the U2F device and signs the token; the public key is registered with the authentication server and verifies the token. As no digital certificates are involved, the solution does not rely on PKI.
Fast IDentity Online (FIDO) Universal 2nd Factor (U2F)
A biometric assessment metric that measures the number of valid subjects who are denied access.
False Rejection Rate (FRR)
A standardized, stateless architectural style used by web applications for communication and integration.
Representational State Transfer (REST)
A file format that uses attribute-value pairs to define configurations in a structure that is easy for both humans and machines to read and consume.
JavaScript Object Notation (JSON)
Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.
Single sign-on (SSO)
Multi-factor authentication scheme that uses ownership and biometric factors, but not knowledge factors.
Passwordless
Capability of an authenticator or other cryptographic module to prove that it is a root of trust and can provide reliable reporting to prove that a device or computer is a trustworthy platform.
Attestation
A biometric evaluation factor expressing the point at which FAR and FRR meet, with a low value indicating better performance.
Crossover Error Rate (CER)
An XML-based data format used to exchange authentication information between a client and a service.
Security Assertion Markup Language (SAML)
Governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications.
Public key infrastructure (PKI)
An authentication mechanism that allows a user to perform a biometric scan to operate an entry or access system. Physical characteristics stored as a digital data template can be used to authenticate a user. Typical features used include facial pattern, iris, retina, fingerprint pattern, and signature recognition.
Biometric authentication
An authentication scheme that requires the user to present at least two different factors as credentials; for example, something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.
Multi-factor authentication (MFA)
A challenge-response authentication protocol created by Microsoft for use in its products.
NT LAN Manager (NTLM) authentication
An XML-based web services protocol that is used to exchange messages.
Simple Object Access Protocol (SOAP)
A standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider.
Open Authorization (OAuth)
Your role, position, or current project. This information can be used to determine policy and permission.
Attributes
Portable HSM with a computer interface, such as USB or NFC, used for multi-factor authentication.
Security key
A biometric assessment metric that measures the number of unauthorized users who are mistakenly allowed access.
False Acceptance Rate (FAR)
