Authentication, Password, Phising Flashcards

1
Q

Identification

A

announce who you are

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authentication

A

prove that you are indeed who you claimed to be:

  • Knowledge (Passwort, Fragen)
  • Posession (Schlüssel)
  • physical Characteristiks (Biometrics, Gesichtserkennung, Fingerprint)
  • mechanical Tasks (Handwriting, typing Speed)
  • Location (certain terminal, GPS based)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

2 Faktor Authentication

A

RSA SecureID Card, AppleID

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Passwords

A

→store Password hashed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authentication with hashed password

A

Situation: user hold his Password(P) and user ID
Server only knows the Password hash(H) for a given user
Authentication: user sends hin P/ID to Server → Looks up for hash ID Server computes hash(P) and COmpares it with H

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Dictionary Attack

A

Situation: Attacker knows H and wants to retrieve P, and P is contained in a dictionary file (Pi)
Attack: Attacker computes hash value for all entries in the dictionary (Pi, Hi)
Dictionary Space is significantly smaller than full search space

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Salted Passwort hashed

A

P are stored in salted form → Random value S

Password hash is H = hash(P,S)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Passwort Selection

A

To avoid dictionary attacks
P →significant length, containt letters, numbers and Special characters
- common Password selection technique (based on a sentence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Sessions

A

HTTP is stateless →Problem for Web applications
implement session trackings →Cookies
→Long lived

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cookies

A
  • after receiving credentials, Server has to maintain the Users authenticated dtate
  • Instead: Attach authenticated to the session Cookie
  • security Problems arise out of These characteristiks
    →Authentication with certificates
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Phising

A

= Daten von Internetnutzern bspw. über gefälschte Internetadressen, Email oder SMS abfangen
- Nachahmung Designs einer vertrauenswürdige Webseite
Methode: via Malware/Trojaner Kommunikationsweg abfangen, Register Domain that looks similar

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Access Control

A

Security Technik, mit der man reguliert , wer oder was bestimmte Ressourcen in einer Computing-Umgebung nutzen oder betrachten kann
2. Steps: Authentication (Wer?) + Authorization (bekommt er Zugang?)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Access Control List

A

List that stores the accesss right to an object with the object itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Reference Monitor (Access Control)

A

abstrakte Maschine, that medicates all Access to Object by Subjects zb MS Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Access Control Matrix

A

Matrix in der den Rollen die Rechte zugewiesen werden für ein bestimmten Object

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Capabilities (Access Control)

A

speichert Rechte mit Subject

ACL speichert Rechte mit Object

17
Q

Discretionary Access Control (DAC)

A

Hierbei wird die Entscheidung, ob auf eine Ressource zugegriffen werden darf, allein auf der Basis der Identität des Akteurs getroffen. Das heißt, die Zugriffsrechte für (Daten-)Objekte werden pro Benutzer festgelegt

18
Q

Mandatory Access Control (MAC)

A

Die Entscheidungen über Zugriffsberechtigungen werden nicht nur auf der Basis der Identität des Akteurs (Benutzers, Prozesses) und des Objekts gefällt, sondern aufgrund zusätzlicher Regeln und Eigenschaften