CH19 Authentication Flashcards
What are the 5 factors of authentication to consider?
- Knowledge – user providing password, PIN, etc.
- Ownership – User proving that they have something in their possession. Token devices, smart card, USB dongle
- Characteristics – something that the person is. Biometric technology. (finger print reader, eye scanner)
- Location – where the person when they are trying to log into their account.
- Action – checks how you do something (sign your name, for example)
If you are using one of these factors at a time to identify the user, it is called single-factor authentication.
If you are using 1. username (knowledge) and 2. password (knowledge), it is considered single-factor authentication. (same type of info)
If you are using 1. Smart token (possession) and 2. PIN (knowledge) , it is considered two factor authentication.
What is Time-based One Time password (TOTP) ?
A password is computed from a shared secret and current time. (Ex: RSA Key fobs)
What is HMAC-based One Time Password (HOTP) ?
a password is computed from a shared secret and is synchronized between the client and the server.
What is Context-aware authentication model?
Process to check the user’s or system’s attributes or characteristics prior to allowing it to connect.
Most common form is limiting the time or the day that the user is able to log on to a particular client or server. Limiting the login based on the geographical location of the user
What is Single Sign-On (SSO) authentication model?
A default user profile for each user is created and linked with all of the resources needed. It is much easier.
However, one major drawback is that once SSO credentials have been compromised, the attacker now has access to every resource that the user had access to
What is Federated Identity Management (FIdM) authentication model?
A single identity is created for a user and shared with all of the organizations in a federation. Federations support the provisioning and management of identification, authentication, and authorization.
What is the Federated Identity Management (FIdM) - Cross Certification ?
utilizes a web of trust between organizations. Each organization is going to certify every other organization inside the Federation
What is the Federated Identity Management (FIdM) - Trusted Third-Party (aka bridge model) ?
Organizations place their trust in a single third party. This third party, then manages the verification and certification for all the organizations within the Federation
Trusted third-party model is more efficient than a cross-certification or web of trust model.
What is Security Assertion Markup Language (SAML) ?
attestation model built upon XML used to share federated identity management information between systems
What is OpenID?
open standard decentralized protocol to authenticate users.
OpenID allows the user to log into a identity provider (IP) and they can then utilize that same account across all of the cooperating websites or Relying Parties (RP).
OpenID is much easier to implement than SAML (Security Assertion Markup Language),
SAML does perform the functions more efficient than OpenID.
What is 802.1x?
Standardized framework used for port-based authentication on wired and wireless networks. It is a just a frame work.
It utilizes other mechanisms to do the real authentication such as Remote Authentication Dialing User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+)
802.1x can prevent rogue devices
What is Extensible Authentication Protocol (EAP) ?
A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure
What is EAP-MD5?
A variant of EAP that uses simple passwords for its challenge-authentication
What is EAP-TLS?
A variant of EAP that uses public key infrastructure, with a digital certificates for mutual authentication
What is EAP-TTLS ?
A variant of EAP that uses a server-side digital certificate and a client-side password for mutual authentication. More secure than the traditional EAP-MD5, but less secure than EAP-TLS
What is EAP-FAST (EAP Flexible Authentication via Secure Tunneling) ?
A variant of EAP that uses a protected access credential instead of a certificate for mutual authentication
What is PEAP (Protected EAP)
A variant of EAP that uses Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s password
What is LEAP?
A variant of EAP that is proprietary to Cisco-based networks.
What is LDAP?
LDAP = Lightweight Directory Access Protocol
Application layer protocol for accessing and modifying directory services data
A database used to centralize information about clients and objects on the network.
For the exam : LDAP communicates over port 389 (unencrypted) and port 636 ( encrypted)
What is Kerberos ?
an authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets.
Uses port 88
A domain controller can be a single point of failure for Kerberos
What is RDP ?
RDP = Remote Desktop Protocol
Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via a GUI.
RDP doesn’t provide authentication natively. Therefore, you have to enable SSL or TLS for service authentication and require some kind of digital certificate for increased security when RDP is being implemented within your network.
RCP port 3389
What is VNC?
VNC = Virtual Network Computing
Cross-platform version of the Remote Desktop Protocol for remote user GUI access. VNC can work on Linux, OSX, or Windows).
VNC requires a client, server, and protocol to be configured.
VNC port 5900
What are the 3 types of Remote Access authentications?
- PAP (Password Authentication Protocol)
- CHAP (Challenge Handshake Authentication Protocol)
- EAP (Extensible Authentication Protocol)
PAP and CHAP used mostly with dial-up
What is CHAP?
CHAP = Challenge Handshake Authentication Protocol
Authentication scheme that is used in dial-up connections
Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers.
MS-CHAP – Microsoft’s version of CHAP, which provided stronger encryption keys and mutual authentication.
What is PAP?
PAP = Password Authentication Protocol
Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted.
What is VPN?
VPN = Virtual Private Network
Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network.
What is Remote access VPN or client-to-site VPN ?
enables teleworkers and traveling employees to remotely access corporate resources.
What is Site-to-Site VPN ?
connects two different sites together
What is VPN Concentrator ?
Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers
What is Split tunneling?
a remote worker’s device will use their own internet connection for their web request, but they’re going to use your VP connection for all of their intranet requests.
It can be prevented by proper configuration of your client’s VPNs as well as utilizing proper network segmentation for your VPN concentrator.
What is RADIUS?
RADIUS = Remote Authentication Dial-In User Service
provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP)
RADIUS operates at the application layer. It also uses UDP for making its connections.
RADIUS doesn’t support the remote access protocol
For the exam : RADIUS commonly uses port 1812 for its authentication messages and pot 1813 for its authorization. (Some proprietary versions of RADIUS may also use ports 1645 and 1646 instead)
What is TACACS+ ?
Cisco’s proprietary version of RADIUS. This is a terminal Access Controller Access Control System Plus which can perform the role of an authenticator in an 802.1x network.
Port 49 (TCP).
It gives you additional security and independently conducts its authentication, authorization, and accounting processes.
TACACS+ supports all network protocols
but it is NOT considered cross-platform
What is Spoofing authentication attack?
software-based attack where the goal is to assume the identity of a user, process, address, or other unique identifier
What is man-in-the-middle authentication attack?
An attack where the attacker sits between two communicating hosts and transparently captures, monitors, and relays all communication between the hosts
What is authentication Main-in-the-browser attack?
attack that intercepts API calls between the browser process and its DLLs
What is Online password authentication attack?
involve guessing and entering directly to a service.
To prevent this attack, restrict the number or the rate of login attempts
What is Password Spraying authentication attack?
Brute force attack in which multiple user accounts are tested with a dictionary of common passwords
What is Credential Stuffing authentication attack?
Brute force attack in which stolen user account names and passwords are tested against multiple websites.
Can be prevented by not reusing passwords across different websites
What is Broken authentication attack?
A software vulnerability where the authentication mechanism allows an attacker to gain entry.
