CH19 Authentication

Question 1

What are the 5 factors of authentication to consider?

Answer 1

1. Knowledge – user providing password, PIN, etc.
2. Ownership – User proving that they have something in their possession. Token devices, smart card, USB dongle
3. Characteristics – something that the person is. Biometric technology. (finger print reader, eye scanner)
4. Location – where the person when they are trying to log into their account.
5. Action – checks how you do something (sign your name, for example)

If you are using one of these factors at a time to identify the user, it is called single-factor authentication.

If you are using 1. username (knowledge) and 2. password (knowledge), it is considered single-factor authentication. (same type of info)

If you are using 1. Smart token (possession) and 2. PIN (knowledge) , it is considered two factor authentication.

Question 2

What is Time-based One Time password (TOTP) ?

Answer 2

A password is computed from a shared secret and current time. (Ex: RSA Key fobs)

Question 3

What is HMAC-based One Time Password (HOTP) ?

Answer 3

a password is computed from a shared secret and is synchronized between the client and the server.

Question 4

What is Context-aware authentication model?

Answer 4

Process to check the user’s or system’s attributes or characteristics prior to allowing it to connect.

Most common form is limiting the time or the day that the user is able to log on to a particular client or server. Limiting the login based on the geographical location of the user

Question 5

What is Single Sign-On (SSO) authentication model?

Answer 5

A default user profile for each user is created and linked with all of the resources needed. It is much easier.

However, one major drawback is that once SSO credentials have been compromised, the attacker now has access to every resource that the user had access to

Question 6

What is Federated Identity Management (FIdM) authentication model?

Answer 6

A single identity is created for a user and shared with all of the organizations in a federation. Federations support the provisioning and management of identification, authentication, and authorization.

Question 7

What is the Federated Identity Management (FIdM) - Cross Certification ?

Answer 7

utilizes a web of trust between organizations. Each organization is going to certify every other organization inside the Federation

Question 8

What is the Federated Identity Management (FIdM) - Trusted Third-Party (aka bridge model) ?

Answer 8

Organizations place their trust in a single third party. This third party, then manages the verification and certification for all the organizations within the Federation

Trusted third-party model is more efficient than a cross-certification or web of trust model.

Question 9

What is Security Assertion Markup Language (SAML) ?

Answer 9

attestation model built upon XML used to share federated identity management information between systems

Question 10

What is OpenID?

Answer 10

open standard decentralized protocol to authenticate users.

OpenID allows the user to log into a identity provider (IP) and they can then utilize that same account across all of the cooperating websites or Relying Parties (RP).

OpenID is much easier to implement than SAML (Security Assertion Markup Language),
SAML does perform the functions more efficient than OpenID.

Question 11

What is 802.1x?

Answer 11

Standardized framework used for port-based authentication on wired and wireless networks. It is a just a frame work.

It utilizes other mechanisms to do the real authentication such as Remote Authentication Dialing User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+)

802.1x can prevent rogue devices

Question 12

What is Extensible Authentication Protocol (EAP) ?

Answer 12

A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates, and public key infrastructure

Question 13

What is EAP-MD5?

Answer 13

A variant of EAP that uses simple passwords for its challenge-authentication

Question 14

What is EAP-TLS?

Answer 14

A variant of EAP that uses public key infrastructure, with a digital certificates for mutual authentication

Question 15

What is EAP-TTLS ?

Answer 15

A variant of EAP that uses a server-side digital certificate and a client-side password for mutual authentication. More secure than the traditional EAP-MD5, but less secure than EAP-TLS

Question 16

What is EAP-FAST (EAP Flexible Authentication via Secure Tunneling) ?

Answer 16

A variant of EAP that uses a protected access credential instead of a certificate for mutual authentication

Question 17

What is PEAP (Protected EAP)

Answer 17

A variant of EAP that uses Supports mutual authentication by using server certificates and Microsoft’s Active Directory to authenticate a client’s password

Question 18

What is LEAP?

Answer 18

A variant of EAP that is proprietary to Cisco-based networks.

Question 19

What is LDAP?

Answer 19

LDAP = Lightweight Directory Access Protocol

Application layer protocol for accessing and modifying directory services data

A database used to centralize information about clients and objects on the network.

For the exam : LDAP communicates over port 389 (unencrypted) and port 636 ( encrypted)

Question 20

What is Kerberos ?

Answer 20

an authentication protocol used by Windows to provide for two-way (mutual) authentication using a system of tickets.

Uses port 88

A domain controller can be a single point of failure for Kerberos

Question 21

What is RDP ?

Answer 21

RDP = Remote Desktop Protocol

Microsoft’s proprietary protocol that allows administrators and users to remotely connect to another computer via a GUI.

RDP doesn’t provide authentication natively. Therefore, you have to enable SSL or TLS for service authentication and require some kind of digital certificate for increased security when RDP is being implemented within your network.

RCP port 3389

Question 22

What is VNC?

Answer 22

VNC = Virtual Network Computing

Cross-platform version of the Remote Desktop Protocol for remote user GUI access. VNC can work on Linux, OSX, or Windows).

VNC requires a client, server, and protocol to be configured.

VNC port 5900

Question 23

What are the 3 types of Remote Access authentications?

Answer 23

1. PAP (Password Authentication Protocol)
2. CHAP (Challenge Handshake Authentication Protocol)
3. EAP (Extensible Authentication Protocol)

PAP and CHAP used mostly with dial-up

Question 24

What is CHAP?

Answer 24

CHAP = Challenge Handshake Authentication Protocol

Authentication scheme that is used in dial-up connections

Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers.
MS-CHAP – Microsoft’s version of CHAP, which provided stronger encryption keys and mutual authentication.

Question 25

What is PAP?

Answer 25

PAP = Password Authentication Protocol

Used to provide authentication but is not considered secure since it transmits the login credentials unencrypted.

Question 26

What is VPN?

Answer 26

VPN = Virtual Private Network

Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network.

Question 27

What is Remote access VPN or client-to-site VPN ?

Answer 27

enables teleworkers and traveling employees to remotely access corporate resources.

Question 28

What is Site-to-Site VPN ?

Answer 28

connects two different sites together

Question 29

What is VPN Concentrator ?

Answer 29

Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers

Question 30

What is Split tunneling?

Answer 30

a remote worker’s device will use their own internet connection for their web request, but they’re going to use your VP connection for all of their intranet requests.

It can be prevented by proper configuration of your client’s VPNs as well as utilizing proper network segmentation for your VPN concentrator.

Question 31

What is RADIUS?

Answer 31

RADIUS = Remote Authentication Dial-In User Service

provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP)

RADIUS operates at the application layer. It also uses UDP for making its connections.

RADIUS doesn’t support the remote access protocol

For the exam : RADIUS commonly uses port 1812 for its authentication messages and pot 1813 for its authorization. (Some proprietary versions of RADIUS may also use ports 1645 and 1646 instead)

Question 32

What is TACACS+ ?

Answer 32

Cisco’s proprietary version of RADIUS. This is a terminal Access Controller Access Control System Plus which can perform the role of an authenticator in an 802.1x network.

Port 49 (TCP).

It gives you additional security and independently conducts its authentication, authorization, and accounting processes.

TACACS+ supports all network protocols

but it is NOT considered cross-platform

Question 33

What is Spoofing authentication attack?

Answer 33

software-based attack where the goal is to assume the identity of a user, process, address, or other unique identifier

Question 34

What is man-in-the-middle authentication attack?

Answer 34

An attack where the attacker sits between two communicating hosts and transparently captures, monitors, and relays all communication between the hosts

Question 35

What is authentication Main-in-the-browser attack?

Answer 35

attack that intercepts API calls between the browser process and its DLLs

Question 36

What is Online password authentication attack?

Answer 36

involve guessing and entering directly to a service.

To prevent this attack, restrict the number or the rate of login attempts

Question 37

What is Password Spraying authentication attack?

Answer 37

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords

Question 38

What is Credential Stuffing authentication attack?

Answer 38

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

Can be prevented by not reusing passwords across different websites

Question 39

What is Broken authentication attack?

Answer 39

A software vulnerability where the authentication mechanism allows an attacker to gain entry.