Chapter 11 - Authentication And Account Management Flashcards
Authentication
Proving that a user is genuine, and not an imposter.
Authentication credentials
1) what he has
2) what he is
3) what he knows
4) where he is
5) what he does
Online attack
An attempt to enter different passwords at the login prompt until the right password is guessed.
Offline attack
Stealing a message digest database and cracking it offline.
NTLM (New Technology LAN Manager) hash
A hash used by modern Microsoft Windows operating systems for creating password digests.
Pass the hash attack
An attack in which the user sends the hash to the remote system to then be authenticated on an NTLM system.
Mask attack
A more targeted brute force attack that uses placeholders for characters in certain positions of the password.
Rule attack
Conducts a statistical analysis on the stolen passwords that is then used to create a mask to break the largest number of passwords.
Dictionary attack
A password attack that creates encrypted versions of common dictionary words and compares them against those in a stolen password file.
Rainbow tables
Large pre-generated data sets of encrypted passwords used in password attacks.
Key stretching
A password hashing algorithm that requires significantly more time than standard hashing algorithms to create the digest.
2 popular key stretching password hash algorithms
1) bcrypt
2) PBKDF2
Multifactor authentication
Using more than one type of authentication credential.
Security token
A means of authentication based on a token that the user has.
Hardware security token
A small device (usually one that can be affixed to a keychain) with a window display.
Software security token
Software stored in a general-purpose device like a laptop computer or smartphone.
Time-based one-time password (TOTP)
A one-time password that changes after a set period.
HMAC-based one-time password (HOTP)
A one-time password that changes when a specific event occurs.
Smart card
A card that contains an integrated circuit chip that can hold information used as part of the authentication process.
Proximity card
A contactless card that does not require physical contact with the card itself for authentication.
Common access card (CAC)
A U.S department of defense (DoD) smart card used for identification of active-duty and reserve military personnel along with civilian employees and special contractors.
Personal Identity Verification (PIV)
A U.S government standard for smart cards that covers all government employees.
Standard biometrics
Using fingerprints or other unique physical characteristics of a persons face, hands, or eyes for authentication.
Retinal scanner
A device that uses the human retina as a biometric identifier.
Fingerprint scanner
A device that uses fingerprints as a biometric identifier.
Iris scanner
Using a standard computer webcam to map the unique characteristic of the iris for authentication.
Facial recognition
A biometric authentication that is becoming increasingly popular in smartphones that views the users face.
Cognitive biometrics
Relates to the perception, thought process, and understanding of the user.
Behavioral biometrics
Authentication that is based on actions that the user is uniquely qualified to perform, or something you do.
Keystroke dynamics
A type of behavioral biometrics which attempts to recognize a users unique typing rhythm.
Geolocation
A type of authentication based on where the user is located, or somewhere you are. It is the identification of the location of a person or object using technology.
Federation
Single sign-on for networks owned by different organizations, also called federated identity management (FIM)
Single sign-on (SSO)
Using one authentication credential to access multiple accounts or applications.
Credential management
Managing the login credentials such as passwords in user accounts.
Group policy
A preferred approach is to assign privileges by group instead of individually.
