Chapter 2 Concepts Flashcards
Understand concepts in Chapter 2 of Security+ book
Identification
Identification occurs when a user CLAIMS an identity with a username or email address.
Authentication
Authentication occurs when the user PROVES the CLAIMED identity with a password or PIN and the credentials are verified.
Authorization
Authorization occurs when users are granted access to system resources based on the authentication of the proven identity.
Accounting
Accounting is the process of logging the actions that users take in system logs.
Authentication Factors
Authentication factors include something you know (password or PIN), something you have (smart cards, hardware tokens), something you are (biometric), somewhere you are (location based), and something you do (gestures on a screen).
False Acceptance (Rate)
False acceptance occurs when a biometric system incorrectly identifies an UNAUTHORIZED user as an authorized user. False acceptance rate denotes the percentage of time false acceptance occurs.
False Rejection (Rate)
False rejection occurs when a biometric system incorrectly REJECTS an AUTHORIZED user. False rejection rate denotes the percentage of time false rejections occur.
Crossover Error Rate
The crossover error rate is the point where the false acceptance rate crosses over with the false rejection rate. A lower crossover error rate indicates that the biometric system is more accurate.
Kerberos
Kerberos is a network authentication protocol within a Microsoft Windows Active Directory domain or a Unix realm. It uses a database of objects such as Active Directory and a Key Distribution Center (KDC) or Ticket-Granting Tickets (TGT) server to issue time-stamped tickets that expire a certain period of time. Kerberos uses symmetric-key cryptography to prevent unauthorized disclosure and to ensure confidentiality.
New Technology LAN Manager
NTLM is a suite of protocols that provide authentication, integrity, and confidentiality within Windows systems. NTLM has been cracked and is not recommended for use today.
Lightweight Directory Access Protocol
LDAP specifies formats and methods to query directories.
Single Sign-On
Single sign-on refers to the ability of a user to log on or access multiple systems by providing credentials only once.
Security Assertion Markup Language
SAML is an XML-based standard used to exchange authentication and authorization information between different parties. SAML provides single sing-on for web-based applications.
Federation
A federation requires two or more parties (companies) to agree on a standard for identities and then exchange information based on that standard. A federated identity links a user’s credentials from different networks or operating systems, but the federation teats it as one identity.
Role-Based Access Control
Role-based access control uses roles (or groups) to manage rights and permissions for users. An administrator will create a role (or group), assign specific rights and permissions to that role (or group) then assign individual users to that role (or group).
