Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

3630 - Info Assurance and Security > Chapter 3 > Flashcards

Chapter 3 Flashcards

1
Q

The process of veifying an identity claimed by or for a system entity

A

RFC 4949

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Fundamental building block and primary line of defence

A

Authentication Process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Something the individual:

  • knows
  • possesses
  • is (static biometrics)
  • does (dynamic biometrics)
A

4 means fo authenticating user identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Assurance level
Potential impact
Areas of risk

A

Risk Assessment for User Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued

A

Assurance Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Low - limited effect
Moderate = serious effect
High = Severe effect

A

Potential Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Widely used line of defense against intruders

A

Password Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Up to 8 printable characters in length; now regarded as inadequate

A

UNIX Implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Much stronger hash schemes available for Unix

A

Improved Implementations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • Dictionary attacks
  • Rainbow table attacks
  • Password crackers exploit the fact that people choose easy pw
  • John the Ripper - open-source pw cracker
A

Password Cracking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Complex pw policy

A

Modern approches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Can block offline guessing attacks by denying access to encrypted pw

A

Password File Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • User education
  • Computer generated pw
  • Reactive pw checking
  • Complex pw policy
A

Password Selection Strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Pw cracker
Rule enforcement
Bloom filter

A

Proactive Pw checking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q 
Can store but dont process data
- Most common magnetic stripe card
Cons:
- requires reader
-loss of token
A

Memory cards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Looks like bank card

Man. Interface include keypad a/ display for interaction

A

Smart tokens

17
Q 
Most important category of smart token
- Contain microprocessor
3 type memory:
- Read-only memory(ROM)
- Electrically erasable programmable ROM
- Random Access Memory (RAM)
A

Smart Cards

18
Q

Use smart card as national identity card for citizens

A

Electronic Identity Cards (eID)

19
Q

Ensures eID cant be read without access control

  • For online apps
  • for offline apps
A

PW Authenticated Connection Establishment (PACE)

20
Q

Based on unique physical characteristics

  • Fingerprints
  • Iris
  • tech. complex/ expensive
A

Biometric Authentication

21
Q

Authentication over network

Rely on some form of challenge-response protocol since its prone to eavesdropping, getting pw

A

Remote User Authentication

22
Q

Denial of Service

  • Eavesdropping
  • Host attacks
  • Replay
  • Client attacks
  • Trojan horse
A

Authentication security issues

3630 - Info Assurance and Security (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions