Chapter 4 - Access Control, Authentication & Authorization Flashcards
What’s the concept behind “access control”?
4-131
Let the right ones in, keep the wrong ones out.
Tell me the difference between identification and authentication.
4-131
identification - finding out who someone is
authentication - verifying the identification
You have two or more parties authenticating each other. What is this called?
4-132
mutual authentication
You have an authentication process, and in that process, two or more access methods are included. What kind of authentication system is this?
4-133
multifactor authentication
Tell me the 5 “factors” you have to work with when building your authentication system.
4-131
something you know, have, are, or do
somewhere you are
What does NAC stand for?
4-134
network access control
True/False: Security tokens are used to identify and authenticate the user, and because of this, they are similar to certificates.
4-135
True
You have a group of computer networks that all agree on standards of operation. What do you call this?
hint: Star Wars
4-135
a federation
Your identity, linked with your priveleges, allows you to cross business units and business boundaries. What kind of identity is this?
4-135
a federated identity
You are a user on a client PC communicating with an authentication server. Tell me the steps involved in the security token authentication.
4-136
server presents a challenge to the pc pc provides a response server sends a token device challenge pc sends back a valid certificate server grants authentication
You have an Active Directory and the domains of your forest trust each other. By default, these trusts are _______ and _______.
4-136
two-way, transitive
Tell me the difference between PAP and SPAP.
4-139
PAP sent stuff in plain text. SPAP encrypts stuff, THEN sends it.
A protocol was designed to stop man-in-the-middle attacks. What is that protocol?
There is another protocol that uses the aforementioned protocol to provide authentication. which protocol is that?
4-139
CHAP
PPP
Which protocol uses a time based factor for the creation of new passwords?
4-139
TOTP
Which protocol is based on a hash message algorithm?
4-139
HOTP
Tell me the lockout policies at the local level. There are three of them
4-141
account lockout duration
account lockout threshold
reset account lockout counter after
Explain to me what SLIP is.
4-143
Serial Line Internet Protocol. It’s an older protocol, was used in early remote access situations, was not secure, and could only be used to pass TCP/IP traffic.
Tell me 4 options that are common for remote authentication.
hint: tacks in a circle
4-143
TACACS, TACACS+, XTACACS, RADIUS
We’ve talked about tunneling protocols like PPTP, L2TP and SSH. How is IPSec different from these?
4-145
It isn’t a tunneling protocol, but is used alongside a tunneling protocol. It is primarily used in LAN to LAN connections, but can also be used with some remote connections.
Tell me the major difficulty with a single-server RADIUS environment.
4-145
If the server malfunctions, the entire network may refuse connections.
What is SAML for?
4-147
authentication and authorization, based on XML
You are using a KDC to get authentication to receive services from a server. What’s the problem with this?
4-148
the KDC is a single point of failure
Tell me the 4 primary methods of access control.
4-150
mandatory access control - predefined
discretionary access control - some flexibility
role-based access control - user’s role dictates access capabilities
rule-based access control - limits the user to settings in preconfigured policies
What is the SA account?
4-153
the system administrator