Chapter 7 - Identity and Access Management Flashcards
What is a Appending in password management?
It is adding letters, punctuation, and a number in that exact order - Password cracking programs look for these patterns, so the password is relatively weak
What is Replacing in password management?
It is when a user uses predictable patters, i.e. a zero for the letter “o” and etc - Password cracking programs look for these patterns, so the password is relatively weak
How does a Password work?
1) Username and Password is created and sent to server
2) Server scrambles password to create digest (fixed string of characters by a hash algorithm)
3) Username and Password is stored
What is a password manager?
Software application or online website that stores user passwords along with login information
What is a password vault or vaulting?
Enterprise-level system for storing user password credentials in a highly protected database (vault) on the organization’s network, can also require users to document a valid reason for accessing a particular resource
What is a security key?
Dongle inserted into a USB port, lightning cable, or a smartphone using NFC, this key contains all the necessary cryptographic info to authenticate the user - does not generate OTPs
What is credential stuffing?
Threat actors, with a stolen password digest, injects the username and password on any site hoping for repeated credentials
To protect, do not use the same passwords over multiple sites
What are keystroke dynamics?
A type of behavioral biometrics that recognizes a user’s unique typing rhythm, requires no specialized hardware and no additional steps beyond entering a username and password
What is ABAC?
Attribute-Based Access Control - access control scheme that uses flexible policies that can combine attributes
What is RBAC?
Role-Based Access Control - access control scheme that is considered a more “real-world” access control that is based on a user’s job function within an organization
What is MAC?
Mandatory Access Control - access control scheme that is the most restrictive by assigning users’ access controls strictly according to the custodian’s desires
What is Key Stretching?
A more secure approach for creating password digests, uses a specialized password hash algorithm that is intentionally designed to be slower
What is DAC?
Discretionary Access Control, access control scheme that is least restrictive, giving an owner total control over objects
What is Argon2?
A key stretching algorithm that can be configured based on several different parameters
What are sound password practices?
Minimum password length
Password Age
Reuse
What should provisioning include about password management?
(Initially setting up user accounts) should include policies that address password best practices (aka minimum length, age, and reuse)
What is password spraying?
Takes one or a small number of commonly used passwords and then uses this same password when trying to log into several different user accounts. Because this targeted guess is spread across many different accounts, it is less likely to raise any alarms or lock out the user account from too many failed password attempts.
What does identity cover in IAM?
Covers both identity proofing and authentication.
What is Salting?
Consists of a random string used in hash algorithms
What is Peppering?
Create the message digest as normal but then also encrypt it with a symmetrical encryption key before storing it
What is a passkey?
Refer to various methods for storing authenticating information in hardware, combine multifactor authentication into a single package that is managed by the device’s OS
What is physiological biometrics?
uses the way in which a body part uniquely functions in an individual
What is cognitive biometrics?
related to the perception, thought process, and understanding of the user
What does “Something you exhibit” mean?
Often linked to specialized attributes, may include neurological traits that can be identified by specialized medical equipment, ex. a certain genetic characteristic(s)
What is an ACL?
Access Control List - Is a set of permissions (authorizations) that is attached to an object
