Comparing Authentication Services Flashcards

1
Q

What is NTLM ?
What key security principles does it support?
Which version of it isn’t it recommended to use and why?
What is the difference with NTLMv2 and NTLM2 session?
What does Microsoft recommend developers use instead?

A

New Technology LAN Manager - it’s a suite of protocols that provide authentication, integrity and confidentiality within windows systems.
It isn’t recommended because it uses the MD4 hash for passwords which has been cracked
NTLMv2 uses HMAC-MD5 hash / NTLM2 Session adds mutual authentication
Developers should use the ‘Negotiate’ security package which will automatically pick the best security possible between two machines

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How does Single Sign On increase security?

A

It means users have to remember less passwords and thus less likely to write them down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are transitive trusts?

What authentication method do transitive trusts support?

A

Transitive Trusts create an indirect trust partnershipt between two child domains that trust the same parent.
It support single sign on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What Extensible Markup Language based data format is used for SSO on web browsers?

A

Security Assertion Markup Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What could two organisations who trusted each other use to enable users logging into their websites to access both of them freely?

A

They can use SAML (Security Assertions Markup Language) for single sign on as a federated identity management system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What 3 roles does SAML define?

A

Principle - typically a user
Identity provider - manages identity information for principles
Service provider - provides services to principles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SSO provides authorization, true or false?

A

FALSE. It provides identification and authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the term given to a central authentication system for a nonhomogenous environment?

A

a federated identity management system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the name of a popular open source federated identity management system that uses SAML?

A

Shibboleth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the popular open standard for authorization that allows a client to access resources for an online service by allowing that service to get authorization for the client from the authorization/identity provider (e.g. from their google account)?

A

OAuth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Using the example of using Google credentials on another app/service. Why is OAuth considered an authorization method and not authentication?

A

Because the service provider that uses OAuth is seeking authorization to identity and content information of your Google account. To do this, Google presents credentials prompt on the application requesting authorization, this provides the authentication step. After this step, the application is then authorized to access your Google profile information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What works with OAuth 2.0 to provide authentication of users for clients (clients being websites). What does it save the client doing?

A

OpenID Connect.
It saves the client having to handle separate user credentials. It also streamlines the experience for users by allowing them to use their Facebook credentials for instance instead of creating a new user login.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The OAuth and SAML process often uses tokens as part of the authorization process, true or false?

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SAML can’t be used with what?

A

Mobile applications, because SAML assumes the client is a web-browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly