Domain 5: Identity and Access Management Flashcards
Authentication Methods
Type 1- Something you know (Password, Pin)
Type 2- Something you have (Token, phone)
Type 3- Something you are
Type 4- Some place you are
Credential Set
Term used for the combination of both the identification and authentication of a user
Type 1 Authentication
.Dynamic Passwords change at regular intervals
.Strong authentication = multifactor
Dictionary attack
.Uses a word list: a predefined list of words
.Fast but least effective
Rainbow Table
.Acts as a database that contains the precomputed hashed output for most or all words
Hybrid attack
Appends or prepends or changes the characters in words in a dictionary before hashing to attempt the fasted crack of complex words
Type 2 Authentication
. Requires the user to possess something
.Token, card, phone, etc
Synchronous Dynamic Token
synchronized with a central server
.Challenge-response token most common
False Reject Rate (FRR)
.When authorized subject is rejected by the biometric system.
Type 1 error
False Accept Rate (FAR)
.When an unauthorized subjects is accepted as valid by a biometric system
.Type 2 error
.Worse
Asynchronous Dynamic Tokens
.Not synchronized with a central server
.Challenge-response token most common
Crossover Error Rate (CER)
.Describes the point where the FRR and the FAR are equal
.Also know as the Equal Error Rate (ERR)
Retina Scans
.Can seem intrusive due to privacy concerns
.Can identify health condition
Centralized Access Control
One logical point
.Can be used for Single Sign On (SSO)
Decentralized Access Control
Allow IT administration to occur closer to the mission and operation of the organization
.Provides more local power.
.Each site has control over its data