EXAM 3 FLASH Flashcards
Trusted Platform Model (TPM)
hardware solution on motherboard that assists with key generation and storage & random number generation. Keys are stored on a separate part of motherboard to ensure physical security protection
Hardware Security Model (HSM)
device used to manage and/or store encryption keys. Can help with cryptographic features like encrypting, hashing, and using digital signatures.
Are usually connected using USB that provide tamper protection mechanisms from other users looking to find the usb via network
Knowledge Based Authentication
method where the user is identified using using common set knowledge.
EX: When verifying bank info, the website has you to verify your address out of a lineup of similar addresses, knowledge that was set in place for you to verify later at the time of setup.
Extensible Authentication Protocol (EAP)
designed to support multiple authentication mechanisms using PPP (Point to Point Protocol). Connecting authentication certificates, tokens, one time passwords, smart cards, etc.
Challenge-Handshake Authentication Protocol (CHAP)
Provides Authentication through the usage of challenge and response protocol systems (called a 3 way handshake)
The client sends a message to the server, the server must send the correct message back for the authentication to be granted or denied (the last part of the handshake)
Password Authentication Protocol (PAP)
Involves a two way handshake in where the password and username are sent across the link in clear text. Does not provide any protection from line sniffing and playback.
802.1X
Authentication standard that supports port related authentication services between a user and an authorization device like an edge router. Commonly used on wireless access points.
Remote Authentication Dial-In User Service (RADIUS)
(AAA Protocol and UDP transport) Provides client systems with authentication and access control within an enterprise network.
IS USUALLY A NETWORK ACCESS SERVER (NAS)
Security Assertion Markup Language (SAML)
A single sign on capability used for web applications to ensure user identities can be shared and are protected.
Defines standard for exchanging authorization and authentication data between security domains.
XML based protocol
Terminal Access Controller Access Control System Plus (TACACS+)
Protocol that takes a client/server model approach and handles authentication, authorization, and accounting (AAA) services. Similar to RADIUS in the AAA protocol system but this uses TCP transport method. (RADIUS uses UDP)
Open Authorization (OAUTH)
is an open protocol that allows secure token based authorization from the web, mobile, and desktop applications using a simple and standard method. Designed to remove the need for users to share their passwords with third party applications. Instead, using a substituting token.
OpenID
a simple identity layer on top of the OpenAuthorization protocol. Created to allow third party applications to authenticate your users for you by using the accounts that users already own.
Kerberos
Third party authentication service that uses a series of tickets as tokens for authenticating users. The steps are protected using strong cryptography.
Communicates via. tickets
Access Control Schemes
Refers to all security features used to prevent unauthorized access to a computer system or network
Attribute Based Access Control (ABAC)
Evaluates specific rules and policies against attributes associated with a subject or object.
Major difference between ABAC and and Role Based Access Control (RBAC) is the ability to use boolean logic in access control decision.
Role Based Access Control (RBAC)
each user is assigned a set of roles that he or she may perform. The roles that they are assigned to do are then turned into granted access permissions
Rule Based Access Control (also is RBAC)
a series of rules will be contained in the ACL and will be used to determine whether access should be granted or not.
Mandatory Access Control (MAC)
A means of restricting access to objects based on the sensitivity of information contained in the objects and the formal authorization of subjects to access information of such sensitivity.
(MULTILEVEL SECURITY)
Discretionary Access Control (DAC)
A means of restricting access to objects based on the identity of subjects and or groups to who they belong to. The controls are discretionary.
(USES ACLs)
Conditional Access
access control scheme in where specific conditions are examined before access is given. βis _____ then ______β
The list of conditions can be broad or narrow
Privileged Accounts
accounts with greater than normal user access.
Root/Domain access.
Think, Administrative authority
Requires real time monitoring
may need to perform tasks via. remote session
Public Key Infrastructure (PKI)
made up of hardware, applications, algorithms, users, and utilities that work together in order to allow secure and predictable communication
4 Main types of Certificates
- End Entity Certificates
- CA Certificates
- Cross-Certification Certificates
- Policy Certificates
End Entity Certificates
Issued by a CA to a specific subject
