EXAM 3 FLASH Flashcards
Trusted Platform Model (TPM)
hardware solution on motherboard that assists with key generation and storage & random number generation. Keys are stored on a separate part of motherboard to ensure physical security protection
Hardware Security Model (HSM)
device used to manage and/or store encryption keys. Can help with cryptographic features like encrypting, hashing, and using digital signatures.
Are usually connected using USB that provide tamper protection mechanisms from other users looking to find the usb via network
Knowledge Based Authentication
method where the user is identified using using common set knowledge.
EX: When verifying bank info, the website has you to verify your address out of a lineup of similar addresses, knowledge that was set in place for you to verify later at the time of setup.
Extensible Authentication Protocol (EAP)
designed to support multiple authentication mechanisms using PPP (Point to Point Protocol). Connecting authentication certificates, tokens, one time passwords, smart cards, etc.
Challenge-Handshake Authentication Protocol (CHAP)
Provides Authentication through the usage of challenge and response protocol systems (called a 3 way handshake)
The client sends a message to the server, the server must send the correct message back for the authentication to be granted or denied (the last part of the handshake)
Password Authentication Protocol (PAP)
Involves a two way handshake in where the password and username are sent across the link in clear text. Does not provide any protection from line sniffing and playback.
802.1X
Authentication standard that supports port related authentication services between a user and an authorization device like an edge router. Commonly used on wireless access points.
Remote Authentication Dial-In User Service (RADIUS)
(AAA Protocol and UDP transport) Provides client systems with authentication and access control within an enterprise network.
IS USUALLY A NETWORK ACCESS SERVER (NAS)
Security Assertion Markup Language (SAML)
A single sign on capability used for web applications to ensure user identities can be shared and are protected.
Defines standard for exchanging authorization and authentication data between security domains.
XML based protocol
Terminal Access Controller Access Control System Plus (TACACS+)
Protocol that takes a client/server model approach and handles authentication, authorization, and accounting (AAA) services. Similar to RADIUS in the AAA protocol system but this uses TCP transport method. (RADIUS uses UDP)
Open Authorization (OAUTH)
is an open protocol that allows secure token based authorization from the web, mobile, and desktop applications using a simple and standard method. Designed to remove the need for users to share their passwords with third party applications. Instead, using a substituting token.
OpenID
a simple identity layer on top of the OpenAuthorization protocol. Created to allow third party applications to authenticate your users for you by using the accounts that users already own.
Kerberos
Third party authentication service that uses a series of tickets as tokens for authenticating users. The steps are protected using strong cryptography.
Communicates via. tickets
Access Control Schemes
Refers to all security features used to prevent unauthorized access to a computer system or network
Attribute Based Access Control (ABAC)
Evaluates specific rules and policies against attributes associated with a subject or object.
Major difference between ABAC and and Role Based Access Control (RBAC) is the ability to use boolean logic in access control decision.
