ID & Access Management Flashcards

1
Q

Define Identification

A

An assertion or claim to an identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Authentication

A

Offered proof of identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Authorization

A

Verified identity against access or permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define AAA

A

Authentication
Authorization
Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Authentication Factors

A
Something you know (Type 1)
Something you have (Type 2)
Something you are (Type 3)
Something you do
Somewhere you are
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define FAR

A

False Acceptance Rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define FRR

A

False Rejection Rate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define CER

A

Crossover Error Rate; balance between FRR and FAR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define MFA

A

Multi-Factor Authentication; must combine two separate factor categories

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Token Types

A

Physical
Software
Hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define HOTP

A

Single use password;

uses shared secret and a counter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define TOTP

A

Time based password utilizing synchronized clocks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Authentication Protocols

A
PAP (insecure)
CHAP
MS-CHAP (insecure)
MS-CHAP2
PPP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Authentication Protocol Process

A

Challenge
Response Hash
Compare Hash
Authorize

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Define SSO

A

Federated ID management for multiple system accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Trust Authentication Factors

A

One-way verses Two-way

Transitive verses Intransitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define Transitive Trust

A

If organization A trust organization B, then organization A trust any other organization which B trusts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define One-Way Authentication

A

Organization A can authenticate for organization B, but organization B cannot authenticate for organization A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define RADIUS

A

Remote Access Dialed in User Service:
UDP
Encrypts only the password
Combines authentication and authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define TACACS

A

Terminal Access Controller Access Control System;
TCP
Encrypt whole session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

KERBEROS Process

A
Client authentication request
KDC checks the client's credentials
KDC creates a ticket granting ticket (TGT)
Client uses TGT to request access
KDC creates a file server ticket
Client uses file ticket to authenticate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

KERBEROS Benefits

A

Ease and Quality
Scalability
Policy Enforcement and Audit-ability
*not peer-to-peer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

KERBEROS Port Number

A

88

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

LDAP Port Number

A

389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
SLDAP Port Number
636
26
NTLM Issues
Weak encryption | Pass the hash
27
Define NTLM
New Technology LAN Manager
28
Define SAML
Secure Assertion Markup Language; SSO web browsing service
29
SAML Actors
``` Principle ID Provider (IDP) Service Provider (SP) ```
30
Define OAuth
SSO Authorization service
31
Define OpenID
Authentication provider for OAuth
32
Asymmetric Authentication Process
Encrypt with private key, decrypt with public key
33
Authorization Key Principles
Least Privilege | Separation of Duties
34
Define Privilege Creep
User gaining excess privileges as a result of shifting roles within an organization
35
Define MBAC
Mandatory Based Access Controls; required controls by regulations
36
Define DBAC
Discretionary Based Access Controls; administrator assigned privileges
37
Define ACL
Access Control List; database of personal or group privileges
38
ACL Categories
Full Read Write Modify
39
Define RBAC
Role Based Access Control; user assigned permissions based on position
40
Define ABAC
Attribute Based Access Control; situation based privileges such as location or time
41
Account Types
``` User Privileged Guest Shared Service/systems Executive ```
42
Octal Value of No Permissions
0
43
Octal Value of Execute Permissions
1
44
Octal Value of Write Permissions
2
45
Octal Value of Read Permissions
4
46
Federated RADIUS Features
Common authentication and credentials Individual members retain administrative control Share same level of trust
47
Define DIAMETER
Upgrade to RADIUS, supports EAP AAA Protocol over LTE and IMS Networks Reliable messages over TCP or SCTP Secure messages using TLS or IPSec
48
Guest Account Settings
Prevent network usage Secure password enabled Prevent from system shutdown Prevent viewing log information
49
Active Directory SSO Concerns
8 character limit on legacy systems Easy to guess usernames Duplicate usernames
50
When are GPO Updated
User log in
51
Define Decentralized Privilege Management
User accounts are defined on individual systems (i.e. work group) rather then centralized access control servers
52
GPO Copy Transfers
Individual permissions do not transfer | Group permissions do transfer
53
Define Security Configuration and Analysis Snap-in
Apply or compare a template to existing security settings on a computer, used for auditing
54
Default Permissions Priority
Deny trumps allow permissions
55
Define Active Directory
A centralized database that contains user account and security information
56
Define an Active Directory Domain Controller
Server that holds a copy of the database
57
Define an Active Directory Organizational Unit
Folder that subdivides and organizes network resources within the domain
58
Define an Active Directory Domain
An admin defined collection of network resources sharing a common directory database and security policy
59
Define an Active Directory Object
A computing element which identifies resources in the database
60
Hierarchical Database Benefits
Organization Delegation Replication Scalability
61
usermod/userdel flags
- I: change user name - u: change UID number - L: lock user password - d: change account's home directory - r: remove user and delete home directory
62
Account Locked Indicator
! or !!
63
passwd -S gshant
Display status of user account
64
gpasswd X
Prompt new password for group X
65
chage command flags
- M: password expiration max - W: days before expiration warning - m: minimum age
66
/etc/security/limits.conf File Contents
Limit of concurrent logins for a specific user
67
TACACS+ Features
AAA Uses TCP Encrypts entire packet Supports more protocol suites then RADIUS
68
TACAS Port Number
49
69
Define Remote Access
Private and remote host connection to server or network resources
70
Difference between MS-CHAPv2 and CHAP
Mutual Authentication
71
SASL Authentication Mode Solutions
TLS Kerberos IPsec Certificates
72
Explain LANMAN
Divides password by units of seven and creates separate hashes for each portion (insecure)
73
Define Biometric Template Original
Components of the human body
74
Disadvantages of Biometrics
False negatives | No stronger then a strong password when used alone
75
Purpose of Granular Password Policies
Individualize password policy for different users or groups in ADSI
76
Granular Password Policy Steps
Create PSO with necessary settings, Edit the msDS-PSOAppliesTo property to ID the groups or users applicable, If policy was applied to a group, add users to the group
77
Smart Card Benefits
Own processor Store digital signatures, keys, and ID codes Generally tamper proof
78
Define an Object in the Context of Access Control
``` Data, Applications, Systems, Networks, Physical Space ```