Identity and Access Service 4.2 Flashcards

1
Q

Remote Authentication Dial-in User Service (RADIUS)

A

One of the more common AAA protocols. Supported on a wide variety of platforms and devices and OS’s. It’s not just for dial-in. Using RAIDUS, we are able to centralize the authentication for many different systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Terminal Access Controller Access-Control System (TACACS)

A

Similar to RADIUS. Another remote authentication protocol. CISCO created a proprietary version called XTACACS (Extended TACACS)to add additional support for accounting and auditing. Its used specifically for CISCO devices. The latest version of TACACS is TACACS+, also created by CISCO but now it’s an open standard version. It is not backward compatible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Lightweight Directory Access Protocol (LDAP)

A

A protocol for reading and writing large directories over an IP network. It’s like a phone directory. You can sort and organize services into a structured database. You will commonly hear it referred to an X.500 standard. This was the original directory service protocol. It was converted to LDAP for TCP/IP. You will see this on MAC and PC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

X.500

A

An LDAP database will store information in fields. Think of it as a table in MS Word. You can also build a hierarchical structure, tree like organizational system. The root is at the top and the tree expands downwards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Microsoft NTLM

A

Exclusive to Windows. This is an older Challenge/Response authentication method. It requires a domain name, username, password hash. This comes from the Windows NT OS, combined with the LAN manager OS (LANMAN). The most common NTLM authentication method you will see these days is NTLM v2. It uses a HASH challenge that uses MD4. It also has HMAC-MD5 hash. It’s somewhat insecure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Microsoft NTLM Vulnerabilites

A

Some Windows password databases still contain LM hash versions of the password. Typically its just compatibility for older systems. NTLM is vulnerable to a credentials forwarding attack (use credentials of one computer to gain access to another). User Kerberos instead.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Kerberos

A

This is the modern Windows authentication method. Authenticate once, trusted by the system. You do not need to re-authenticate to everything. Kerberos also includes mutual authentication between the client and the server so it’s protected against man-in-the-middle or replay attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SSO with Kerberos

A

Once you have authenticated via Kerberos, you are issued a certificate, and you use that certificate to authenticate to other resources. This only works with devices that support Kerberos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly