Lesson 9 - Chapter 1: Authentication Flashcards
What is logical security? What does it apply?
applying software and technology-based measures to create a protected and secured environment for users, computers, and data
What does the AAA model represent?
Represents the various facets of network and data security
What are the 3 A’s of the AAA model?
- Authentication
- Authorization
- Accounting
What is authentication?
Verifying the identity of a user/system attempting to connect to (computing) resources
What is Authorization?
Granting the appropriate permissions to the user or system
What is Accounting?
Keeping records of all activities that can affect security (like authentication and authorization)
What is it called when only one authentication factor is used? What does it contain?
Single-factor authentication (SFA)
typically only a user name and password
What are the 4 key factors that can be used in a multifactor authentication scheme?
- Something you have (physical)
- Something you know (code, PIN)
- Something you are (Biometrics, voice)
- Somewhere you are (GPS)
Multi-Factor Authentications are usually just how many factor authentications schemes?
MFAs are usually just 2FAs such as a bank card (something you have) and a PIN (something you know)
What is CompTIA’s take on best password practices (Lesson 8 Password Management)? [3]
- Always change default user names and passwords
- Require your users to use strong passwords that expire
- Password protect the BIOS/UEFI and screensaver
What is a smart card? What does it look like?
it’s the size of a credit card that contains circuitry to identify the card’s bearer/identity
Security tokens are commonly in what form?
key fob
(same function as a smart card)
What is a key fob used for? What does it store?
a security token that stores digital certificates, passwords, biometric data, and more
(some generate passwords)
What is a hard token?
a small physical device that can be used to provide a second factor (in MFA)
What is a hard token also called?
RSA token or authentication token
What are the 3 basic types of hard tokens?
- Connected
- Disconnected
- Contactless
How are Connected hard tokens used?
they’re inserted into a token reader that automatically transfers security/authentication information to a system
What are Connected hard tokens commonly implemented as?
key fobs and USB tokens
What are Disconnected hard tokens?
not physical; generates a one-time access code that is passed as a signal to a receiver
What forms can Disconnected hard tokens take?
a physical device that generates the code or a smartphone app
What is a Contactless hard token?
a proximity device that uses Bluetooth or a RF signal to pass authentication codes to the security system
What is a token?
a device used by a user to verify their identity for the purpose of gaining access to resources
What are soft tokens?
perform the same function as a token (handheld device) but through programs and apps instead
What’s a common example of a soft token?
a code that is sent via SMS text message or email (OTP) that’s valid for a few minutes
What are Authenticator Apps?
applies 2FA to the accounts you wish to protect beyond simple login
How do authenticator applications work?
the user must enter a generated key value into the authenticator app to gain access to the account
Where are you most likely to see smart cards in public?
mass transit systems to authenticate users
(uncommon in computers)
What are security tokens?
devices that store unique information that the user carries with them (digital certificates, passwords, biometric ata)
Security tokens may also store an RSA token. What are RSA tokens?
random number generators that are used with user names and passwords for extra security
do you have to insert key fobs/smart cards into all computers or card readers?
No, some are made to use RFID to transmit the authentication info so no insertion is necessary
(Pivaris combines bio fingerprint with RFID tag, easy as opening a garage)
